Privacy Policy

Plain-English working draft published 2026-05-31. CoordOS is finalizing legal review; pre-launch terms — material changes may be made with notice. For questions: hello@coordos.ai.

Introduction
Who We Are and How to Contact Us
What Information We Collect
How We Use Information
Legal Bases (GDPR)
Sharing with Subprocessors
Data Retention
Data Security
International Transfers
Your Rights
Children
Cookies and Local Storage
Changes to this Policy
Contact and Complaints

1. Introduction

1.1. This Privacy Policy describes how CoordOS Inc. ("CoordOS", "we", "us", "our") collects, uses, shares, and protects personal information when you use the CoordOS service, including the marketing site at coordos.ai, the customer portal at app.coordos.ai, the office-team coordinators, the integrations, and any related software (collectively, the "Service").

1.2. This Policy is effective as of 2026-05-31 and supplements our Terms of Service.

1.3. We have written this Policy in plain English. Where we use legal terms (such as "controller" or "processor"), we use them in the sense given by the applicable privacy law, including Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"), the EU and UK General Data Protection Regulation ("GDPR"), and the California Consumer Privacy Act as amended by the CPRA ("CCPA").

2. Who We Are and How to Contact Us

2.1. CoordOS Inc. is the operator of the Service. For privacy questions or to exercise any of the rights described below, contact us at hello@coordos.ai.

2.2. Controller and processor roles. For information we collect directly from you to operate the Service (such as your account email, your tenant settings, billing identifiers, and our own product analytics), CoordOS is the data controller. For information you, your Authorized Users, your Site Supers, or your Clients upload to or generate within the Service (such as project files, photos, daily logs, invoices, conversation content, and the contents of your connected Google Drive, QuickBooks Online, or mailbox), CoordOS acts as a data processor on behalf of your business (the Customer), and the Customer is the controller.

2.3. {{LEGAL_ENTITY_NAME}} and {{LEGAL_ENTITY_ADDRESS}} — if the contracting entity should not be "CoordOS Inc." as named here, these placeholders will be replaced in the final published version.

3. What Information We Collect

3.1. Account and authentication data. When you sign up, log in, or are added to a tenant, we collect identifiers such as your name, email address, role, Firebase Authentication user ID, and any sign-in method you use (such as Google or password sign-in). We do not store passwords directly; authentication is handled by our identity provider (Firebase Authentication).

3.2. Tenant and user profile data. Tenant fields (company name, address, business type, locale, configured rules), and user profile fields (display name, role, time zone, phone number for notifications, profile photo URL where supplied).

3.3. Tenant content (Customer Data). Project metadata, tasks, schedules, budget structures, cost-code configuration, audit events, and similar records stored in the portion of our database scoped to your Tenant (currently Google Cloud Firestore, in us-central1).

3.4. Integration access tokens. OAuth refresh and access tokens, scope grants, and integration metadata for the Third-Party Services you connect (such as Google Workspace, QuickBooks Online, Microsoft 365, Stripe, and SendGrid). Long-lived secrets such as OAuth refresh tokens are encrypted at rest using a managed key in Google Cloud KMS, and access is brokered through our token-broker service so the underlying secret material is not exposed to application servers in plaintext.

3.5. Construction documents in your own Drive. Drawings, photos, receipts, daily-log attachments, contracts, change orders, and similar files remain stored in your own Google Drive (per the architecture described in our public materials). We read and, with your authorization, write to those files via Google's APIs to provide the Service. We do not maintain a separate long-term copy of those files on our infrastructure. Short-lived caches and previews may exist for performance and reliability and are not the system of record.

3.6. QBO and mailbox traffic logs. Metadata about the read and write calls we make to your QuickBooks Online file (such as which endpoint, which entity, when, success or failure, and a summary of the change), and to your mailbox (such as message ID, recipient, subject, send status). These logs are used for support, audit, debugging, and abuse prevention.

3.7. Audit events. Records of who performed which action in the Service (such as approving an Agent action, changing a setting, adding a user), with timestamps.

3.8. AI conversation logs. The prompts and responses exchanged with the Agent Desks on your Tenant's behalf, including the inputs we send to AI providers, the outputs they return, and the proposed actions the Agent Desks generated. These are used to operate the Service, to let you and we review what the Agents did, and to improve the Service.

3.9. Billing data. Billing is handled by our payment processor (currently Stripe). We store the Stripe customer ID and Stripe subscription ID associated with your Tenant, the plan and add-ons selected, billing status, and invoice references. We do not store full card numbers; that data lives with Stripe.

3.10. Marketing site data. When you visit coordos.ai we collect basic logs (IP address, user agent, referrer, request path) for security and abuse prevention, and product-analytics events through Google Analytics 4 (see Section 12). If you submit the intake form or sign up for early access, we collect the information you submit (name, email, company, what you build, what work you want the crew to take over).

3.11. Support data. If you email us or otherwise contact support, we keep the contents of those communications and any information you provide so we can respond and improve.

4. How We Use Information

4.1. We use the information described in Section 3 to:

provide, operate, secure, and maintain the Service, including running the Agent Desks and the integrations you have authorized;
authenticate users and enforce role-based access within your Tenant;
generate Agent output and propose actions for your approval (as described in Section 7 of our Terms of Service);
read from and, with your authorization and approval, write to your connected Third-Party Services;
process billing and subscription management;
respond to your support and account requests;
monitor for fraud, abuse, security incidents, and violations of our Acceptable Use rules;
maintain audit trails for security, support, and regulatory purposes;
improve the Service, including by analyzing aggregated and de-identified usage data to identify bugs, latency issues, and opportunities to make the Agent Desks more useful (we do not use Customer Data to train foundation models for third parties);
send service-related communications (such as notices about your account, billing, security incidents, or material changes to these policies);
with your separate consent or based on a legitimate-interest balancing where permitted, send product-update emails and limited marketing emails, with opt-out in every such message;
comply with applicable law and respond to lawful requests.

5. Legal Bases (GDPR)

5.1. If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal data are:

Performance of a contract (Article 6(1)(b) GDPR) — to provide the Service to you under our Terms of Service.
Legitimate interests (Article 6(1)(f)) — to operate, secure, and improve the Service; to monitor for abuse; to communicate with you about your account; and to defend our legal rights. We balance these interests against your rights and freedoms.
Consent (Article 6(1)(a)) — for non-essential marketing emails, optional analytics, and any other processing for which we ask for consent.
Legal obligation (Article 6(1)(c)) — to comply with applicable laws, including tax and accounting recordkeeping requirements.

6. Sharing with Subprocessors

6.1. We share personal information with a limited number of vendors who help us run the Service ("Subprocessors"). A current list of Subprocessors, the purpose of each, the categories of data accessed, and the location of processing is published at coordos.ai/subprocessors and includes, at a minimum:

Google Cloud Platform (hosting, Firestore database, Cloud KMS, Cloud Run, Cloud Storage, Google Workspace and Drive APIs for customer-authorized integrations);
Anthropic (AI model inference used by the Agent Desks);
Stripe (subscription billing);
SendGrid (transactional email delivery);
Microsoft (optional, for Outlook and Microsoft 365 integration when authorized);
Intuit (QuickBooks Online integration when authorized);
Vercel (marketing-site hosting at coordos.ai).

6.2. We do not sell personal information, and we do not share personal information for cross-context behavioural advertising. We do not "share" personal information as that term is defined under the CCPA.

6.3. We may disclose information if required by law, valid legal process, or to protect the rights, property, or safety of CoordOS, our customers, or others. Where legally permitted, we will give the affected Customer prior notice and reasonable cooperation in any effort to limit or contest the disclosure.

6.4. In the event of a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets, personal information may be transferred to the acquiring party, subject to the same protections described in this Policy or to terms you accept at the time.

7. Data Retention

7.1. Tenant data while active. We retain Customer Data for as long as your subscription is active and the data remains in your Tenant.

7.2. Grace and archive. After cancellation or termination, your Tenant is downgraded to read-only for a grace period of thirty (30) days, after which Customer Data is moved to an archive for an additional ninety (90) days and then deleted in the ordinary course, unless we are required by law to keep it longer or unless you and we agree on a different retention period in writing. Customer Data held in your own Google Drive, your own QuickBooks Online file, or your own mailbox remains in your accounts and is not deleted by us on cancellation.

7.3. Audit logs. We keep audit-event records for one (1) year by default, and longer where required for ongoing investigations or by law.

7.4. Billing records. We retain billing records for seven (7) years to satisfy Canadian tax-recordkeeping obligations (Canada Revenue Agency) and equivalent obligations in other jurisdictions.

7.5. Analytics events. Product- and site-analytics events are retained for up to twenty-six (26) months and then deleted or aggregated.

7.6. Backups. Backups follow their own rolling retention windows and are overwritten in the ordinary course. Deleted data may persist in encrypted backups for a limited period before being overwritten.

8. Data Security

8.1. We take security seriously and use a layered set of controls to protect personal information, including:

Encryption in transit. All traffic between you and the Service, between the Service and its Subprocessors, and between internal services is encrypted using TLS 1.2 or higher.
Encryption at rest. Data is encrypted at rest using the encryption provided by Google Cloud Platform. Long-lived secrets such as OAuth refresh tokens are additionally encrypted using a managed key in Google Cloud KMS and accessed only through our token-broker service.
Access control. Role-based access controls on production systems, least-privilege principles for our engineers, and per-tenant data scoping at the application layer.
Audit logging. Administrative and Agent-driven actions are logged with timestamps, actor identifiers, and outcomes.
Vulnerability management. Dependency updates, periodic review of third-party security advisories, and prompt patching of issues that materially affect the Service.
Network and infrastructure. The Service runs on Google Cloud Run with infrastructure managed under GCP's certifications (SOC 2, ISO 27001, and others Google maintains).

8.2. No system is perfectly secure. If we become aware of a security incident that affects your personal data, we will notify you in accordance with applicable law and our agreement with you.

9. International Transfers

9.1. The Service's primary infrastructure is hosted in Google Cloud's us-central1 region in the United States. Some Subprocessors may process data in other regions; see the Subprocessors page for details.

9.2. If you are located in the EEA, the UK, or Switzerland, your personal information will be transferred to and processed in countries (including the United States and Canada) that may not provide the same level of data-protection rights as your home country. Where required, we rely on Standard Contractual Clauses (or equivalent transfer mechanisms) with our Subprocessors. CoordOS is willing to enter into Standard Contractual Clauses with Customers on request; please contact hello@coordos.ai.

10. Your Rights

10.1. Depending on where you live, you may have the following rights under applicable privacy laws (such as PIPEDA, the GDPR, the UK GDPR, and the CCPA):

the right to access the personal information we hold about you;
the right to correct inaccurate or incomplete personal information;
the right to delete personal information ("right to be forgotten" under GDPR);
the right to data portability, where applicable;
the right to restrict or object to certain processing, including direct marketing;
the right to withdraw consent, where processing is based on consent;
the right to not be subject to solely automated decision-making that has legal or similarly significant effects on you (our Agent Desks always operate under human review and Owner approval, as described in our Terms);
under the CCPA, the right to know what personal information we have collected, the right to deletion, the right to correct, the right to limit the use of sensitive personal information, and the right not to be discriminated against for exercising your rights.

10.2. How to exercise these rights. Send a request to hello@coordos.ai from the email address associated with your account or, if you are an end-user of one of our Customers, contact that Customer (the controller of your data). We will acknowledge your request promptly and respond substantively within thirty (30) days, or within the period required by applicable law, except where the law permits a longer period.

10.3. Authorized agents. Where permitted by law, you may use an authorized agent to submit a request; we may require reasonable verification of identity and of the agent's authority.

10.4. If you are an end-user of a Customer. For data you provided to a CoordOS Customer (such as a homeowner whose general contractor uses CoordOS), the Customer is the controller of your data. Please direct access, correction, or deletion requests to that Customer. We will support them in responding to you.

11. Children

11.1. The Service is intended for use by businesses and is not directed to anyone under the age of sixteen (16). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

12. Cookies and Local Storage

12.1. The Service uses cookies and similar technologies (such as localStorage and sessionStorage) for the following purposes:

Authentication. Maintaining your sign-in session in the portal.
Tenant selection and preferences. Remembering which Tenant you are working in and your UI preferences.
Security. Detecting and mitigating abuse and CSRF attacks.
Analytics. Measuring how visitors use the marketing site (coordos.ai) and the portal (app.coordos.ai), so we can improve them. We currently use Google Analytics 4 on the marketing site. GA4 is configured with IP-truncation where available.

12.2. We do not use third-party advertising cookies and we do not track you across other companies' websites for advertising purposes.

12.3. You can control cookies through your browser settings and you can signal a "Do Not Track" preference. Note that a cookie-consent banner, which would let you opt into or out of analytics at first visit, is on our roadmap and is being tracked as a separate work item. Flag: cookie banner is a follow-up item, not yet shipped.

13. Changes to this Policy

13.1. We may update this Policy from time to time. For material changes that affect how we use personal information, we will give at least thirty (30) days' prior notice by email to the Owner and by a banner in the Customer Portal before the change takes effect.

13.2. The "Effective" date at the top of this Policy reflects the latest version. Earlier versions are available on request.

14. Contact and Complaints

14.1. Contact. For privacy questions, requests, or complaints, email hello@coordos.ai.

14.2. Supervisory authorities. If you are in the EEA, the UK, or Switzerland and you believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data-protection supervisory authority. {{EU_REP_NAME_AND_ADDRESS}} — if and when CoordOS appoints an EU representative under Article 27 GDPR, the appointment details will be inserted here. If you are in Canada, you may contact the Office of the Privacy Commissioner of Canada.