Legal
Privacy Policy
Last updated: June 7, 2026
1. Information we collect
We collect information you provide when you create an account (name, email, organization), and the regulatory records you and your teammates create inside the platform. We collect technical telemetry (IP address, browser, timestamps) to populate the audit trail required by 21 CFR Part 11 and equivalent regulations.
2. How we use your information
We use your information to provide the BioTrace Compliance service, maintain the audit trail, send transactional emails (verification, password reset, notifications), bill your subscription, and respond to support requests. We do not sell your data.
3. Data security
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is logically isolated per tenant. We are SOC 2 Type II audited. Enterprise customers may opt into dedicated infrastructure, EU data residency, and a HIPAA Business Associate Agreement.
4. Data retention
Audit-trail records are retained for the longer of (a) 7 years from creation or (b) the duration of your subscription plus 1 year. This reflects standard regulatory record-retention requirements. Account data is deleted within 30 days of subscription termination unless retention is required for compliance.
5. Your rights
You may request access to, correction of, or deletion of your personal data, subject to regulatory record-retention obligations that apply to your industry. Contact support@ordex-systems.com.
6. Cookies
We use essential cookies for authentication and session management. We do not use advertising cookies.
7. Contact
Questions about this policy: support@ordex-systems.com.