Legal

Privacy Policy

Effective Date: June 3, 2026Last Updated: June 3, 2026

Ordernize Inc., a Florida C corporation (“Ordernize,” “we,” “us,” or “our”), respects your privacy and is committed to protecting it through this Privacy Policy (this “Policy”). This Policy describes how we collect, use, disclose, retain, and protect personal information in connection with the Ordernize platform, an AI-powered document intelligence platform accessible at ordernize.com and app.ordernize.com (collectively, the “Platform”) and the related services we provide (the “Services”).

This Policy should be read together with our Terms of Use (the “Terms”) and any separately executed agreement between Ordernize and you (a “Separate Agreement”). Capitalized terms not defined in this Policy have the meanings given to them in the Terms.

By accessing or using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, you must not access or use the Platform.

1. SCOPE AND OUR ROLE

1.1 Two Categories of Information

The Platform handles two distinct categories of information:

(a) Account Information — information about you and your firm or organization, such as your name, professional credentials, employer, business contact information, account credentials, billing information, and information about your use of the Platform. We act as the data controller with respect to Account Information, and our processing of Account Information is governed by this Policy.

(b) Case Data — the documents, files, and information you (or your Authorized Users) upload to or generate on the Platform in connection with a professional engagement, including (without limitation) bank statements, tax returns, court filings, brokerage records, real estate records, and other engagement materials. Case Data may include personal information about your clients, opposing parties, and other third parties. With respect to Case Data, you (or your firm or organization) are the data controller, and Ordernize acts as a data processor acting on your documented instructions.

1.2 Your Responsibility for Case Data

Because Ordernize processes Case Data on your behalf and under your direction, you are responsible for: (a) providing all required notices and obtaining all consents necessary for Case Data to be uploaded to and processed through the Platform under applicable law; (b) responding to data subject rights requests made by individuals whose personal information appears in your Case Data; and (c) ensuring that your use of the Platform complies with all applicable laws, regulations, and professional ethical obligations. Ordernize will provide reasonable assistance to you in fulfilling these obligations as set forth in this Policy and any Separate Agreement.

1.3 Application

This Policy applies to (a) Users and Authorized Users of the Platform, (b) visitors to ordernize.com, and (c) prospective users who interact with our marketing materials, sales communications, or waitlist. This Policy does not apply to third-party websites, products, or services, even if they are linked to or accessible from the Platform.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

We collect information that you provide directly to us, including:

  • Account registration information: name, email address, password (stored only in hashed form by our authentication provider), professional title, licensing or credentialing information, employer or firm name, and business contact details.
  • Profile and preference information: user role, firm or administrator settings, language and notification preferences, and any other information you choose to add to your profile.
  • Billing information: billing contact details, billing address, and payment-method tokens. Full payment card numbers are processed and stored by our payment processor (see Section 4.1) and are not retained by Ordernize.
  • Communications: information you provide when you contact us for support, sales inquiries, or other purposes, including the content of your messages.
  • Case Data: the documents, files, and information you upload to or generate on the Platform. Ordernize processes Case Data as a service provider on your behalf, and our handling of Case Data is described in Section 5.

2.2 Information We Collect Automatically

When you use the Platform, we automatically collect certain technical and usage information, including:

  • Device and connection information: IP address, browser type and version, operating system, device identifiers, and time-zone setting.
  • Usage information: pages visited, features used, time spent in the Platform, click-through and navigation paths, error reports, and similar usage telemetry.
  • Cookies and similar technologies: we use only essential, functional cookies and similar technologies necessary to authenticate Users, maintain user sessions, remember preferences, and protect the security of the Platform. We do not use third-party advertising cookies, cross-site tracking pixels, or sell or share information collected through cookies for cross-context behavioral advertising.

2.3 Information We Collect from Third Parties

We may receive information about you from third parties that you authorize to share information with us, including:

  • Authentication providers: if you log in using single sign-on (SSO) or an OAuth-based identity provider, we receive basic profile information (such as name and email address) from that provider as authorized by you.
  • Service providers: we may receive information from our subprocessors and service providers (described in Section 4) that supports the operation, security, or analytics of the Platform.
  • Public sources and referrals: we may receive information from publicly available sources or from individuals who refer you to Ordernize, in connection with sales, marketing, and partnership activities.

3. HOW WE USE INFORMATION

We use the information we collect for the following purposes:

  • Provide and operate the Services: create and maintain your account; authenticate Users; provide, support, and improve the Platform; process transactions; deliver AI-generated draft outputs; and provide technical and customer support.
  • Bill and collect payments: invoice you, collect payments at the then-current Published Rates, manage subscriptions, and address billing disputes.
  • Secure the Platform: monitor for fraudulent, abusive, or unauthorized activity; investigate and prevent security incidents; enforce our Terms; and comply with legal obligations.
  • Improve the Platform: analyze usage patterns and Platform performance, develop new features, and improve existing ones, in each case using only aggregated, anonymized, or de-identified data as described in Section 5.3.
  • Communicate with you: send transactional messages (security alerts, billing notices, service announcements, and other administrative communications), respond to inquiries, and provide customer support. With your consent (where required) or where otherwise permitted by applicable law, we may also send marketing communications about our products, features, events, or industry content. You can opt out of marketing communications at any time as described in Section 9.
  • Comply with law: comply with applicable legal, regulatory, and professional obligations; respond to lawful requests from public authorities; and establish, exercise, or defend legal claims.

4. HOW WE SHARE INFORMATION

4.1 Subprocessors and Service Providers

We engage certain third-party subprocessors and service providers to assist us in providing the Platform. We require each subprocessor to be bound by written agreements that include confidentiality and data protection commitments no less protective than those in this Policy. Our current categories of subprocessors include:

  • Cloud infrastructure: Google Cloud Platform and Posthog Platform (or comparable enterprise-grade cloud infrastructure providers) for hosting, storage, and computing services.
  • AI processing: Anthropic, PBC (provider of the Claude API) for large-language-model inference, subject to a zero-data-retention configuration as described in Section 5.
  • Payment processing: Stripe, Inc. (or a comparable PCI-DSS-compliant payment processor) for payment-card processing and billing operations.

We may update our subprocessors from time to time. A current list of subprocessors is available upon written request to privacy@ordernize.com. Where required by applicable law or a Separate Agreement, we will provide advance notice of new subprocessors.

4.2 Within Your Firm or Organization

Information you submit to the Platform may be visible to other Authorized Users associated with your firm or organization based on the access controls and roles configured by your firm administrator. We are not responsible for the privacy practices of your firm or organization, which are governed by your firm's policies and applicable law.

We may disclose information when required by applicable law, regulation, court order, subpoena, or other valid legal process, or when we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of Ordernize, our Users, or the public; (c) prevent or investigate possible wrongdoing in connection with the Platform; or (d) protect the personal safety of any person. Where legally permitted, we will use reasonable efforts to notify the affected User in advance of any such disclosure to allow the User an opportunity to seek a protective order or other appropriate remedy.

4.4 Business Transfers

In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or substantially all of our assets, information may be transferred or disclosed to a successor or affiliated entity as part of the transaction, subject to standard confidentiality protections and to this Policy (or a successor policy that provides materially equivalent protections).

We may share information for any other purpose disclosed to you and with your consent.

4.6 No Sale or Targeted-Advertising Sharing

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising. We do not authorize our subprocessors to use Account Information or Case Data for targeted advertising or to train their own AI or machine learning models on your information except as expressly permitted in this Policy.

5. AI PROCESSING AND CASE DATA PROTECTIONS

5.1 Closed AI System

The Platform uses a Closed AI System: Case Data is logically segregated within the Platform on a User-by-User and engagement-by-engagement basis, and Ordernize does not commingle one User’s Case Data with another’s. AI processing performed on Case Data is conducted in real time to generate outputs for the User who uploaded the data, after which the data is not retained by our AI subprocessors.

5.2 No AI Model Training on Identifiable Data

Ordernize does not use Case Data, in identifiable form, to train, fine-tune, adapt, or otherwise improve any AI or machine learning model, whether our own or any third party’s. We have contractually required our AI subprocessors (including Anthropic, where applicable) to maintain zero-data-retention configurations such that Case Data submitted for inference is not retained, stored, or used for model training.

5.3 Aggregated and De-Identified Data

Notwithstanding the foregoing, Ordernize may collect and use aggregated, anonymized, and de-identified data derived from your use of the Platform (“Usage Data”) to improve the Platform, develop new features, generate analytics, and for other lawful business purposes, provided that such Usage Data does not identify you, any Authorized User, or any individual or entity whose information is contained in Case Data. Any such improvements are made on a document-type and aggregated basis only, without reference to or use of any individual’s personally identifiable information (PII).

5.4 Confidentiality and Privilege

Ordernize processes Case Data solely as a service provider acting on your behalf and under your direction, and not for our own purposes. Our handling of Case Data is designed to support, not waive or diminish, applicable legal and professional privileges and protections, including (without limitation) the attorney-client privilege, the work product doctrine, the accountant-client privilege (in jurisdictions that recognize it), the federally authorized tax practitioner privilege under 26 U.S.C. § 7525, fiduciary duties of confidentiality, and other applicable professional confidentiality protections. You should independently confirm the privilege analysis applicable to your professional discipline and jurisdiction.

6. DATA RETENTION

6.1 Account Information

We retain Account Information for as long as your account is active and as needed to provide the Services to you. Following termination of your account, we will retain Account Information only as necessary to comply with our legal, regulatory, tax, accounting, or audit obligations; resolve disputes; enforce our Terms; or complete the wind-down of any active engagements.

6.2 Case Data

You may export and delete your Case Data at any time using the data export and deletion functionality available within the Platform. Upon submission of a deletion request through the Platform, we will automatically delete (or initiate the deletion of) the applicable Case Data from our production systems, subject to (a) reasonable propagation time across backup, cache, and disaster-recovery systems, and (b) any legal, regulatory, or professional obligation to retain certain records. Upon termination or expiration of your account, you may request export of your Case Data within thirty (30) days of termination as set forth in the Terms; thereafter, we may delete remaining Case Data in our possession, subject to applicable retention obligations.

6.3 Usage Data

Aggregated, anonymized, and de-identified Usage Data is not subject to deletion under Sections 6.1 or 6.2 and may be retained indefinitely as it is not personally identifiable.

7. DATA SECURITY

We implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, or disclosure, including (without limitation) industry-standard encryption of data in transit and at rest, logical case-level data isolation, role-based access controls, and ongoing security monitoring. We use reasonable efforts to align our security program with generally recognized industry standards applicable to professional services and legal technology providers.

No method of transmission over the Internet or electronic storage is fully secure, and we cannot guarantee absolute security. In the event of a security incident affecting your information, we will notify you in accordance with applicable law and any Separate Agreement.

8. YOUR PRIVACY RIGHTS

8.1 Two-Track Process

Account Information: If you are a User, you may exercise the rights described below directly with Ordernize as the controller of your Account Information.

Case Data: If you are a third party (such as a User’s client, opposing party, or other individual whose personal information appears in Case Data uploaded by a User), you should direct any privacy rights requests to the User who uploaded the Case Data, because that User (and not Ordernize) is the data controller. Ordernize will provide reasonable assistance to Users in fulfilling such requests as set forth in any Separate Agreement.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), provides you with certain rights with respect to your personal information, subject to applicable exemptions:

  • Right to know the categories and specific pieces of personal information we collect, the categories of sources from which we collect it, the purposes for which we use it, and the categories of third parties with whom we share it.
  • Right to access a copy of personal information we have collected about you in a portable, readily usable format.
  • Right to correct inaccurate personal information we maintain about you.
  • Right to delete personal information we have collected from you, subject to exemptions.
  • Right to limit use of sensitive personal information to purposes specified by the CCPA.
  • Right to opt out of sale or sharing of personal information. As stated above, we do not sell personal information and do not share personal information for cross-context behavioral advertising.
  • Right to non-discrimination for exercising your CCPA rights.

To exercise these rights, please contact us at privacy@ordernize.com. You may also designate an authorized agent to make a request on your behalf, subject to our reasonable verification procedures. We will respond to verifiable requests within the time periods required by the CCPA.

8.3 Florida Residents (Florida Digital Bill of Rights)

If you are a Florida resident, the Florida Digital Bill of Rights (the “FDBR”) may provide you with certain rights with respect to your personal information, subject to applicable thresholds and exemptions, including the right to confirm, access, correct, delete, and obtain a portable copy of personal information; the right to opt out of certain processing for targeted advertising, sale, or profiling; and the right to opt out of the collection or processing of sensitive data. To exercise these rights, please contact us at privacy@ordernize.com.

8.4 Other U.S. State Privacy Rights

Residents of other U.S. states with comprehensive privacy laws (including, without limitation, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Tennessee) may have similar rights to those described above, subject to applicable thresholds and exemptions. To exercise such rights, please contact us at privacy@ordernize.com. We will respond to verifiable requests within the time period required by the applicable state law.

8.5 How to Submit a Request

To submit a privacy rights request, please email privacy@ordernize.com with: (a) your full name; (b) the email address associated with your account (if applicable); (c) a description of the right you are exercising; and (d) any additional information necessary for us to verify your identity. We may request additional information to verify your identity before processing a request. There is no fee to submit a request, although we may charge a reasonable fee for repetitive or excessive requests as permitted by applicable law.

8.6 Appeals

If we deny your request in whole or in part, you may appeal our decision by replying to our response email within sixty (60) days of receipt or by contacting privacy@ordernize.com with the subject line “Privacy Appeal.” We will respond to your appeal within the time period required by applicable law.

9. MARKETING COMMUNICATIONS AND PREFERENCES

We may send you marketing communications about our products, features, events, and industry content. You can opt out of marketing communications at any time by: (a) clicking the “unsubscribe” link included in any marketing email we send; (b) updating your communication preferences in your account settings; or (c) contacting us at privacy@ordernize.com. Even if you opt out of marketing communications, we may continue to send you transactional, security, billing, service-related, or other administrative messages necessary to operate your account and the Services.

10. MINORS

The Platform is intended for licensed professionals and their Authorized Users, and accounts may only be created by individuals who are at least eighteen (18) years of age. We do not knowingly collect Account Information directly from individuals under the age of eighteen (18), and we do not direct the Platform to children.

Case Data uploaded by Users may, from time to time, contain personal information about minors (for example, in the context of family law, custody, or child support engagements). With respect to such information: (a) the User uploading the Case Data is the data controller and is responsible for ensuring that the upload complies with the Children’s Online Privacy Protection Act (COPPA) (where applicable), state-law analogues, applicable rules of professional conduct, and any other applicable laws regarding the protection of minors’ information; and (b) Ordernize processes such information solely as a service provider on the User’s behalf and under the User’s direction.

11. INTERNATIONAL USERS

The Platform is operated from the United States and is intended primarily for use within the United States. If you access the Platform from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States and other jurisdictions in which our subprocessors operate. The data protection laws in these jurisdictions may differ from those of your country of residence.

12. DO-NOT-TRACK SIGNALS

Some browsers offer a “Do Not Track” (DNT) signal. Because there is no industry-wide standard for how to interpret DNT signals, the Platform does not currently respond to them. We do, however, honor universal opt-out signals (such as the Global Privacy Control) where required by applicable law for purposes of opting out of sale or sharing of personal information.

The Platform may contain links to third-party websites, products, or services. We are not responsible for the privacy practices or the content of those third parties. We encourage you to review the privacy policies of any third-party services you access.

14. CHANGES TO THIS POLICY

We may update this Policy from time to time. If we make material changes, we will provide notice through the Platform, by email to the address associated with your account, or by other reasonable means at least thirty (30) calendar days before the changes take effect. Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of the updated Policy.

15. CONTACT US

If you have questions or concerns about this Policy or our privacy practices, or to exercise any of your rights, please contact us at:

Ordernize Inc.

Attention: Privacy

[Insert physical mailing address]

Privacy Email: privacy@ordernize.com

General Email: info@ordernize.com

Website: ordernize.com

* * *

BY ACCESSING OR USING THE ORDERNIZE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.