Ordan Privacy Policy

1. Introduction

This Privacy Policy explains how MIKISM PTY LTD (ABN: 76 694 210 181) ("MIKISM," "we," "us," or "our") collects, uses, stores, and protects your information when you use the Ordan mobile application ("Ordan," "the App"). By using Ordan, you agree to the collection and use of information as described in this policy.

Ordan is a scheduling and business management app designed for sole traders and small businesses. It helps you manage customers, services, jobs, routes, invoices, and meal breaks.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name
• Email address
• Password (stored as a secure hash; we never store your plain text password)

2.2 Business Information

To use the App's features, you may provide:

• Business name, address, phone number, and email
• Business registration number
• Tax rate and invoicing preferences
• Invoice prefix, numbering, payment terms, and notes

2.3 Customer Information

You may store information about your customers, including:

• Customer name, phone number, email, and address
• Location coordinates (latitude and longitude) for route optimisation
• Notes related to the customer

2.4 Service and Job Information

The App stores data about your services and jobs, including:

• Service name, description, duration, and price
• Job date, start time, end time, and status
• Address and notes for each scheduled appointment
• Completion time and any recorded overrun

2.5 Route and Travel Information

If you use the route optimisation feature, the App collects:

• Start address (home or custom location)
• Route segments, distances, durations, and polyline data
• Total distance, travel time, and revenue for completed routes

2.6 Meal Break Information

If you use the meal break feature, the App collects:

• Meal break date, time, and type (lunch or dinner)
• Your location at the time of the break (to suggest nearby restaurants)
• Nearby restaurant suggestions from Google Places API

2.7 Device Contacts

With your explicit permission, the App can access your device's contact list to import contacts as customers. We access the following contact fields:

• Name, phone number, email address, and postal address

Contacts are only imported when you choose to do so. We do not automatically read, upload, or sync your entire contact list.

2.8 Calendar Data

With your explicit permission, the App can access your device's calendar to sync your scheduled appointments. The App creates a dedicated "Ordan" calendar on your device and writes job information (date, time, service name, customer name, address) to it. The App does not read events from your other calendars.

2.9 Location Data

With your explicit permission, the App accesses your device's location to:

• Provide address suggestions when adding customers and jobs
• Optimise routes between appointments
• Find nearby restaurants during meal breaks

Location data is only collected when you actively use features that require it. The App does not track your location in the background.

2.10 Notification Data

With your permission, the App schedules local push notifications on your device for:

• Daily job summaries (evening before)
• Upcoming appointment reminders
• Completion reminders near the end of appointments
• Meal break reminders

All notifications are scheduled and triggered locally on your device. No notification data is sent to our servers or any third party.

2.11 Subscription and Purchase Data

If you subscribe to Ordan Pro, your purchase is processed by Apple (App Store) or Google (Google Play). We do not directly collect or store your payment card details. We receive:

• Subscription status (active or expired)
• Subscription expiration date
• A store user identifier from Apple or Google to link your subscription to your account

3. How We Store Your Data

3.1 Local Storage (On Your Device)

All data stored on your device is encrypted using AES-256 encryption. Encryption keys are stored in your device's secure hardware-backed storage (Keychain on iOS, Keystore on Android). This means your data is protected even if your device is lost or stolen.

Data stored locally includes your customers, services, jobs, meal breaks, route history, and app settings.

3.2 Cloud Storage (Optional)

If you subscribe to Ordan Pro and enable cloud sync, your data is synced to our cloud servers hosted on Supabase. Cloud sync is entirely optional and must be explicitly enabled by you. Cloud-synced data includes customers, services, jobs, meal breaks, route history, and settings.

Our cloud database enforces row-level security, meaning you can only access your own data. No other user or administrator can view your information.

3.3 Data Retention

Your data is stored for as long as your account is active. If you delete your account, all associated data is permanently removed from our cloud servers. Data stored locally on your device remains until you uninstall the App or clear its data.

4. How We Use Your Information

We use your information solely to provide and improve the App's functionality:

• Managing your customers, services, and jobs
• Generating invoices and business reports
• Optimising routes between appointments
• Sending you local reminders and notifications
• Syncing your data across devices (if cloud sync is enabled)
• Providing analytics about your work (revenue, completion rates, top customers)
• Finding nearby restaurants during meal breaks
• Managing your subscription

We do not use your data for advertising, profiling, or marketing purposes. We do not sell your data to third parties.

5. Third-Party Services

The App uses the following third-party services:

5.1 Supabase (Cloud Infrastructure)

If you enable cloud sync, your data is stored on Supabase servers. Supabase provides authentication and database services. For more information, see the Supabase Privacy Policy.

5.2 Google Places API

The App uses Google Places API to provide address autocomplete when entering addresses and to find nearby restaurants during meal breaks. When you use these features, your location coordinates and search queries are sent to Google. For more information, see the Google Privacy Policy.

5.3 Google Maps / Directions API

The App uses Google Maps and Directions APIs to calculate routes, distances, and travel times between your appointments. Addresses and coordinates are sent to Google for this purpose.

5.4 RevenueCat (Subscription Management)

The App uses RevenueCat to manage in-app subscriptions. RevenueCat processes subscription status and purchase validation with Apple and Google on our behalf. For more information, see the RevenueCat Privacy Policy.

5.5 Apple App Store and Google Play Store

Subscription payments are processed by Apple or Google depending on your device. We do not have access to your payment card information. These transactions are governed by the respective store's terms and privacy policies.

6. Data Exports

You can export your data at any time in the following formats:

• CSV files for customers, services, jobs, and analytics reports
• PDF invoices for individual appointments

Exports are generated locally on your device and shared via your device's share sheet. Exported files are not sent to our servers.

7. Analytics and Tracking

The App does not use any third-party analytics services (such as Google Analytics, Firebase Analytics, or similar). All analytics displayed in the App (revenue, job counts, completion rates) are calculated locally on your device from your own data. We do not track your usage behaviour or collect telemetry data.

8. Data Security

We take the security of your data seriously and implement the following measures:

• Local encryption: All data on your device is encrypted with AES-256 using random initialisation vectors
• Secure key storage: Encryption keys are stored in hardware-backed secure storage (iOS Keychain, Android Keystore)
• Secure authentication: Passwords are hashed and never stored in plain text
• Row-level security: Cloud data is protected by database policies that restrict access to the data owner only
• Rate limiting: Authentication attempts are rate-limited to prevent brute force attacks
• Secure transport: All network communication uses HTTPS/TLS encryption
• Export safety: Exported data is sanitised to prevent injection attacks

9. Your Rights

You have the following rights regarding your personal information:

• Access: You can view all your data within the App at any time
• Export: You can export your data in CSV and PDF formats
• Correction: You can edit any of your information within the App
• Deletion: You can delete individual records or your entire account
• Withdraw consent: You can revoke permissions (contacts, calendar, location, notifications) at any time through your device settings
• Disable cloud sync: You can turn off cloud sync at any time in the App's settings; your data will remain only on your device

To exercise any rights not available through the App, or if you have questions about your data, contact us at contact@mikism.com.

10. Children's Privacy

Ordan is not intended for use by individuals under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

11. International Data Transfers

If you enable cloud sync, your data may be transferred to and stored on servers located outside your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us