Kordic CRM, a product of Diggit Software Solutions Co. LLC ("Diggit", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, view our advertisements, or use our customer relationship management software and related services (collectively, the "Service").
This policy applies to:
- Visitors to https://kordic.io and any sub-pages
- Users who interact with our advertisements on third-party platforms (including Meta, Google, LinkedIn, and others)
- Users who sign up for the Service (trial or paid)
- Anyone who contacts us or submits a form on our website
01 Information We Collect
- Account registration information (name, email address, company name, password)
- Workspace and team member information
- Lead and customer data you enter into the CRM
- Payment information processed through Stripe (we do not store card details)
- Communications and notes you create within the platform
- Files and documents you upload
- Information you submit via contact forms, demo requests, or lead forms on our website or landing pages
When you visit our website, view our ads, or use the Service, we and our third-party partners automatically collect:
- Log data — IP address, browser type and version, pages visited, referring URL, timestamps, time spent on pages
- Device information — device type, operating system, screen resolution, unique device identifiers
- Usage data — features used, actions taken within the platform, click patterns
- Location data — approximate geographic location derived from IP address (country and city level)
- Cookies and similar tracking technologies — see Section 4 below for full details
When you interact with our advertisements on platforms such as Meta (Facebook, Instagram), Google Ads, LinkedIn, or similar services, we and these platforms may collect:
- Your interaction with the ad (impressions, clicks, video views)
- Conversion events (form submissions, sign-ups, purchases)
- Website activity after clicking an ad (pages visited, actions taken)
- Audience information used by the platform to optimise ad delivery
- Gmail integration — email metadata, subject lines, sender/recipient information, and email body content when you connect your Gmail account
- Google OAuth — your Google account email address and basic profile information
02 How We Use Your Information
- To provide, maintain, and improve the Service
- To process transactions and send related information including purchase confirmations and invoices
- To send administrative information such as changes to our terms and policies
- To respond to comments, questions, and requests
- To detect and prevent fraudulent transactions and other illegal activities
- To generate AI-powered insights and briefings using Anthropic's Claude API (see Section 5)
- To serve you relevant advertisements on third-party platforms including Meta, Google, LinkedIn, and TikTok
- To measure the effectiveness of our advertising campaigns
- To retarget visitors who have interacted with our website or ads
- To build lookalike audiences based on our existing users (no personal data is shared with platforms for this — only hashed identifiers where permitted)
- To send marketing communications where you have opted in or where permitted by law
- To analyse visitor behaviour to improve our website, landing pages, and ad creative
- To monitor and analyse usage patterns to improve user experience
- To produce aggregated statistics about our website and Service usage
- To comply with applicable laws, regulations, and legal processes
- To enforce our Terms of Service
- To protect the rights, property, or safety of Diggit, our users, or others
03 Legal Bases for Processing
Where applicable data protection law requires us to identify a lawful basis (EU / UK / UAE / Pakistan), we rely on:
| Basis | When we use it |
|---|---|
| Contract | Processing necessary to provide the Service you have signed up for |
| Legitimate interests | Security, fraud prevention, basic analytics, and limited direct marketing to existing customers about similar services, balanced against your rights and interests |
| Consent | Advertising cookies, marketing communications to non-customers, and any optional features where consent is specifically requested |
| Legal obligation | Where we must process data to comply with law (e.g., tax records, responding to lawful requests from authorities) |
04 Cookies and Tracking Technologies
Cookies are small text files stored on your device when you visit a website. We and our partners use cookies and similar technologies (pixels, web beacons, local storage, SDKs) to recognise you, remember your preferences, analyse site usage, and deliver advertising.
When you first visit kordic.io you will see a cookie banner allowing you to accept all cookies, reject non-essential cookies, or customise your preferences. You can change your preferences at any time by clicking the "Cookie Preferences" link in our website footer.
Mobile users can limit ad tracking through device settings (iOS: Settings › Privacy › Tracking; Android: Settings › Google › Ads).
05 AI Features and Data Processing
Kordic CRM uses Anthropic's Claude API to power AI features including pre-call briefings and deal health scores. When you use these features, relevant lead data (including notes, deal information, and contact details) is sent to Anthropic's API for processing.
06 Gmail Integration
When you connect your Gmail account, Kordic CRM accesses your Gmail data solely to display email history related to your leads and to send emails on your behalf. We store OAuth tokens securely to maintain your connection.
- We do not read, store, or analyse emails unrelated to your leads
- You can disconnect Gmail at any time from within the application, which will revoke our access to your Gmail data
07 How We Share Your Information
We do not sell your personal information as defined by most privacy laws. We share your information with:
08 Data Retention
| Data type | Retention period |
|---|---|
| Account data | Retained while account is active; deleted within 30 days of account closure |
| Payment records | 7 years for tax and legal compliance |
| Marketing lists | Until you unsubscribe or request deletion |
| Website analytics | Typically 14 months (Google Analytics default) |
| Advertising cookies | Varies by platform, typically 30–180 days |
| Support communications | 3 years |
If you wish to delete your account, contact us at sales@kordic.io. We will delete your data within 30 days, except where we are required to retain it for legal or regulatory purposes.
09 Security
We implement industry-standard security measures including:
- Encryption in transit (TLS)
- Encrypted storage
- Row-level security on our database
- Access controls and least-privilege principles
- Regular security audits
10 Your Rights
If you are located in the EEA, UK, or Switzerland, you have additional rights under GDPR or UK GDPR, including the right not to be subject to solely automated decision-making and the right to restriction of processing. Our representative for GDPR inquiries: sales@kordic.io
California residents have the right to know, delete, correct, and opt out of sale or sharing of personal information. Our use of advertising cookies and pixels (Meta, Google, LinkedIn, TikTok) may constitute "sharing" for cross-context behavioural advertising under CPRA. To opt out, click "Do Not Sell or Share My Personal Information" in our website footer, or adjust your cookie preferences to reject advertising cookies.
Residents of states with comprehensive privacy laws and residents of the UAE (UAE PDPL) and Pakistan (Personal Data Protection Act 2023) have rights to access, correction, deletion, and objection to processing. Contact sales@kordic.io to exercise these rights.
11 International Data Transfers
Diggit Software Solutions Co. LLC is based in the United Arab Emirates. Our service providers are located in various countries including the United States and European Union. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms as permitted by GDPR.
12 Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us at sales@kordic.io and we will delete the information.
13 Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature. Because no common industry standard for DNT has been adopted, we do not currently respond to DNT signals. You can manage tracking through our cookie banner and the opt-out mechanisms described in Section 4.
14 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes that affect your rights, we will provide prominent notice (such as by email or a notice on our website) at least 30 days before the changes take effect.
15 Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: