Tenant
A tenant is the isolated customer workspace inside Ordinavo. Customer records, locations, contacts, targets, appointments, visit reports, timeline entries, imports and webhooks belong to a tenant.
Customer Operations Privacy
Ordinavo Customer Operations connects customers, locations, contacts, recurring visits, visit reports and operational history. This page explains what data can be involved and how visibility is controlled.
Precise language helps separate tenant data, customer records, Ordinavo users, mobile execution and outbound integration messages.
A tenant is the isolated customer workspace inside Ordinavo. Customer records, locations, contacts, targets, appointments, visit reports, timeline entries, imports and webhooks belong to a tenant.
A Ordinavo customer is a business or organization that is managed inside a tenant. It can have locations, contact persons, recurring visits, targets, visit reports and timeline history.
A customer contact is a person associated with a customer or location, such as a site contact, store manager, technical contact or operations contact.
A Ordinavo user is a person with access to Ordinavo, such as tenant admin, manager, dispatcher or mobile employee. Employee access is not automatically CRM administration.
A visit report is a structured operational record created after a field visit. It can contain result, status, summary, problems, attachments, follow-up needs and billable signals.
The customer timeline is a chronological operational history built from targets, appointments, route stops, recurring visits, visit reports, follow-ups and imported work.
A webhook payload is a structured event message sent from Ordinavo to a configured external endpoint. Depending on configuration, it can include customer, location, contact, target, appointment, visit report or billing trigger context.
The exact data depends on tenant configuration, enabled features and the operational process.
| Category | Examples | Privacy note |
|---|---|---|
| Customer records | Customer name, customer number, status, type, industry, general contact channels, external references and notes if configured. | Customer numbers are stored on customer records and are not used as separate target identifiers. |
| Locations | Location name, address, city, country, coordinates, access notes, parking notes, default work time and default priority. | Access notes can contain sensitive operational hints and should not be more detailed than needed. |
| Contact persons | Name, role, department, email, phone, mobile, preferred contact method and location association. | Contact persons can be people at the tenant customer's customer, not Ordinavo users. |
| Targets, appointments and routes | Operational task title, status, priority, due date, planned appointment time, assigned employee, route stop, work time and travel context. | Planning data is used to organize work and should stay tied to the tenant context. |
| Mobile execution data | Status updates, comments, photos or attachments, problem reports, completion timestamps and location context where enabled. | Location data may be processed when enabled and when needed for operational documentation, routing or status verification. |
| Visit reports | Report title, report status, result, summary, problems, follow-up requirement, attachments, billable signal and approval status. | Visit reports may contain free text. Customers should avoid unnecessary personal or sensitive data. |
| Timeline entries | Targets, appointments, route stops, recurring visits, visit reports, follow-ups, imported jobs and webhook-relevant events. | The timeline aggregates existing Ordinavo records; it is not an additional tracking profile. |
| Customer Portal data | Portal users, portal invitations, portal access grants, portal requests, shared visit reports, shared attachments, reduced portal timeline entries, login events and security events. | Portal users only see explicitly allowed customer or location data. Reports and attachments must be explicitly published before portal users can access them. |
| Connect and webhook data | External IDs, source system references, import job status, mapping warnings, webhook delivery metadata, payload content, delivery attempts and error responses. | Webhook delivery logs can include target URL information or limited payload context depending on configuration and retention. |
Customer Portal
Where the Customer Portal is used, customer contacts may access shared operational information such as appointments, submitted requests, published visit reports, selected attachments and reduced timeline entries. Portal access is controlled by invitations, access grants and tenant configuration.
Customer Portal is external human access. Ordinavo Connect is system-to-system integration. Webhooks are outgoing event payloads.
Visit reports are not automatically visible in the portal. Attachments are not automatically downloadable. Internal notes, billing data, webhook data and integration metadata are not part of the customer portal view.
To connect operational work with the right customer, site and contact person.
To plan appointments, route stops, work time and mobile execution.
To provide employees with task context and allow status updates on site.
To document what happened, what was completed and whether follow-up is required.
To provide a chronological operational history for managers and dispatchers.
To import external work and return status, report, follow-up and billing events to connected systems.
To protect accounts, diagnose errors, verify delivery and maintain system integrity.
Responsibility model
For customer records, contact persons, targets, appointments, visit reports, timeline entries and imported operational data, the Ordinavo tenant customer typically determines why the data is entered, which people are added and how long records should be retained.
In this context, Ordinavo is designed to act as a processor for tenant-controlled operational data, while the tenant customer remains responsible for the lawful basis, internal policies and user instructions for that data.
In customer-controlled or on-premise deployments, responsibilities may differ depending on the contractual and technical setup. Ordinavo can provide the software and technical documentation, while infrastructure operation, backups, access management and local data retention may be controlled by the customer.
Actual permissions depend on the configured role model, feature gates and tenant settings.
| Data / Feature | Tenant Admin | Manager | Employee | Integration |
|---|---|---|---|---|
| Customer profile | Full | View | Limited | No direct UI |
| Location/address | Full | View | Assigned | Via API if scoped |
| Contact details | Full | View | Assigned | Optional in webhooks |
| External references | Full | Limited | No | API/source scoped |
| Visit reports | Full | View | Own/assigned | Event-based |
| Internal notes | Full/Manager | Manager | No | No |
| Billing trigger details | Full | Limited | No | Optional webhook |
| Webhook settings | Full | No | No | No |
| API keys | Full | No | No | Secret |
Employee visibility by design
Ordinavo separates full customer administration from mobile execution context. Mobile employees see operationally relevant information for their assigned work and should not receive administrative CRM, integration or billing data unless a role and configuration explicitly require it.
Visit reports can contain structured results, problem notes, follow-up information and attachments. Because reports may include free text or uploaded files, organizations should define internal rules for what should and should not be entered.
The customer timeline aggregates existing operational events. It helps managers understand what happened for a customer over time, including open work, completed appointments, recurring visits, visit reports and follow-ups.
The timeline does not create a separate tracking profile. It presents existing Ordinavo records in chronological order, with previews and full details governed by the underlying object permissions.
Retention periods can depend on the deployment model, contract, tenant configuration and operational requirements. Ordinavo is designed so that operational data such as customers, visit reports, attachments, timeline records, imports and webhook delivery logs can be governed through tenant and deployment policies.
Retention and deletion policies should be defined in the customer agreement and implemented according to the selected deployment model.
Ordinavo can record important operational actions such as customer changes, target creation, recurring visit generation, visit report status changes, webhook delivery attempts and integration activity.
Application logs are used for diagnostics and security monitoring and should avoid storing full free-text content, secrets or unnecessary personal data.
We can review customer records, contacts, visit reports, timeline history, attachments, Connect imports and webhook payloads for your rollout.