Privacy Policy

Last Updated: June 12, 2026

01. Our Philosophy

Accordia is built to facilitate better management and healthier teams. We believe in radical transparency: we only collect what we absolutely need to run the platform, and we firmly protect the boundary between our software and your company's private data.

02. Data Controller vs. Data Processor

Because Accordia is a business-to-business (B2B) platform, it is important to clarify how data is handled under privacy laws like the GDPR:

  • You (The Workspace Owner/Manager) are the Data Controller. You decide who is invited to your workspace, what questions are asked in 1-on-1 sessions, and what notes are recorded. You own this data entirely.
  • Accordia is the Data Processor. We provide the secure infrastructure to store, organize, and process this data exclusively on your behalf. We do not mine, read, or sell your workspace data.
  • Employees (Data Subjects): If you are an employee using Accordia, your employer controls your data. Requests to export, amend, or delete your 1-on-1 records should be directed to your workspace manager. Accordia provides managers with the tools to easily fulfill these requests.

Our lawful basis for processing your account information (name, email, and workspace data) is the performance of a contract (UK GDPR Art. 6(1)(b) / EU GDPR Art. 6(1)(b)) — we need this data to provide the Accordia service you or your employer signed up for.

03. Data We Collect & Store

To provide our service, we process the following information securely:

  • Account Information: Names and email addresses used to create accounts and authenticate users.
  • Workspace Data: Organization names, user roles, 1-on-1 session templates, and meeting notes. This data is strictly partitioned using Row Level Security (RLS) ensuring it is only accessible by authorized members of your specific workspace.
  • Zero Spam / Zero Selling: We use your email strictly for core application notifications (like invites or password resets) and major product updates. We will never sell your data to third parties.

04. The Interactive Demo (Your Privacy)

Our public "Try our demo" feature is designed with a Privacy-First architecture.

  • Local Storage: Any data you enter during the demo (meeting notes, agenda items, feedback) is stored locally in your browser's memory.
  • No Server Sync: This data is never sent to our servers and never touches our database.
  • Clearing Data: You can wipe this data at any time by clearing your browser cache or clicking the "Try our demo" button again, which triggers a session reset.

05. Third-Party Partners & Analytics

We use a small number of trusted, compliance-focused partners to run this site:

  • Supabase: For secure database management, authentication, and data storage.
  • Vercel: For hosting and performance monitoring. We use Vercel Web Analytics to understand site traffic. These tools are cookieless and do not collect or store any personally identifiable information.
  • Paddle: For payment processing and subscription billing. Paddle acts as the merchant of record for paid subscriptions and processes payment details, billing name/email, and transaction history on our behalf. Paddle does not have access to your workspace data (session notes, action items, etc.). See Paddle's Privacy Policy for details.
  • PostHog: For product analytics, hosted on EU servers at eu.i.posthog.com. PostHog analytics are off by default — they are only activated after you click "Accept" on the cookie banner when you first visit the site. We track page views, session behaviour, and form submissions. We do not track individual keystrokes, form content, or any personally identifiable information beyond what you explicitly submit. All PostHog data is processed and stored in the EU. To revoke consent, clear your browser's local storage key accordia_analytics_consent for this site, or email us and we will walk you through it.
  • Workspace Preference Cookie: We store a single functional cookie (accordia_last_org) that remembers which workspace you were last viewing. It contains no personal data, expires after 30 days, and is used solely to preserve your workspace selection across sessions. This cookie is strictly necessary for the application to function as expected and does not require consent under applicable privacy regulations.

06. Data Retention, Deletion & Contact

We retain your account and workspace data for as long as your account or workspace remains active. Workspace owners can delete their organization and all associated data at any time. Due to our database architecture, deleting a workspace permanently and instantly removes all associated member records and session data from our systems — this is not a soft delete. Individual users can permanently delete their own account at any time from Account Settings → Danger Zone. Beyond this, we do not retain copies of deleted data, aside from standard short-lived infrastructure backups maintained by our hosting providers for disaster-recovery purposes.

If you have questions about our privacy practices, please email George at george@getaccordia.com.

07. Your GDPR Rights

Under the UK GDPR (Data Protection Act 2018) and EU GDPR (Regulation 2016/679), you have the following rights over your personal data. All requests are fulfilled free of charge within one calendar month.

  • 15

    Right of Access

    Request a copy of all personal data Accordia holds about you. You can download it directly from Account Settings → Export Your Data.

  • 16

    Right to Rectification

    Update your display name at any time from Account Settings → Display Name. To correct other records, contact your workspace owner or email us.

  • 17

    Right to Erasure

    Delete your account at any time from Account Settings → Danger Zone. Workspace owners can also delete their entire organisation, which permanently removes all associated data.

  • 20

    Right to Data Portability

    Download your data in structured, machine-readable JSON format from Account Settings → Export Your Data. Workspace owners can additionally export all organisation data.

08. What We Hold About You

The personal data Accordia stores depends on your role within a workspace. The table below shows what each role's export includes. All data is scoped to your own activity — Accordia never shares one user's private data with another without explicit organisational permission.

Data categoryEmployeeManagerOwner
Profile + auth (name, email)
Org memberships + role
Sessions you participated in (incl. manager notes)
Sessions you conducted as manager
Action items assigned to you
Action items you created
Private forms you created
Org templates you created
ALL org members' data✓ controller
ALL org sessions✓ controller
ALL org action items✓ controller
ALL org forms + templates✓ controller

✓ controller — Owners access this data in their capacity as data controller to fulfil subject access requests from their staff, not as a personal data subject right.