Privacy Policy

1. Who we are

Ordaily operates the AI executive assistant platform accessible at dashboard.aiminister.co.za. The platform is operated by Josh Macdonald, trading as Ordaily. We are a responsible party as defined under the Protection of Personal Information Act, 2013 (POPIA) with respect to your account information, and an operator with respect to the personal information of your contacts and correspondents that you process through our platform.

2. What personal information we collect

We collect the following categories of personal information:

• Account information: your name, email address, phone number, company name, job title, and billing details provided during registration.
• Email metadata: sender name, sender email address, recipient addresses, subject lines, and AI-generated classifications and summaries of email content. We retain processed summaries (not raw bodies) of emails Jarvis has triaged.
• Calendar information: event titles, times, attendee names and email addresses, and meeting locations from connected Google Calendar accounts.
• Contact information: names and email addresses from your connected Google Contacts, used solely for recipient resolution and inbox prioritisation.
• Health and wellness data: recovery scores, sleep data, heart rate variability, and strain data from connected WHOOP devices, where you have chosen to enable this integration.
• Usage data: log data including your IP address, browser type, pages accessed, and timestamps of access events.
• Communication data: WhatsApp messages sent to and received from your Jarvis assistant number, where the WhatsApp integration is enabled.

2A. Your "Second Brain"

The Second Brain is a personal knowledge layer your AI assistant maintains on your behalf. It contains: (a) the answers you give during the onboarding Brain questions; (b) AI-generated structured summaries of your meeting transcripts (decisions, action items, people present, companies mentioned); (c) entries describing companies you work on and contacts you correspond with; (d) anything you manually add via the "Feed your Brain" panel on the System tab. The Second Brain never stores raw email bodies — only AI-generated structured summaries derived from subject lines and metadata.

Per-tenant isolation: when your Brain is first written to, the Brain service automatically creates an isolated tenant assigned exclusively to your account. Each tenant has a unique tenant identifier and a unique bearer key. Every read and write for your Brain authenticates with YOUR tenant key against YOUR tenant URL. Cross-tenant access is physically impossible at the API layer — no customer can query another customer's tenant, and Ordaily itself cannot read another customer's Brain when operating as you. Your tenant key is encrypted at rest in our database using AES-256-GCM; a database leak shows ciphertext, not keys.

Who can access your Second Brain: only you. Ordaily administrators have no operational access to your Brain content — not the entry titles, not the summaries, not the people or companies mentioned. Administrators can see queue counts (number of pending entries) and sync status, but not content.

Your Brain rights: you can (i) search and read your Brain via the dashboard, (ii) manually add or remove entries via the "Feed your Brain" panel, (iii) request a full Brain export via the data-export endpoint at any time, (iv) request immediate Brain deletion via the deletion endpoint (separate from account deletion if you wish to keep the account but clear the Brain), and (v) opt out of Brain processing entirely from the System tab — once you opt out, no further entries are sent to the Brain service and existing Brain content is scheduled for deletion on the same 7-day soft-delete window as account deletion.

Sub-processor: Brain hosting is performed by an external Brain service (described in our Data Processing Agreement and listed in Section 5 below). The Brain service does not have access to your raw email or calendar data — it only stores the AI-generated summaries and your Brain answers, encrypted in transit and isolated by tenant.

3. Why we collect your personal information

We collect and process your personal information for the following specific purposes only:

• Email metadata — to triage your inbox, identify urgent messages, generate draft replies, and prepare your daily briefing. Processed under your explicit instruction when you connect your Gmail account.
• Calendar data — to display your agenda, prepare pre-meeting briefings, detect scheduling conflicts, and create events you approve. Processed under your explicit instruction when you connect your Google Calendar.
• Contact data — to resolve recipient names to verified email addresses and improve inbox prioritisation. Never used for marketing or shared with third parties.
• Health data — to include wellness context in your morning briefing and provide day-shape recommendations. Processed only when you explicitly enable the WHOOP integration.
• Account information — to manage your subscription, provide support, and send service communications.
• Usage data — to monitor system performance, detect security incidents, and improve the service.

4. How long we keep your information

We are committed to the following retention windows. (Operational note: automated deletion sweeps are being rolled out in stages; the dates below reflect our target state and the practice we will maintain.)

• Email triage metadata and classifications — 90 days
• Meeting transcripts and structured summaries — 12 months
• Morning briefing records — 30 days
• Account information — duration of subscription plus 3 years
• Payment records — 7 years (required by South African tax law)
• Access logs and consent records — 12 months minimum; consent records 3 years minimum
• Health and wellness data — 90 days
• Second Brain entries — for the duration of your active subscription; deleted within 7 days of account deletion or Brain opt-out

5. Who we share your information with

We share your personal information with the following service providers solely to deliver the Ordaily service:

• Anthropic PBC (USA) — AI language model processing. Anthropic's API terms prohibit use of customer data for model training. Anthropic is SOC 2 Type II certified.
• ElevenLabs Inc (USA) — voice synthesis for audio briefings and WhatsApp voice notes, where you have enabled voice features.
• Twilio Inc (USA) — WhatsApp message delivery for clients using the WhatsApp integration. (Alternate providers: 360dialog, Meta Cloud API.)
• Google LLC (USA) — OAuth authentication and API access to Gmail, Calendar, and Contacts data you have explicitly connected.
• Microsoft Corporation (USA) — OAuth authentication for Outlook + Teams integration, where enabled.
• PayFast (South Africa) — payment processing for subscription billing. PayFast is PCI DSS compliant.
• Fly.io Inc (USA) — cloud hosting infrastructure. Volumes are encrypted at rest.
• WHOOP Inc (USA) — wellness integration, where you have explicitly connected a WHOOP account.
• Ordaily Brain service (operator: Ordaily-aligned, separate hosting) — hosts the per-tenant Second Brain described in Section 2A. Receives only AI-generated structured summaries and your Brain onboarding answers — never raw email content, never OAuth tokens, never your contact list in bulk. Each customer's Brain is isolated by tenant credentials. Subject to a signed Data Processing Agreement with Ordaily.

We do not sell, rent, or share your personal information with any third party for marketing purposes.

Cross-border transfers: several of our service providers are based in the United States. Each provider operates under their own compliance frameworks (SOC 2, ISO 27001) and standard contractual commitments. By using Ordaily you acknowledge that your data may be processed outside South Africa for the purposes described above.

5A. Limited Use of Google user data

Ordaily's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

No use for AI/ML training. Ordaily does not use Google Workspace user data — including Gmail message bodies and metadata, Calendar events, Contacts, and Drive files — to train, develop, or improve generalised artificial intelligence or machine learning models, and does not transfer this data to third parties for those purposes. Our use of Google user data is limited solely to providing and improving the user-facing features described in this Privacy Policy.

6. Your rights under POPIA

As a data subject under POPIA you have the right to:

• Access the personal information we hold about you
• Correct inaccurate personal information
• Request deletion of your personal information
• Object to the processing of your personal information
• Lodge a complaint with the Information Regulator of South Africa
• Opt out of Second Brain processing at any time without losing the rest of the Service (System tab → Brain controls), or request immediate Brain deletion separately from account deletion

To exercise any of these rights contact us at privacy@aiminister.co.za. We will respond within 30 days. Deletion requests are processed through a 7-day soft-delete window — your account is immediately suspended and all data is purged 7 days later, allowing time to cancel a mistaken or unauthorised request.

7. Data security

• All data in transit is encrypted using TLS 1.2 or higher
• Database storage is encrypted at rest on Fly.io's encrypted volumes
• At-rest encryption of sensitive fields uses AES-256-GCM with per-deployment master keys
• Access to your data is restricted to authenticated sessions only
• Administrator accounts cannot access your email content, calendar events, or personal communications — only technical connection status is visible to our team
• Every administrator access to a customer account is logged in our access log
• We conduct regular security audits of our codebase and infrastructure
• In the event of a data breach we will notify affected users without undue delay as required by POPIA

8. Cookies

We use session cookies to maintain your logged-in state on the dashboard. These are strictly necessary cookies and cannot be opted out of while using the service. We do not use advertising cookies or third-party tracking cookies on the dashboard. For cookie details see our Cookie Policy.

9. Children

Ordaily is not intended for use by persons under the age of 18. We do not knowingly collect personal information from minors.

10. Changes to this policy

We will notify you of material changes to this Privacy Policy by email and by displaying a notice on the dashboard. Continued use of the service after changes take effect constitutes acceptance.

11. Contact