DATA USAGE POLICY
Cordial Systems, LLC
Effective Date: April 19, 2026 | Version 1.0
This Data Usage Policy describes how Cordial Systems, LLC collects, uses, stores, protects, and shares data generated through use of the Cordial Systems platform. This Policy is incorporated by reference into our Terms of Use.
1. SCOPE AND APPLICABILITY
This Policy applies to all users, agencies, and organizations that access or use the Cordial Systems platform and associated services (“Services”). It governs all data submitted to, generated by, or derived from the use of the platform, including but not limited to operational data, user activity data, configuration data, and system-generated analytics.
This Policy does not apply to third-party websites, services, or integrations that may be linked from or used alongside the platform. Users are encouraged to review the data practices of any third-party services they connect to the platform.
2. TYPES OF DATA COLLECTED
2.1 Agency-Submitted Data
Data entered directly into the platform by your organization, including:
• Operational records, workflow entries, and task logs
• Equipment and readiness status information
• Training records and administrative documentation
• User-generated reports and notes
2.2 Account and User Data
Information associated with platform accounts, including:
• User names and roles
• Login credentials (stored in encrypted form)
• Access permissions and activity logs
• Contact information provided during account setup
2.3 System and Usage Data
Data automatically generated through use of the Services, including:
• Log data, session timestamps, and access records
• Device type, browser, and operating system information
• Feature usage patterns and navigation data
• Error reports and diagnostic information
2.4 Data We Do NOT Collect
Cordial Systems does not collect, process, or store Protected Health Information (PHI), patient-identifiable data, or any information regulated under HIPAA. Entry of such data is strictly prohibited under our Terms of Use. Cordial Systems is not a HIPAA-covered entity or business associate.
3. HOW WE USE DATA
3.1 Operational Use
Agency-submitted data is used solely to provide the Services as requested, including:
• Displaying information within the platform to authorized users
• Generating reports, dashboards, and operational summaries
• Supporting workflow management and tracking functions
3.2 Platform Improvement
Aggregated and de-identified data may be used to:
• Identify and resolve performance issues or bugs
• Develop new features and enhance existing functionality
• Improve system reliability, speed, and user experience
3.3 Analytics and Benchmarking
Cordial Systems may analyze de-identified, aggregated usage patterns to develop platform-wide analytics and benchmarking tools. No individual agency’s identifiable data will be disclosed or used in external reporting without explicit written consent.
3.4 Security and Compliance
Data may be accessed and reviewed internally for purposes of:
• Detecting and responding to security incidents or unauthorized access
• Enforcing our Terms of Use and acceptable use policies
• Complying with applicable legal obligations or lawful government requests
4. DATA OWNERSHIP
Data Type
Owner
Agency-submitted operational data
The agency / user organization
Platform architecture and software
Cordial Systems, LLC
Aggregated & de-identified analytics
Cordial Systems, LLC
System-generated logs and diagnostics
Cordial Systems, LLC
User account credentials
Shared — user retains identity rights; Cordial Systems holds encrypted copies for authentication
Cordial Systems does not claim ownership over the content your organization submits. Your data remains yours. We act as a data processor on your behalf for agency-submitted data, and as a data controller for system and usage data.
5. DATA SHARING AND DISCLOSURE
Cordial Systems does not sell, rent, or trade identifiable agency data. Data may be shared only in the following limited circumstances:
5.1 Service Providers
We may engage trusted third-party vendors to support platform operations (e.g., cloud hosting, security monitoring). These vendors are bound by contractual obligations to handle data securely and only as directed by Cordial Systems.
5.2 Legal Obligations
We may disclose data when required by law, regulation, court order, or lawful government request. Where permitted, we will notify affected users before disclosing their data.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, user data may be transferred to the successor entity. Users will be notified in advance of any such transfer and of any changes to data handling practices.
5.4 Consent
We may share data in any other manner with your prior written consent.
6. OPTIONAL DATA SHARING WITH EXTERNAL STAKEHOLDERS
Cordial Systems provides agencies with the ability to voluntarily share their operational and transport data with external stakeholders, including other agencies, regional partners, state-level entities, and national oversight bodies. This feature is entirely optional and is never required as a condition of using the Services.
Participation in any data sharing program is voluntary. Agencies retain full control over whether, what, and with whom their data is shared. Cordial Systems will not share your transport or operational data with external stakeholders without your explicit, affirmative action to enable sharing.
6.1 How Optional Sharing Works
Agencies may choose to share data through the platform’s sharing features, which may include:
• Sharing operational or transport data with other participating agencies for mutual situational awareness or coordination
• Submitting data to designated state stakeholders or oversight bodies for reporting, planning, or compliance purposes
• Contributing data to national-level databases, registries, or reporting programs as permitted or encouraged by applicable regulations
Sharing is initiated solely by the agency. Cordial Systems acts only as the technical conduit and does not independently submit your data to any external party.
6.2 Agency Responsibility for Shared Data
When an agency elects to share data, the agency is solely responsible for:
• Ensuring the data shared is accurate, appropriate, and authorized for external disclosure
• Verifying that sharing complies with applicable local, state, and federal laws, including any data governance requirements imposed by state or national stakeholders
• Obtaining any required internal approvals or authorizations before enabling data sharing
• Understanding the data use policies of the receiving stakeholders
Cordial Systems is not responsible for how receiving parties use, store, or share data once it has been transmitted pursuant to an agency’s voluntary sharing election.
6.3 Revoking Sharing Permissions
Agencies may disable or revoke data sharing permissions at any time through their account settings. Revocation will apply to future data transmissions. Data already transmitted to external stakeholders prior to revocation is subject to the receiving party’s own data policies and cannot be recalled by Cordial Systems.
6.4 No Incentive or Penalty
Cordial Systems does not offer preferential treatment, enhanced features, or pricing benefits to agencies that participate in data sharing, nor does it penalize, restrict, or downgrade access for agencies that decline to participate. The decision to share is made entirely at the agency’s discretion.
7. DATA RETENTION
Cordial Systems Logistics retains all data for the full longevity of the platform. There is no scheduled expiration or automatic deletion of agency-submitted, operational, or system data. Data persists for the life of the system to ensure continuity, historical reporting, and long-term operational insight for agencies and stakeholders.
All data submitted to the Cordial Systems platform is retained indefinitely for the duration of the system’s operation. Agencies can rely on historical data remaining accessible throughout their use of the Services.
Data Type
Retention Period
Agency-submitted operational data
Indefinitely — for the life of the system
Transport and logistics data
Indefinitely — for the life of the system
Account and user data
Indefinitely while active; reviewed upon account closure
System logs and diagnostics
Indefinitely — for the life of the system
Aggregated analytics
Indefinitely — for the life of the system
Shared stakeholder data
Indefinitely — for the life of the system
7.1 Current Infrastructure
Cordial Systems Logistics utilizes third-party infrastructure providers for application hosting and database storage and management. These providers are selected based on their security, reliability, and compliance capabilities. Specific provider information is available upon written request by contacting privacy@cordialsystems.com.
All infrastructure partners are bound by contractual obligations to handle data securely and in a manner consistent with this Policy.
7.2 Infrastructure Changes
Cordial Systems reserves the right to migrate, change, or expand its infrastructure providers at any time as the platform evolves. In the event of a significant infrastructure change that affects how or where data is stored, Cordial Systems will:
• Provide advance notice to active users via email or platform notification
• Ensure data is migrated securely and without loss
• Update this Policy to reflect the new infrastructure prior to or at the time of transition
Regardless of the infrastructure provider in use at any given time, the data retention commitments described in this section remain in effect.
8. DATA SECURITY
Cordial Systems implements industry-standard administrative, technical, and physical safeguards to protect data against unauthorized access, loss, alteration, or destruction. These measures include:
• Encryption of data in transit (TLS) and at rest (AES-256)
• Role-based access controls and multi-factor authentication support
• Regular security assessments and vulnerability management
• Incident response procedures and breach notification protocols
No method of data transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your organization, we will notify you as required by applicable law.
9. INTERNATIONAL DATA TRANSFERS
Cordial Systems is headquartered in the United States, and data is processed and stored on servers located within the United States. If you access the Services from outside the United States, your data will be transferred to and processed in the U.S., which may have different data protection standards than your home country.
Users in jurisdictions with cross-border data transfer restrictions (including the European Economic Area, United Kingdom, or Canada) are responsible for ensuring that their use of the Services complies with applicable transfer requirements. Cordial Systems will cooperate in good faith with users seeking to establish appropriate transfer mechanisms.
10. REGIONAL PRIVACY RIGHTS
9.1 California Residents (CCPA)
California residents may have the right to request disclosure of personal information collected, request deletion of personal information, and opt out of the sale of personal information. Cordial Systems does not sell personal information. To exercise rights under CCPA, contact us at privacy@cordialsystems.com.
9.2 European / UK Users (GDPR / UK GDPR)
Where GDPR or UK GDPR applies, users may have rights including: access, rectification, erasure, restriction of processing, data portability, and the right to object. To exercise these rights, contact privacy@cordialsystems.com. We will respond within the timeframes required by applicable law.
9.3 Canadian Users (PIPEDA)
Users in Canada may have rights to access and correct personal information held by Cordial Systems. Requests should be directed to privacy@cordialsystems.com.
9.4 Other Jurisdictions
Users in other jurisdictions may have additional rights under local law. Cordial Systems will endeavor to honor lawful data rights requests regardless of jurisdiction. Contact us to discuss your specific rights.
11. COOKIES AND TRACKING
The Cordial Systems platform may use cookies and similar tracking technologies to maintain session state, remember user preferences, and collect usage analytics. These technologies are used solely for platform functionality and improvement.
Users may configure their browser settings to refuse cookies, though doing so may affect platform functionality. We do not use cookies for advertising or cross-site tracking purposes.
12. NO PROTECTED HEALTH INFORMATION
This platform is not designed or certified for use with Protected Health Information (PHI) under HIPAA or equivalent healthcare privacy regulations. Users must not submit patient names, medical record numbers, diagnoses, treatment information, or any other health data into the platform. Violation of this prohibition is a material breach of our Terms of Use.
13. USER RESPONSIBILITIES
Users and agencies are responsible for:
• Ensuring that data submitted to the platform is accurate and does not include prohibited information (including PHI)
• Informing all platform users within their organization of this Data Usage Policy
• Maintaining appropriate internal data governance policies for data entered into the platform
• Notifying Cordial Systems promptly if they become aware of any unauthorized access or data breach involving their account
14. CHANGES TO THIS POLICY
We may update this Data Usage Policy from time to time to reflect changes in our practices, legal requirements, or platform capabilities. When changes are made, we will update the “Effective Date” and version number at the top of this document.
For material changes, we will provide advance notice via email or platform notification. Continued use of the Services following notice of changes constitutes acceptance of the updated Policy.
15. CONTACT US
For questions, concerns, or data rights requests related to this Policy, please contact:
Cordial Systems, LLC
Email: cordialsystemsllc@gmail.com
Cordial Systems, LLC • Data Usage Policy v1.0 • Effective April 19, 2026