Legal

Privacy Policy

Last updated: March 22, 2026

1. Who We Are

Odash ("we," "our," or "us") provides custom operational dashboards for workspace operators. This Privacy Policy explains how we collect, use, store, and protect information when you use our services.

2. Information We Collect

2.1 Account Information

When your organization sets up Odash, we collect user account information including names, email addresses, and role assignments. Passwords are stored using one-way bcrypt hashing and are never stored in plain text.

2.2 Aggregated Operational Metrics

We store aggregated, anonymized operational metrics derived from your connected systems. This includes portfolio-level summaries such as revenue by location, compliance scores, inventory counts, and occupancy rates. These aggregated metrics do not contain personally identifiable information (PII).

2.3 Individual Records

Individual records (such as specific bookings, contact details, or transaction-level data) are queried live from your connected systems (e.g., Salesforce, your PMS) at the time of access and are never persisted in our database. These records exist only in your browser session during active use.

2.4 Usage Data

We may collect basic usage data such as login timestamps, pages viewed, and feature usage to improve our service. This data is not shared with third parties.

3. How We Use Your Information

  • To provide and operate the Odash dashboard for your organization
  • To authenticate users and enforce role-based access controls
  • To compute and display aggregated operational metrics
  • To improve our service and user experience
  • To communicate with you about your account or our services

4. Data Storage & Security

4.1 Infrastructure

Aggregated metrics are stored in a PostgreSQL database hosted on Supabase with encryption at rest and TLS encryption in transit. All database connections use SSL.

4.2 Tenant Isolation

Client data is isolated at the database level using Row-Level Security (RLS) policies. Each client's data is logically separated and cannot be accessed by other tenants.

4.3 Access Controls

Access to your dashboard is governed by role-based permissions (corporate, regional manager, location manager). Each role sees only the data scoped to their assignments.

5. Data Retention

Cached aggregated metrics are automatically deleted after 90 days. Account information is retained for the duration of your service agreement. Upon termination, all data associated with your organization is deleted within 30 days.

6. Data Sharing

We do not sell, rent, or share your data with third parties. Data may be disclosed only in the following circumstances:

  • With your explicit consent
  • To comply with a valid legal obligation (subpoena, court order)
  • To infrastructure providers (Supabase, Vercel) strictly as necessary to operate the service, under their respective data processing agreements

7. Your Rights

You have the right to:

  • Access the data we hold about your organization
  • Correct inaccurate account information
  • Delete your data. Request deletion and we will remove all data within 30 days
  • Export your aggregated metrics in CSV format
  • Restrict processing. Request that we stop processing your data while a concern is investigated

If you are located in the European Economic Area, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Cookies

Odash uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the dashboard. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy-related questions or data requests, contact us at: connor@getodash.com