Legal
Privacy Policy
Last updated: 2026-07-08
Draft — provided for review and to satisfy platform onboarding requirements; review with legal counsel before relying on it.
This Privacy Policy explains how Verdora, operated by Standard Orchid ("Verdora," "we," "us," or "our"), collects, uses, and shares information in connection with the Verdora commerce operations platform and related services (the "Service"). It applies to our customers and to individuals whose information we process on our customers' behalf.
1. Information We Collect
- Account information — name, email address, organization details, and credentials used to create and secure your account.
- Business & operational data — products, inventory, orders, customers, fulfillment, and accounting records you enter or manage in the Service.
- Data from connected services — information retrieved from marketplaces and tools you link (e.g. orders, listings, stock, and financial records from Squarespace, eBay, Etsy, QuickBooks, or Shippo).
- Usage & technical logs — device, browser, IP address, log events, and diagnostic data generated as you use the Service.
2. How We Use Information
We use information to operate, maintain, and improve the Service; to synchronize orders, inventory, and accounting data across your connected systems; to authenticate users and secure accounts; to provide customer support; to communicate with you about the Service; and to comply with legal obligations. We do not sell your personal information.
3. Third-Party Integrations & Data Sharing
The core purpose of the Service is to move data between the systems you connect. Data therefore flows to and from your connected marketplaces and tools according to the connections and settings you configure. We also share information with limited categories of service providers who process data on our behalf, such as cloud hosting and infrastructure providers, secrets and key management providers, email/communication providers, and error monitoring or analytics providers. These providers are bound to use the information only to provide services to us. We may also disclose information when required by law or to protect rights and safety.
4. OAuth Tokens & Security
When you connect a third-party service, we receive and store access and refresh tokens that let the Service act on your behalf. These tokens are stored encrypted, in a managed secrets vault, and are used only to provide the Service according to your instructions. We apply administrative, technical, and organizational safeguards designed to protect your information, and we restrict access to authorized personnel. No method of transmission or storage is perfectly secure, but we work to protect your data and to promptly address issues we identify.
5. Data Retention
We retain information for as long as your account is active or as needed to provide the Service, and thereafter as required to comply with legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we take steps to delete or de-identify it. Following termination, we make Customer Data available for export for a reasonable period before deletion.
6. Your Rights
Depending on your location, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. Because we often process data on behalf of our customers, we may direct certain requests to the relevant customer as the controller of that data. You can exercise applicable rights, or request access, correction, deletion, or export, by contacting us at the address below.
7. Cookies & Sessions
We use cookies and similar technologies that are necessary to operate the Service, such as maintaining your login session and protecting against cross-site request forgery. These are essential to the Service; disabling them may prevent the Service from working properly.
8. Children's Privacy
The Service is a business tool and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us so we can delete it.
9. International Considerations
We may process and store information in locations that differ from where you are based. Where required, we take steps to provide appropriate safeguards for cross-border transfers. [Additional region-specific disclosures to be completed with legal counsel.]
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice.
11. Contact
Questions or requests regarding this Privacy Policy may be sent to privacy@verdora.cloud.