Legal Notice & Privacy Policy

Last updated: June 2026

1. Data Controller

The ORMdoo service is published and operated by:

Olivier Remacle
Switzerland
Contact: info@ormdoo.com

2. Hosting

The ORMdoo platform and client VPS servers are hosted exclusively with:

Infomaniak Network SA — Geneva, Switzerland (ISO 27001, sovereign data)

No data is transferred to sub-processors outside Switzerland or the EU, except Stripe for payment processing.

3. Data Collected and Purposes

Name and email address — account creation, service-related communication
Payment data — managed exclusively by Stripe (PCI-DSS). ORMdoo stores no card numbers.
Chosen subdomain — technical identifier for the client's VPS
Connection logs — for security and diagnostic purposes (retention: 30 days)
Odoo data — stored on the client's dedicated VPS, not accessible to ORMdoo except upon explicit assistance request

4. Cookies and Tracking

The website ordoo.online uses no third-party cookies, no advertising trackers, and no third-party analytics tools.

A session cookie is set upon login to maintain authentication. It is deleted upon logout or after session expiration.

5. Retention Period

Account data: duration of subscription + 12 months after cancellation
Billing data: 10 years (legal accounting requirement)
Connection logs: rolling 30 days
Client Odoo data: deleted with the VPS within 24 hours of cancellation

6. Data Sharing

Personal data is never sold or transferred to third parties for commercial purposes. It may be shared with:

Stripe (Stripe Inc., USA) — payment processing, subject to EU Standard Contractual Clauses
Infomaniak (Switzerland) — hosting provider, limited infrastructure access

7. Your Rights

Under the GDPR (EU 2016/679) and the Swiss nFADP (in force since September 2023), you have the following rights:

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to data portability
Right to object and to restriction of processing

To exercise these rights: info@ormdoo.com

If your request is not resolved, you may contact the competent supervisory authority (ICO for the UK, PFPDT for Switzerland, or your national DPA).

8. Security

All communications encrypted with TLS 1.2+ across all endpoints
Full isolation: each client has a dedicated VPS (no shared infrastructure)
Admin access protected by TOTP (two-factor authentication)
On-demand encrypted backups, stored on the client's VPS

9. Changes

This policy may be updated. Significant changes will be notified by email to active clients. The date of the last update is shown at the top of this page.