Customer Operations Privacy

Privacy for customer operations

Ordinavo Customer Operations connects customers, locations, contacts, recurring visits, visit reports and operational history. This page explains what data can be involved and how visibility is controlled.

Definitions

Precise language helps separate tenant data, customer records, Ordinavo users, mobile execution and outbound integration messages.

Tenant

A tenant is the isolated customer workspace inside Ordinavo. Customer records, locations, contacts, targets, appointments, visit reports, timeline entries, imports and webhooks belong to a tenant.

Ordinavo customer

A Ordinavo customer is a business or organization that is managed inside a tenant. It can have locations, contact persons, recurring visits, targets, visit reports and timeline history.

Customer contact

A customer contact is a person associated with a customer or location, such as a site contact, store manager, technical contact or operations contact.

Ordinavo user / employee

A Ordinavo user is a person with access to Ordinavo, such as tenant admin, manager, dispatcher or mobile employee. Employee access is not automatically CRM administration.

Visit report

A visit report is a structured operational record created after a field visit. It can contain result, status, summary, problems, attachments, follow-up needs and billable signals.

Customer timeline

The customer timeline is a chronological operational history built from targets, appointments, route stops, recurring visits, visit reports, follow-ups and imported work.

Webhook payload

A webhook payload is a structured event message sent from Ordinavo to a configured external endpoint. Depending on configuration, it can include customer, location, contact, target, appointment, visit report or billing trigger context.

What data can be processed in Customer Operations?

The exact data depends on tenant configuration, enabled features and the operational process.

Category Examples Privacy note
Customer records Customer name, customer number, status, type, industry, general contact channels, external references and notes if configured. Customer numbers are stored on customer records and are not used as separate target identifiers.
Locations Location name, address, city, country, coordinates, access notes, parking notes, default work time and default priority. Access notes can contain sensitive operational hints and should not be more detailed than needed.
Contact persons Name, role, department, email, phone, mobile, preferred contact method and location association. Contact persons can be people at the tenant customer's customer, not Ordinavo users.
Targets, appointments and routes Operational task title, status, priority, due date, planned appointment time, assigned employee, route stop, work time and travel context. Planning data is used to organize work and should stay tied to the tenant context.
Mobile execution data Status updates, comments, photos or attachments, problem reports, completion timestamps and location context where enabled. Location data may be processed when enabled and when needed for operational documentation, routing or status verification.
Visit reports Report title, report status, result, summary, problems, follow-up requirement, attachments, billable signal and approval status. Visit reports may contain free text. Customers should avoid unnecessary personal or sensitive data.
Timeline entries Targets, appointments, route stops, recurring visits, visit reports, follow-ups, imported jobs and webhook-relevant events. The timeline aggregates existing Ordinavo records; it is not an additional tracking profile.
Customer Portal data Portal users, portal invitations, portal access grants, portal requests, shared visit reports, shared attachments, reduced portal timeline entries, login events and security events. Portal users only see explicitly allowed customer or location data. Reports and attachments must be explicitly published before portal users can access them.
Connect and webhook data External IDs, source system references, import job status, mapping warnings, webhook delivery metadata, payload content, delivery attempts and error responses. Webhook delivery logs can include target URL information or limited payload context depending on configuration and retention.

Customer Portal

Controlled external access for customer contacts

Where the Customer Portal is used, customer contacts may access shared operational information such as appointments, submitted requests, published visit reports, selected attachments and reduced timeline entries. Portal access is controlled by invitations, access grants and tenant configuration.

Customer Portal is external human access. Ordinavo Connect is system-to-system integration. Webhooks are outgoing event payloads.

Explicit sharing by design

Visit reports are not automatically visible in the portal. Attachments are not automatically downloadable. Internal notes, billing data, webhook data and integration metadata are not part of the customer portal view.

Why this data is processed

Customer context

To connect operational work with the right customer, site and contact person.

Scheduling and routing

To plan appointments, route stops, work time and mobile execution.

Mobile execution

To provide employees with task context and allow status updates on site.

Visit documentation

To document what happened, what was completed and whether follow-up is required.

Customer history

To provide a chronological operational history for managers and dispatchers.

Integrations

To import external work and return status, report, follow-up and billing events to connected systems.

Security and operations

To protect accounts, diagnose errors, verify delivery and maintain system integrity.

Responsibility model

Tenant-controlled operational data

For customer records, contact persons, targets, appointments, visit reports, timeline entries and imported operational data, the Ordinavo tenant customer typically determines why the data is entered, which people are added and how long records should be retained.

In this context, Ordinavo is designed to act as a processor for tenant-controlled operational data, while the tenant customer remains responsible for the lawful basis, internal policies and user instructions for that data.

For website visits, trial requests, account administration, contractual communication, platform security logs and support communication, Ordinavo may process data for its own operational purposes.

Customer-controlled hosting

In customer-controlled or on-premise deployments, responsibilities may differ depending on the contractual and technical setup. Ordinavo can provide the software and technical documentation, while infrastructure operation, backups, access management and local data retention may be controlled by the customer.

Who can see what?

Actual permissions depend on the configured role model, feature gates and tenant settings.

Data / Feature Tenant Admin Manager Employee Integration
Customer profile Full View Limited No direct UI
Location/address Full View Assigned Via API if scoped
Contact details Full View Assigned Optional in webhooks
External references Full Limited No API/source scoped
Visit reports Full View Own/assigned Event-based
Internal notes Full/Manager Manager No No
Billing trigger details Full Limited No Optional webhook
Webhook settings Full No No No
API keys Full No No Secret

Employee visibility by design

Mobile execution is not full CRM administration

Ordinavo separates full customer administration from mobile execution context. Mobile employees see operationally relevant information for their assigned work and should not receive administrative CRM, integration or billing data unless a role and configuration explicitly require it.

Employee context

  • Assigned work
  • Customer name
  • Location and address
  • Contact person and contact channel if needed for execution
  • Access notes and parking notes
  • Visit report form
  • Own status updates

Restricted by default

  • Customer external references
  • Billing configuration
  • Billing trigger details
  • Integration settings
  • API keys
  • Webhook subscriptions
  • Tenant administration
  • Internal manager notes unless explicitly configured

Visit reports and free-text responsibility

Visit reports can contain structured results, problem notes, follow-up information and attachments. Because reports may include free text or uploaded files, organizations should define internal rules for what should and should not be entered.

  • Avoid unnecessary personal data.
  • Avoid sensitive personal data unless there is a clear operational and legal reason.
  • Use structured fields where possible.
  • Use attachments only when needed for documentation.
  • Review reports before sharing externally.

Customer timeline and operational history

The customer timeline aggregates existing operational events. It helps managers understand what happened for a customer over time, including open work, completed appointments, recurring visits, visit reports and follow-ups.

The timeline does not create a separate tracking profile. It presents existing Ordinavo records in chronological order, with previews and full details governed by the underlying object permissions.

Retention and deletion

Retention periods can depend on the deployment model, contract, tenant configuration and operational requirements. Ordinavo is designed so that operational data such as customers, visit reports, attachments, timeline records, imports and webhook delivery logs can be governed through tenant and deployment policies.

Retention and deletion policies should be defined in the customer agreement and implemented according to the selected deployment model.

Audit and operational logs

Ordinavo can record important operational actions such as customer changes, target creation, recurring visit generation, visit report status changes, webhook delivery attempts and integration activity.

Application logs are used for diagnostics and security monitoring and should avoid storing full free-text content, secrets or unnecessary personal data.

Discuss customer operations data controls

We can review customer records, contacts, visit reports, timeline history, attachments, Connect imports and webhook payloads for your rollout.