Last updated: March 23, 2026
Cordiqa ("Service") is operated by YDevOps, an Israeli Sole Proprietorship (Licensed Dealer) ("Company", "we", "us"). YDevOps is the data controller responsible for your personal information collected through the Service. For questions about your data, contact us at privacy@cordiqa.io.
We collect the following categories of personal data:
We use your information to: (a) provide and maintain the Service; (b) authenticate your identity and manage your account; (c) facilitate communication between Suppliers and Clients; (d) send service-related notifications and transactional emails; (e) improve and develop new features; (f) ensure security and prevent fraud; (g) process payments and manage subscriptions.
We process your personal data on the following legal grounds:
We use the following third-party services that process your data on our behalf:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Clerk | Authentication | Email, name, session data | United States |
| Supabase | Database & storage | All service data | United States |
| Vercel | Hosting | All transmitted data | United States / Global edge |
| Resend | Email delivery | Email addresses, notification content | United States |
| HubSpot | CRM sync (optional) | Contacts, tickets, files | United States |
| Stripe | Payment processing | Payment method, billing info | United States |
Each sub-processor operates under its own privacy policy and data processing agreement. We will notify you of material changes to this sub-processor list via email or through the Service. For full details on sub-processor obligations, see our Data Processing Agreement.
We do not sell your personal information. We share data only: (a) between Suppliers and their Clients as necessary to provide the Service; (b) with the sub-processors listed above; (c) when required by law or to protect our rights.
Cordiqa platform usage. When you create a Cordiqa account, your basic account information (name and email) may be linked to our own Cordiqa workspace for the purpose of demonstrating the Service and providing support. This does not expose your data to other users. You can contact us to remove this link at any time.
Your personal data may be transferred to and processed in countries outside your country of residence, including the United States, where our sub-processors operate.
Israel holds an adequacy decision from the European Commission (Decision 2011/61/EU), meaning the European Commission has recognized Israel as providing an adequate level of data protection. For onward transfers from Israel to the United States, we rely on the safeguards implemented by our sub-processors, including Standard Contractual Clauses (SCCs) where applicable.
We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest. OAuth tokens for third-party integrations are stored encrypted using AES-256-GCM. Authentication is handled by Clerk, a SOC 2 compliant provider. However, no method of transmission over the Internet is 100% secure.
In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authorities as required by applicable law, including within 72 hours where required by the GDPR.
Depending on your location, you may have the following rights regarding your personal data:
Israeli residents: you have rights under the Privacy Protection Law (5741-1981), including the right to access, correct, and delete your data. You may file a complaint with the Israeli Privacy Protection Authority (PPA) at gov.il/privacy.
EU/EEA residents: you have additional rights under the GDPR, including the right to lodge a complaint with your local supervisory authority.
To exercise any of these rights, contact us at privacy@cordiqa.io. We will respond to your request within 30 days.
When Suppliers use Cordiqa to manage their Clients' data, the Supplier acts as the data controller and YDevOps acts as the data processor for that Client data. If you are a Client and wish to exercise your data rights regarding data managed by a Supplier, please contact your Supplier directly in the first instance. Our Data Processing Agreement (DPA) governs this relationship, covering sub-processors, security measures, breach notification, data subject rights, and international transfers.
We send transactional emails related to your use of the Service, such as ticket updates, message notifications, and team invitations. All emails include an unsubscribe link compliant with RFC 8058 (one-click unsubscribe). You can manage your email notification preferences from your account settings or via the email preferences page. Transactional emails essential to the operation of your account (such as security alerts) cannot be opted out of while your account is active.
We use essential cookies required for authentication and Service functionality. We do not use tracking, analytics, or advertising cookies. If we introduce analytics in the future, we will update this policy and provide appropriate notice and consent mechanisms.
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. All significant decisions regarding your account are made by humans.
The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance via email or through the Service. Your continued use of the Service after the effective date of the changes constitutes acceptance of the updated policy. Previous versions of this policy are available upon request.
YDevOps, operating as Cordiqa.
If you have questions about this Privacy Policy or your data, contact us at privacy@cordiqa.io.