Introduction
Mikestudio ("we", "us", or "our") operates OrdoDesk, a SaaS-based Employee Management and Operational Workflow Platform (the "Platform"). We are committed to protecting the privacy and security of the personal data entrusted to us by the organisations and individuals who use our services.
This Privacy Policy explains how we collect, use, store, protect, and disclose personal data when you or your organisation accesses and uses the OrdoDesk Platform and its associated services (collectively, the "Services").
By accessing or using OrdoDesk, your organisation (and its authorised users) agrees to the practices described in this Privacy Policy. If you do not agree, you or your organisation should discontinue use of the Services.
Who We Are
OrdoDesk is a product of Mikestudio, incorporated and operating under the laws of India. Our Services are primarily made available to business organisations and their employees.
For privacy-related inquiries, please contact us at:
Scope of This Policy
This Privacy Policy applies to:
- ›All organisational customers ("Organisations") that subscribe to OrdoDesk
- ›All individual users ("Users") including Managers, Admins, and Employees, who are added to the Platform by their Organisation
- ›All data processed through the OrdoDesk Platform, including tasks, meetings, Minutes of Meeting (MOM), team structures, comments, and notifications
OrdoDesk is a business-to-business (B2B) platform. Individual users do not sign up directly — access is granted by the Organisation. The Organisation is responsible for ensuring that its employees are made aware of this Privacy Policy.
Personal Data We Collect
We collect and process the following categories of personal data:
4.1 Account and Identity Data
When an Organisation creates an account and adds users, we collect:
- ›Full name
- ›Email address
- ›Job title and department
- ›Role within the platform (Manager / Admin or Employee)
- ›Reporting relationships and organisational hierarchy
4.2 Operational and Content Data
As users interact with the Platform, the following data is created and stored:
- ›Tasks — titles, descriptions, due dates, priorities, assigned personnel, subtasks, progress status, and comments
- ›Meetings — titles, dates, times, durations, participant lists, meeting types (online/offline), and links
- ›Minutes of Meeting (MOM) — summaries, discussion points, decisions, and action items derived from meetings
- ›Team and department information — department names, codes, leads, member lists, and sub-team structures
- ›Checklist items — personal to-do entries created by individual users
- ›Notifications — records of alerts, reminders, and activity updates delivered to users
4.3 Technical and Usage Data
We automatically collect certain technical data to operate and improve our Services:
- ›IP address and device type
- ›Browser type and operating system
- ›Session activity — login times, feature usage, and navigation patterns
- ›System logs for error tracking and security monitoring
4.4 Communication Data
When users communicate through the Platform — via task comments or notifications — the content and metadata of those communications are stored as part of the operational record.
How We Use Your Personal Data
We use the personal data we collect for the following purposes:
5.1 Providing and Operating the Platform
- ›Creating and managing user accounts
- ›Enabling task assignment, tracking, and approval workflows
- ›Facilitating meeting scheduling, MOM creation, and operational documentation
- ›Managing teams, departments, and hierarchical structures
- ›Delivering dashboard overviews, activity feeds, and timeline tracking
5.2 Notifications and Communications
- ›Sending email and in-platform notifications for task assignments, meeting invitations, reminders, and overdue alerts
- ›Delivering operational updates relevant to a user's role and responsibilities
- ›Sending transactional communications necessary for service operations (e.g., account setup, password resets)
5.3 Accountability and Governance
- ›Maintaining audit trails of decisions, task assignments, and execution progress
- ›Supporting managerial oversight through dashboards and reporting
- ›Enabling the Responsible/Accountable task model to function as designed
5.4 Platform Improvement
- ›Analysing aggregated and anonymised usage data to improve features and performance
- ›Identifying and resolving technical issues and security vulnerabilities
5.5 Legal and Compliance Obligations
- ›Complying with applicable laws, regulations, and lawful requests from authorities
- ›Defending our legal rights and the rights of our users where necessary
Data Storage and Hosting
OrdoDesk hosts all data on its own self-managed servers. We do not use third-party cloud hosting infrastructure (such as AWS, Google Cloud, or Azure) for primary data storage. All servers are maintained and secured directly by Mikestudio.
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include access controls, encryption in transit (HTTPS/TLS), and internal security policies governing data handling.
In the event of a data breach that affects personal data, we will notify affected Organisations and relevant regulatory authorities as required by applicable law.
Third-Party Service Providers
To deliver certain features of the Platform, we engage the following third-party service providers ("Sub-Processors"):
7.1 Agora (Meeting Infrastructure)
OrdoDesk uses Agora to power real-time online meeting functionality within the Platform. When online meetings are conducted, meeting session data (such as participant identifiers and session metadata) may be processed by Agora under its own privacy policy.
7.2 Brevo (Email Delivery)
OrdoDesk uses Brevo to deliver email notifications to users — including task assignment notifications, meeting invitations, and operational reminders. Email addresses and notification content are shared with Brevo solely for the purpose of delivering these communications.
Data Access and Role-Based Visibility
- ›Employees can only view tasks assigned to them, meetings they are invited to, and their own checklist items
- ›Managers and Admins can view tasks, meetings, MOMs, and team data within their organisational scope
- ›Meeting details and MOM content are only accessible to invited participants
- ›Organisational administrators have broader visibility for operational oversight, including dashboards and activity timelines
Mikestudio personnel do not access the content of organisational data except where strictly necessary for technical support or security purposes.
Data Retention
We retain personal data for as long as an Organisation's account remains active. Upon account termination:
- ›All organisational data — user accounts, tasks, meetings, MOMs, team data — will be permanently deleted
- ›Deletion will be carried out in accordance with our internal data removal procedures
- ›Residual data in encrypted backup systems will be purged in accordance with our backup rotation schedule
Users or Organisations may request data deletion at any time by contacting ordodeskadmin@gmail.com.
Your Rights Regarding Personal Data
- ›Right of Access — request a copy of the personal data we hold about you
- ›Right to Correction — request correction of inaccurate or incomplete personal data
- ›Right to Deletion — request deletion of your personal data, subject to legal retention requirements
- ›Right to Restriction — request that we restrict processing of your personal data in certain circumstances
- ›Right to Data Portability — request a structured, machine-readable copy of your data where technically feasible
To exercise any of these rights, contact us at ordodeskadmin@gmail.com. We will respond within a reasonable timeframe as required by applicable law.
Children's Privacy
OrdoDesk is a professional business platform intended solely for organisations and their employees. We do not knowingly collect personal data from individuals under the age of 18. If you have knowledge of such usage, please notify us at ordodeskadmin@gmail.com.
Artificial Intelligence Features
OrdoDesk currently offers limited AI-assisted features that operate on data already present within the Platform. We do not share organisational or personal data with external AI service providers for these features.
Where any future AI features involve sharing data with third-party providers, we will update this Privacy Policy and notify Organisations in advance with the option to enable or disable such features.
Data Security
- ›Encrypted data transmission using HTTPS/TLS for all Platform communications
- ›Access controls and role-based permissions to restrict data access to authorised users only
- ›Internal security policies governing how personnel interact with organisational data
- ›Regular monitoring of systems for unauthorised access or anomalous activity
We encourage Organisations to maintain strong password practices and to report any suspected security incidents to ordodeskadmin@gmail.com.
Third-Party Websites and Integrations
The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those external sites. This Privacy Policy applies solely to data processed by OrdoDesk.
International Users
OrdoDesk is incorporated and operated in India and is primarily governed by applicable Indian data protection laws, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023 (DPDPA).
If your Organisation is based outside India, please be aware that your data will be processed in India. By using the Platform, your Organisation consents to such processing.
Organisation Responsibilities
Organisations acting as data controllers are responsible for:
- ›Informing their employees about this Privacy Policy and the use of OrdoDesk
- ›Ensuring they have the appropriate legal basis to provide employee data to the Platform
- ›Managing user access, including adding and removing users in a timely manner
- ›Complying with applicable data protection laws in their own jurisdiction
Changes to This Privacy Policy
When we make material changes, we will:
- ›Update the "Last Updated" date at the top of this document
- ›Notify Organisations via email or a prominent notice within the Platform
- ›Provide a reasonable period of advance notice before material changes take effect
Continued use of the Platform after the effective date constitutes acceptance of the revised terms.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
This Privacy Policy is effective as of May 2026 and supersedes all prior versions.
© 2026 Mikestudio. All rights reserved. OrdoDesk is a product of Mikestudio.