Summary — What This Document Covers
This policy defines who at Qord can access customer data, under what circumstances, and how every access is tracked. It is designed to give customers verifiable confidence that their data is not accessible to Qord personnel in day-to-day operations.
1. Policy Overview
Qord operates as a managed SaaS platform built on Supabase (PostgreSQL). Customer data — including guest information, booking records, and operational data — is stored in encrypted form. This policy establishes the technical and procedural controls that prevent unauthorised or routine access to that data by Qord personnel.
This policy applies to:
- All current and future Qord employees and contractors
- Any third-party services with data access (listed in Section 5)
- All production environments containing real customer data
2. Data Infrastructure
2.1 Where Data Lives
| Database | Supabase managed PostgreSQL (AWS ap-south-1 — Mumbai) |
| Application | Vercel Edge Network — encrypted in transit (TLS 1.3) |
| Encryption at rest | AES-256 — enforced by Supabase on all data |
| Backups | Supabase automated daily backups — encrypted |
| File storage | Supabase Storage — access controlled via RLS policies |
2.2 Row Level Security (RLS)
All tables containing customer data have Row Level Security (RLS) enforced at the PostgreSQL level. This means:
- Each tenant's data is isolated at the database query level — not just the application level
- Even if application-layer access controls failed, RLS prevents cross-tenant data leakage
- No query can return data outside the authenticated tenant's scope without explicit policy override
3. Who Can Access Production Data
3.1 Current Access Roster
| Role | Access Level | Permitted Circumstances |
|---|---|---|
| Founder (sole access holder) | Supabase Dashboard | Incident investigation, support escalation, system maintenance — logged only |
| Future engineers / contractors | None by default | Must follow access request procedure in Section 4 before any access is granted |
| Supabase (infrastructure) | Infra-level only | Governed by Supabase DPA and GDPR-compliant sub-processor agreement |
3.2 No Standing Access Policy
Qord operates a no standing access model for production data. This means:
- Production data is not queried as part of normal development or product work
- Access to the Supabase dashboard is used only when a specific, documented reason exists
- Customer data is never used for testing — anonymised or synthetic data is used instead
- No customer data is ever copied to local development environments
4. Access Request Procedure
Any access to production customer data — by the founder or any future team member — must follow this procedure:
Step 1 — Log a reason
Before accessing production data, create a ticket in the internal issue tracker (Linear / Notion) with: the specific reason, the data scope being accessed, and the expected duration.
Step 2 — Access and document
Perform only the actions required. If queries are run, note the query and result summary (not raw data) in the ticket.
Step 3 — Close the ticket
Mark the access as complete. If a customer-affecting issue was resolved, notify the customer via email.
✅ When Access is Permitted
- Active incident investigation where customer data is required to diagnose the issue
- Explicit written request from the customer for support on their own data
- Legal obligation (e.g., court order, regulatory investigation)
- Routine maintenance that cannot be performed without data inspection — documented in advance
❌ Access is Never Permitted For
- Curiosity, product research, or analytics without explicit customer consent
- Training AI/ML models on customer data
- Sharing data with third parties outside of listed sub-processors
- Any commercial purpose not stated in the Qord Privacy Policy
5. Third-Party Sub-Processors
The following services have infrastructure-level access to Qord customer data as part of providing the platform. All are bound by Data Processing Agreements (DPAs).
| Service | Purpose | Data Location | DPA / Compliance |
|---|---|---|---|
| Supabase | Database, auth, storage | AWS ap-south-1 (Mumbai) | GDPR DPA, SOC 2 Type II |
| Vercel | Application hosting, CDN | Global edge / US-East | GDPR DPA, SOC 2 Type II |
6. Monitoring & Audit Trail
Qord maintains the following monitoring in place to detect and respond to unauthorised access:
- Supabase dashboard access is tied to a single authenticated account with a strong, unique password and MFA enabled
- Supabase logs all SQL queries executed via the dashboard and API — retained for 7 days (free tier) or longer on paid plans
- All access incidents are logged in the internal issue tracker with reason, timestamp, and resolution
- Vercel deployment logs capture all API calls and server-side operations
As the platform grows, Qord will implement centralised log aggregation (e.g., Axiom or Datadog) and automated alerting for anomalous data access patterns prior to pursuing SOC 2 Type II certification.
7. Your Rights as a Customer
Every Qord customer has the following rights with respect to their data:
Right to access
Request a full export of all data Qord holds about your organisation
Right to deletion
Request permanent deletion of all data from Qord systems
Right to correction
Request amendment of inaccurate data
Right to portability
Receive data in a machine-readable format (JSON/CSV)
Right to object
Object to any processing not strictly necessary for service delivery
To exercise any of these rights, email: privacy@qord.in
Qord will respond to all data rights requests within 30 days, in line with GDPR and India DPDPA requirements.
8. Data Breach Notification
In the event of a confirmed or suspected data breach affecting customer data, Qord will:
Notify affected customers within 72 hours of becoming aware of the breach (GDPR requirement)
Provide details of what data was affected, how, and what remediation steps were taken
Report to the relevant data protection authority where legally required
Conduct a post-incident review and update controls to prevent recurrence
Policy Owner
Owner
Founder, Qord
Contact
Review cycle
Annually, or after any significant infrastructure change
Next review due
February 2027
Version
1.1 — Updated February 24, 2026