Privacy Policy

Last updated: 12 September 2023

Welcome to Bordio!

At Bordio, your privacy is paramount to us. We recognize the trust you place in us as you use our platform to manage and organize tasks, events, projects, and collaborate with your teams. Our commitment is to be transparent about the data we collect and how we use and share it, always with the objective of creating an efficient and secure environment for our users.

Bordio is a project management software created for individuals and organizations alike. Whether you’re using our platform to manage personal tasks in “My Workspace” or collaborating with a team in an “Organization,” we take the responsibility of safeguarding your data very seriously. This Privacy Policy aims to clarify the nature of the information we collect, why we collect it, and your rights and choices regarding this information.

By utilizing Bordio’s services, you consent to the practices described in this policy. If you have concerns or queries regarding our privacy practices or this document, please feel free to reach out to us

Information We Collect

Our primary goal in collecting information is to provide and enhance the Bordio services, to administer your use of such services, and to enable you to enjoy and navigate our platform seamlessly. Here are the categories of information we collect:

  1. Account Information: When you register on Bordio, we collect basic account information such as your name, email address, and password. This enables you to have an individual profile and facilitates the functionality of features such as event or project invitations.
  2. Profile Data: To further enhance your experience, we might collect additional profile information, including your job title, organization details, and a profile picture if you choose to upload one.
  3. Workspace Content: Within Bordio, you can create tasks, events, and projects. We store and manage the content you input for these functions. This includes tasks you create, their descriptions, events, and related details, and any project-related data.
  4. Communication Data: If you send an invitation to other users to join a project or event or if you communicate through our platform, write comments for tasks and events or send direct messages to other users, we store these communications to ensure smooth collaboration and provide a historical record of your interactions.
  5. Billing and Transaction Data: For users associated with an Organization, we collect billing information, including payment method details and transaction history, to process subscription fees and offer refunds where applicable.
  6. Technical Data and Logs: As with most online platforms, our servers automatically collect data when you access or use our services and record it in log files. This data may include IP address, browser type and settings, date and time of the request, how you used Bordio, and cookie data.
  7. Cookies and Tracking Technologies: We use cookies and similar tracking technologies to collect information about your interaction with our platform, preference settings, and to enhance your user experience. To track users’ behaviour on our website and on the platform, we use tools like Google Analytics and Amplitude.
  8. Third-party Integrations: If you choose to use third-party integrations available on Bordio, we might receive information from these third parties, depending on the permissions you’ve granted.
  9. Feedback and Support: If you provide us feedback, contact our support, or respond to our surveys, we will collect your name, email, and the content of your feedback or support query to effectively respond to your concerns or improve our platform.
  10. Usage Information: We gather statistical data about users’ interaction with the platform. This includes pages or content viewed, features utilized, and the frequency and duration of activities.

How We Collect Information

Below is a detailed explanation of the various means through which we gather data:

a. Directly from the User

Much of the information we collect comes directly from you when you:

  • Register for an account on Bordio
  • Update or add information to your profile
  • Create or join organization

b. Automated Tools and Technologies

As with most digital platforms, certain data is gathered automatically when you use our services. This includes, but is not limited to:

  • Log files and device information
  • Cookies and similar tracking technologies. These help us understand user behavior, preferences, and improve user experience
  • Analytics tools to understand platform usage, detect issues, and guide our feature development.

c. From Third-party Integrations

When you integrate Bordio with other platforms or services, we may receive information from these third parties, always in accordance with the permissions you’ve granted.

d. User-generated Content

We store all data that users enter or upload within the Bordio platform, including but not limited to:

  • Task information (task name, task description, due date, reporter, task assignee, attached files, time blocks, etc.)
  • Event information (event name, event date and time, event duration, event description, event participants, their email and their statuses, file attachments etc.)
  • Project information (project name, project members or guests with their emails, etc)
  • Organization information (organization name, logo, teams, invited members’ emails and their statutes, etc.)
  • Notes information (note content, attached files, etc.)
  • Comments and messages (all communication within the platform)

e. Third-Party Services and Tools

  • Amplitude Analytics: We use Amplitude, a third-party analytics tool, to help us understand how our users use Bordio. This aids us in improving the platform’s performance and enhancing user experience. It’s important to note that while we share usage data with Amplitude for analysis, we ensure that no personally identifiable information (PII) is shared or stored by Amplitude.
  • Google Analytics: Bordio utilizes Google Analytics, a service offered by Google that generates detailed statistics about a website’s traffic and traffic sources and measures conversions and sales. Google Analytics uses “cookies” stored on your computer to help analyze how users use our website. The information generated (including a part of your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for Bordio, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using Bordio, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
  • Facebook Pixel: We utilize the Facebook Pixel, a service provided by Facebook. This tool allows us to follow the actions of users after they are redirected to our website by clicking on a Facebook advertisement. This enables us to measure the efficacy of Facebook ads for statistical and market research purposes. The collected data remains anonymous to us, meaning we cannot see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy. This allows Facebook to display ads on Facebook and on third-party sites. We have no control over how this data is used by Facebook. Please note, the Facebook Pixel collects data that helps us track conversions from Facebook ads, optimize ads, build targeted audiences for future ads, and remarket to people who have already taken some kind of action on our website.
  • LinkedIn Insight Tag: We employ the LinkedIn Insight Tag, a tool provided by LinkedIn. This tag allows us to gather insights regarding the performance of our ads and specific actions users take on our platform. When a user interacts with our website after clicking on one of our LinkedIn advertisements, the LinkedIn Insight Tag enables us to measure the effectiveness and results of those advertisements for statistical and market research purposes. The data collected is anonymous to us, which means that we don’t see personal data of individual users. However, LinkedIn may link this data with your LinkedIn profile and use it for its own advertising purposes, in accordance with LinkedIn’s Data Policy. This can allow LinkedIn to show you more relevant advertisements on its platform. Please be aware that the LinkedIn Insight Tag helps us with insights related to ad campaign performance, website interactions from LinkedIn ad clicks, and allows us to retarget ads and understand user demographics.

f. Publicly Available Sources

On occasion, we may collect information from publicly available sources to enhance our user experience or for other operational needs.

Always remember that you have control over the information you share with us. We are committed to safeguarding your data and ensuring it’s used responsibly and in accordance with this Privacy Policy.

How We Use the Information

We use the information we collect in several ways to provide, maintain, and enhance our services, ensuring you get the best possible experience when using our platform. Here’s a detailed breakdown:

  1. Account Management and User Verification: To create and manage your account, validate your credentials, and ensure the overall security of our platform.
  2. Service Delivery: To deliver the core features and functionalities of Bordio, allowing you to create, participate in, and manage projects, tasks, or events.
  3. Communication: To facilitate in-platform communications such as sending project or event invitations, direct messages, or comments on tasks and events. We also use your contact details to communicate important service updates, respond to your inquiries, or send you relevant notifications.
  4. Platform Improvement and Personalization: By understanding how you use Bordio, we can refine and customize your user experience. This involves analyzing usage patterns and feedback to enhance existing features and develop new ones
  5. Security and Protection: To detect, investigate, and prevent activities that might breach our terms of service, potentially harm our platform’s integrity, or compromise user security.
  6. Legal and Regulatory Compliance: We may process personal data when required by law, legal process, or regulatory authorities. This ensures our adherence to the relevant laws and regulations.
  7. Billing and Payments: For processing payments, managing subscriptions, and ensuring seamless financial transactions for premium features or services.
  8. Feedback and User Support: To provide assistance, address your concerns or issues, and improve the overall quality of our customer support.
  9. Marketing and Promotions: Based on your preferences, we may occasionally send you promotional messages, news, or updates. However, you always have the option to opt-out of such communications.

We are committed to using your information transparently and responsibly, ensuring we respect your choices and rights in every action we take.

Where Do We Store Your Information

All user data is securely stored on Amazon Web Services (AWS) infrastructure, with servers located in the USA. We have chosen AWS due to its robust security measures and compliance standards, ensuring that your data is protected and accessible whenever you need it.

In addition to our primary storage, we utilize a Content Delivery Network (CDN) to efficiently distribute images and other files to users globally. This helps in providing a faster and more responsive service, ensuring that content is delivered from the nearest and most efficient node.

We deploy a range of security measures, both technical and organizational, to maintain the safety of your personal information. These measures include, but are not limited to, encryption, regular security audits, and comprehensive access controls.

How We Share Your Information

While we do share certain information with third parties, we do so in a manner that upholds your rights and our commitment to data protection. Below outlines the scenarios and entities with which we may share your data:

  1. Internal Teams: Data may be shared across our internal departments to ensure seamless operation and service delivery. For instance, our customer support, technical teams, and marketing divisions might access data to enhance user experience and address concerns.
  2. Third-party Service Providers:

    Stripe: As our designated payment processing partner, Stripe manages transactional data. While Bordio never stores credit card details directly, Stripe may process such details to facilitate your payments.

    Analytics and Marketing Tools: We employ services like Google Analytics, Amplitude, Facebook Pixel, and LinkedIn Insight Tag for a deeper understanding of user behavior and for optimizing our marketing strategies. Among these, we specifically ensure that no personal data is transmitted to Amplitude. The rest are mainly used for deriving insights and tailoring our advertisements effectively.

  3. Legal and Regulatory Bodies: We may disclose user data if legally mandated, in compliance with court orders, or in the case of corporate restructuring events such as mergers or acquisitions.
  4. Collaboration on the platform: Users, when collaborating on tasks, projects, or events, might share information with other users. This is inherent to the platform’s design, enabling efficient collaboration and communication.

Cookies and Tracking Technologies

Cookies are small text files that are placed on your computer or device when you visit a website. They are used to make websites work efficiently and provide us with information about how our website is used.

How Bordio Uses Cookies

  1. Site Functionality: These cookies are essential for the basic functioning of our platform, such as user login sessions and preferences.
  2. Analytics and Performance: Cookies help us understand how users interact with our site, allowing us to analyze and improve the overall performance of our platform. This includes tools like Google Analytics and Amplitude which provide insights into user behavior, but without collecting or storing personal user data.
  3. Marketing and Advertising: Cookies help to make advertising more relevant for users. We use cookies to monitor the efficiency of our advertisements on platforms like Facebook and LinkedIn. These cookies may track things like click-through rates or the actions users take after viewing an ad.

Third-Party Cookies:

  1. Google Analytics: We use Google Analytics to collect and analyze data about how users interact with our platform. This helps us to improve the user experience and offer more relevant content. Google Analytics may use cookies and other tracking mechanisms to collect anonymous data about user activities. This data does not include personal information and is used solely for statistical purposes.
  2. Amplitude: We utilize Amplitude to understand platform usage and user behavior. While Amplitude provides us with valuable insights, we ensure that no personal data is shared with Amplitude.
  3. Facebook Pixel: This technology enables us to measure the efficacy of our Facebook advertisements and to provide more relevant ads to users based on their activity on our platform.
  4. LinkedIn Insight Tag: Through this tool, we gather insights regarding our ad performance on LinkedIn and understand user actions on our platform post interacting with our ads.

Managing and Disabling Cookies:

Upon your first visit to our platform, you will encounter a pop-up that allows you to either accept all cookies or configure your cookie preferences. You can choose to accept specific categories of cookies while blocking others based on your preferences.

Most web browsers also offer settings that allow you to manage or decline cookies. However, if you choose to block certain essential cookies through your browser settings, or through the configuration options we provide, please note that you might not be able to access certain features or functionalities of our platform.

Remember, your cookie settings on our platform can be reviewed and adjusted at any time through the same pop-up or the designated cookie settings section of our website.

Data Retention

  1. Retention Period: All data associated with user accounts, including but not limited to their name, email address, profile picture, and any content or information created by the user on the platform, will be retained in our database indefinitely. This ensures a seamless user experience and service continuity. This data will remain stored until the user chooses to delete their account. Upon account deletion, measures will be taken in accordance with our data retention policies to remove the user’s information from our active databases.
  2. Soft-Delete Protocol: When users delete items or data, such as tasks, events, projects, notes, etc., from the platform, we don’t erase this information permanently right away. Instead, we shift it to an archived state in our database for a grace period of 30 days. This approach acts as a safeguard against accidental deletions or unwarranted changes. If users ever need to recover their data within this 30-day window, it’s feasible.

    Post the 30-day period, the archived information is automatically and permanently deleted from our systems. However, should users wish for immediate and total deletion of specific archived data within the 30-day grace period, they are free to request it. By reaching out to our support team at support@bordio.com, such requests can be made. Upon receipt, we pledge to process these requests and ensure the total removal of the designated data from our databases within 15 working days.

Account Deletion

  1. We respect your rights over your personal data. If you choose to delete your account (which can be done directly in the Profile settings section), we will archive all the information linked to your private workspace, known as “My Workspace,” rather than permanently delete it immediately. This encompasses your personal details (name, email address, profile picture, etc.), tasks, events, projects, notes, and any other data you’ve created or stored on the platform in your private workspace. This soft-delete policy allows for a 30-day grace period after account deletion, during which your data remains recoverable in the event of accidental deletions or unauthorized access that leads to account deletion. After the 30-day period, all the associated data will be permanently deleted from our databases and cannot be recovered. We implement this mechanism to ensure enhanced security and data protection. Should you choose to return and use our platform after the 30-day grace period, you’d need to start afresh as a new user.
  2. However, for data you’ve contributed to an Organization Workspace, the situation differs. As this data is considered the property of the Organization and not the individual, content like tasks, events, projects, notes, and comments within the Organization will remain intact. Your personal identifiers, such as your name and email, will be stripped from our databases in relation to this content. In place of your name, members of the Organization will see designations like “Removed user”. This ensures continuity for the Organization while maintaining your right to data privacy. We retain only non-personal, unique account IDs to link the contributions to the Organization’s workspace, thereby safeguarding both individual privacy and organizational coherence.

Security Measures

The security of your data is of paramount importance to us. Even as we scale and grow, we’re committed to implementing best practices to protect the data you entrust with us. Here are some of the measures we’ve adopted:

  1. Data Encryption: All data in transit is encrypted using strong encryption protocols. This ensures that your data remains private and secure from any unauthorized access.
  2. Secure Hosting: Our services are hosted on Amazon Web Services (AWS), a leading and reputable cloud service provider known for its stringent security standards. AWS provides a variety of robust data protection mechanisms, including network firewalls and data encryption. When combined with our additional security measures, this ensures a comprehensive and robust security environment for our users’ data.
  3. Regular Backups: To prevent data loss, we conduct regular backups of all user data. These backups are stored in secure environments, ensuring data integrity and availability.
  4. Access Control: Only authorized Bordio personnel have access to user data, and this access is strictly on a “need-to-know” basis. We’ve implemented strict internal protocols to ensure that your data remains confidential.

Users’ Rights

We recognize and respect the rights of our users concerning their personal data. As part of our commitment to upholding these rights, we provide the following:

  1. Right to Access: Users can directly access and view all their personal data stored within Bordio via the platform’s user interface. This ensures immediate transparency and control over your data. Should you encounter any issues or have specific inquiries regarding your data access, please contact our support team at support@bordio.com.
  2. Right to Rectification: Users can directly modify or update their personal data, including First name, Last name, Profile picture, and email address, within Bordio through the platform’s profile settings section.
  3. Right to Erasure (“Right to be Forgotten”): Users have the capability to delete their account directly within their profile settings on the Bordio platform. Upon invoking this action, all personal data associated with the user in their Private Workspace will be permanently erased from our database. For data associated with Organizational Workspaces, since it’s deemed property of the Organization, personal identifiers such as name and email address will be anonymized, and any reference to the individual will be displayed as “Removed User”. It’s important to understand this distinction before proceeding with the account deletion process.
  4. Right to Data Portability: Users have the right to export the data they’ve created in Bordio, including tasks, events, and projects, in a structured and commonly used format. This ensures that if users wish to transition to a different platform or service, they can take their work-related data with them. Upon request, and where technically feasible, we can assist in transmitting this content to another platform or service provider.
  5. Right to Withdraw Consent: If we process specific types of your data based on your explicit consent, such as for receiving particular email communications or other types of notifications, you have the right to withdraw that consent at any time. This can be done through the Profile settings on our platform. However, please note that withdrawing consent in this manner will only stop the specific communication or activity for which explicit consent was given.

    If you wish to withdraw consent regarding the overarching processing of your data in line with our Privacy Policy and Terms of Use, the only method to fully do so is by deleting your account. This can be done directly through the platform’s settings. Do understand that continuing to use Bordio without deletion implies continued consent to our terms and data processing activities.

  6. Right to Lodge a Complaint: If you believe that we’re not processing your personal data in line with applicable laws or this policy, you have the right to lodge a complaint with a supervisory authority.

Many of your rights, such as accessing, rectifying, or deleting your personal data, can be exercised directly within the Bordio platform through the account settings and other platform tools. However, for specific requests or if you face challenges in exercising any of your rights, please reach out to our support team at support@bordio.com. We are dedicated to addressing your inquiries and ensuring that your rights are upheld, in accordance with applicable data protection laws.

International Data Transfers

Bordio operates on a global scale, and in the course of providing our services, it may be necessary for user data to be transferred to, stored in, or processed in countries other than the country in which you reside. This includes the United States, where our main data centers are located. These countries may have data protection laws that differ from those of your country.

We are committed to ensuring that your personal information is protected and transferred securely. To achieve this, Bordio employs standard contractual clauses approved by the European Commission, ensures that the cloud services we utilize maintain rigorous security standards, and remains compliant with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

For users residing in the European Economic Area (EEA), Switzerland, or the United Kingdom, please note that while we strive to provide a consistent level of data protection regardless of the country in which you reside, the laws and practices regarding data protection in our primary operational countries, including the United States, may vary from the standards in your country.

Age Gate & Children’s Privacy

Bordio is intended for use by individuals who are at least 16 years of age or the applicable age of consent for data processing in their respective country, whichever is higher. By using Bordio, you represent and warrant that you are at least of this age or older. If you are under this age limit, you may not, under any circumstances or for any reason, use Bordio without obtaining the verifiable consent of your parent or guardian. We may, in our sole discretion, refuse to offer the Services to any person or entity and change our eligibility criteria at any time.

If we become aware that a user under the age of 16 (or under the age of the specified consent in their respective country) has provided us with personal information without the requisite parental or guardian consent, we will take steps to remove such data and terminate the child’s account.

Changes to This Privacy Policy

We continually strive to improve our platform and services, and as such, our Privacy Policy may need to change along with Bordio. We reserve the right to amend this Privacy Policy at any time, for any reason.

Whenever changes are made to this policy, we will make sure to provide you with clear and conspicuous notice of these changes, either through a notification on our platform or by sending you an email. We will also update the “Last Updated” date at the beginning of this Privacy Policy.

Your continued use of Bordio following the notification of changes to this policy means you acknowledge and agree to the revised Privacy Policy. If you do not agree with the changes, you have the right to stop using our services and should do so immediately.

Legal Jurisdiction

Any disputes or claims arising out of or in connection with this Privacy Policy, or the breach thereof, whether directly or indirectly, shall be governed by and construed in accordance with the laws of the Republic of Latvia. Both parties agree to submit to the exclusive jurisdiction of the courts located within the Republic of Latvia and to waive any jurisdictional, venue, or inconvenient forum objections to such courts.

Data processor

Bordio is operated by Bordio SIA, a limited liability company registered in Latvia.

Legal Address: Riga, Katlakalna iela 9A, LV-1073
Registration Number: 40203317023
VAT Number: LV40203317023
Contact Email: support@bordio.com

If you have any questions, concerns, or comments about our Privacy Policy or any requests concerning your personal data, please contact us!