Privacy Policy
Last updated: April 13, 2026 · Effective: April 13, 2026
1. Introduction
Comorando ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service, including AI-powered features and the organizational memory layer.
2. Information We Collect
- Account data: email address, organization name, API keys (stored as SHA-256 hashes).
- Usage data: number of events processed, timestamps, plan information, billing status.
- Event metadata: event type, subscription ID, payment status, amounts, and correlation IDs from your payment provider (PayPal, Stripe). We do not receive or store raw card data.
- Technical data: IP addresses, request logs, correlation IDs for debugging purposes.
- Payment data: handled entirely by PayPal. We do not store credit card numbers or payment details.
- AI decision data: event severity classifications, churn risk scores, action selections, and model outputs generated by our AI systems. See Section 6 below.
- Organizational memory data: per-organization context accumulated over time, including event history summaries, retry outcomes, engagement signals, and AI-generated annotations. See Section 7 below.
3. How We Use Your Information
- To provide and maintain the Service, including real-time event processing
- To operate AI-driven features: severity classification, churn risk scoring, intelligent retry logic
- To build and maintain organizational memory context for improved automation accuracy
- To process payments and manage subscriptions
- To send transactional emails (account creation, billing alerts, churn signals)
- To monitor usage and enforce plan limits
- To detect and prevent fraud or abuse
- To improve the Service based on aggregated, anonymized usage patterns
4. Data Storage and Security
Your data is stored in Supabase (PostgreSQL) with row-level security enabled. API keys are hashed with SHA-256 — the raw key is shown only once and never stored in plain text. All connections use TLS encryption. We apply the principle of least privilege to all data access.
5. Data Retention
We retain account data for the duration of your subscription plus 90 days after cancellation. Event logs and AI decision logs are retained for 12 months. Organizational memory data is retained for the duration of your subscription plus 90 days. You may request deletion of your data at any time by contacting hello@comorando.com.
6. AI Processing and Model Usage
Comorando uses artificial intelligence to process event data. This section explains how:
- Local AI (Gemma 4B): A locally-hosted model runs on Comorando's infrastructure. Event metadata (event type, status, amounts) is passed to this model to generate severity scores and action recommendations. No data is sent to Anthropic, Google, or other external AI providers via this path.
- Third-party AI models: On certain plans, event data may be processed by third-party AI APIs (such as Qwen via Nexum or MiniMax via OpenRouter) for enhanced analysis. In these cases, event metadata is transmitted to those providers under their respective privacy policies. We do not send personally identifiable information (email addresses, names) to AI model APIs — only event structure and metadata.
- AI outputs: All AI decisions (severity, risk score, recommended action, model used) are logged per event in our database for audit purposes and are visible in your Outcome Dashboard.
- Model changes: We may update or change the AI models used. Material changes that affect decision logic will be communicated to users.
7. Organizational Memory Layer
The organizational memory feature (available on Growth and above) maintains a per-organization context store in the org_memory table. This includes:
- Summarized event history and retry outcomes for your organization
- Churn risk signals and engagement score trends
- AI-generated annotations about organization behavior patterns
- Configuration preferences learned from your usage
This data is used exclusively to improve automation decisions for your organization. It is never used for cross-organization analytics, advertising, or sold to third parties. Memory data is isolated at the organization level with row-level security — no organization can access another's memory.
You may request a full export or deletion of your organization's memory data at any time by contacting hello@comorando.com. Deletion requests are processed within 30 days.
8. Third-Party Services
- PayPal: payment processing. Governed by PayPal's Privacy Policy.
- Supabase: database hosting. Data stored in secure cloud infrastructure.
- Redis: temporary event deduplication cache. No personal data stored.
- Nexum / Dialagram (AI routing): third-party AI API used for advanced event analysis on select plans. Event metadata only; no PII transmitted.
- OpenRouter: AI model access layer. Event metadata only; governed by OpenRouter's Privacy Policy.
9. Cookies
Comorando does not use tracking cookies or advertising cookies. We may use essential session cookies for authentication purposes only.
10. Your Rights
You have the right to access, correct, or delete your personal data at any time, including your organizational memory data. To exercise these rights, contact hello@comorando.com. We will respond within 30 days.
11. Data Transfers
Your data may be processed in servers outside your country of residence, including for AI model inference. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place.
12. Children's Privacy
The Service is not directed to children under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact hello@comorando.com immediately.
13. Changes to This Policy
We may update this Privacy Policy periodically, including to reflect changes in our AI systems, model providers, or memory layer capabilities. Material changes will be communicated via email. Continued use of the Service constitutes acceptance of the updated policy.
14. Contact
For privacy questions, data requests, or memory deletion requests: hello@comorando.com