Privacy Policy Changelog
Every substantive change to our privacy policy is recorded here. If you're preparing a vendor assessment or internal audit, you can cite specific revisions. Current policy: ordalis.io/privacy.
- NewDocumented 30-day retention default for PII redaction audit logs.
- ClarifyExplicit "we do not train machine-learning models on customer data" clause.
- NewRefresh-token lifetime (30 days) disclosed. Access-token lifetime reduced to 1 hour.
- NewWorkspace-level data-residency controls documented.
- ClarifyExpanded subprocessor list with purposes.
- NewGDPR Article 28 data-processor language.
- NewRight-to-erasure procedure (DSR endpoint documented).