Oda ERPOda ERP

Last updated: May 2026

Privacy policy

This policy describes how DV Tech Ventures ("we," "us,") processes personal information in connection with OdaERP — the hosted ERP web application at this site and the OdaERP mobile apps (together, the "Service"). If you disagree with this policy, please do not use the Service.

Who is responsible

For personal information processed about users of OdaERP, DV Tech Ventures acts as the data controller (or equivalent responsible party) unless we otherwise notify you — for example, where your employer or franchisor configures the tenant and directs processing; in those cases both your organization's policies and ours may apply.

You can reach us about privacy at our Contact page. For account deletion, use our Delete account request form.

Information we collect

  • Account and identity. Name, email, phone (if provided), job title or role identifiers, hashed credentials, MFA factors you enable, preferences, session and device identifiers tied to signing in (including via Firebase Authentication or similar identity providers your deployment uses).
  • Organization and tenancy context. Organization name, branch or outlet identifiers, role assignments, and configuration you or your admins save in OdaERP.
  • Operational and ERP content. Business records you submit to the Service — inventory, orders, shipments, invoicing, payroll-related fields permitted by your plan, uploads (e.g. proof-of-delivery images), integrations, webhook payloads, audit events, support messages, and free-text fields your users enter inside the tenant.
  • Technical and security. IP address, approximate region, timestamps, diagnostics, logs, fraud-prevention signals, and similar metadata needed to operate, secure, and improve the Service.
  • Cookies and storage. Essential cookies/session storage to keep you signed in; optional preference storage you accept through our UX.

How we use information

We process personal information to:

  • Provide, host, personalize, maintain, debug, and support the Service;
  • Authenticate users and enforce RBAC policies your organization configures;
  • Operate multi-tenant isolation, backups, migration, upgrades, and compliance tooling;
  • Detect, prevent, and respond to abuse, outages, incidents, fraud, or legal claims;
  • Analytics and product telemetry that do not materially override your statutory rights;
  • Fulfill legal obligations and exercise our legal rights;
  • Communicate about security, outages, contractual changes (including this policy when material), and — separately — marketing where you have opted in.

Legal bases (where applicable)

Depending on jurisdiction, we rely on one or more of: performance of a contract with your organization or you as an individual subscriber; legitimate interests balanced against your rights (e.g. cybersecurity); compliance with legal duties; your consent where we ask explicitly (such as cookies beyond essentials or marketing emails).

Sharing and subprocessors

We do not sell your personal information. We share personal information only with service providers that help operate the Service (for example hosting, identity, backups, observability), with your direction (APIs, integrations, exports your admins enable), to comply with law or enforce our terms, or in connection with a merger, diligence, bankruptcy, sale of assets — subject to safeguards and notice where legally required.

A non-exhaustive list may include regional cloud hosts, Firebase / Google Identity back-ends tied to your deployment, observability tooling, payment processors billing your organization where applicable — all under written agreements restricting use to service delivery.

International transfers

Your data may be processed outside your region when our infrastructure requires it. We apply appropriate safeguards (standard contractual clauses, adequacy findings, supplementary measures where required) aligned with GDPR and analogous laws — details available upon request.

Retention

Account and security logs remain as long as your relationship with us requires plus a reconciliation period. ERP transactional content inside a tenant stays until your administrators delete records, downgrade the tenant, or request closure — subject to legal holds, audit requirements, taxation, and anti-fraud rules that sometimes require retention after account closure or anonymisation instead of raw erasure.

Your privacy rights

You may ask to access, correct, restrict, erase, export, object to processing, lodge a complaint with a supervisory authority, or revoke consent — subject to exemptions (e.g. records we must keep for lawful accounting). Contact us using our account deletion workflow where it applies.

Security

We implement technical and organizational measures — encryption in transit where supported, hardened access controls, tenancy isolation, auditing — appropriate to ERP-class data. See also our Security overview.

Children

OdaERP is a business ERP. It is not directed at children under 16. If we learn we processed a minor's profile without lawful authority we will remediate deletion when appropriate.

Changes

We update this policy from time to time. Material changes appear with a refreshed "Last updated" date above and, where required, additional notices in-product or via email.