Skip to content

Legal

Privacy Policy

Last updated: June 10, 2026

1. Introduction

Kordis ("we," "us," or "the Company") operates a cloud-based service that staffing agencies use to run their operations. This Privacy Policy explains how we collect, use, disclose, and otherwise process information in connection with our services.

We process data in two capacities: (a) as a controller, for our own business operations (account registration, billing, marketing); and (b) as a processor, on behalf of our customers, when handling worker personal data, call recordings, and transcripts provided by customers during service delivery.

2. Information We Collect

2.1 Account and Business Data

When you create a Kordis account, we collect your name, email address, phone number, company name, and billing address. We may also collect job title, business size, and industry information to personalize your experience.

2.2 Worker Personal Data (on Your Behalf)

As a processor, we handle worker personal data you provide, including:

  • Name, phone number, and contact information
  • Social Security Number or equivalent tax ID for payroll
  • Employment authorization and background check results (Form I-9 (Employment Eligibility Verification) sections, Form W-4 (Federal Tax Withholding), Work Opportunity Tax Credit (WOTC) eligibility)
  • Work history, skills, and availability
  • Bank account details for direct deposit
  • Demographic data required by law or your client contracts (e.g., Work Opportunity Tax Credit (WOTC) eligibility flags)

2.3 Call Recordings and Transcripts

Kordis supports call recording and transcription infrastructure for phone calls with workers and candidates (confirmations, prescreens, references, dispatch) on your behalf. Recordings and transcripts are used to:

  • Score commitments and compliance against your custom rubric
  • Generate audit trails and compliance evidence
  • Improve call and service quality
  • Defend you in disputes (e.g., worker no-show disputes, client audits)

Availability of specific call types (confirmations, prescreens) depends on your service plan tier. Contact sales to confirm which call types your plan includes.

2.4 Usage and Technical Data

We automatically collect log data, such as IP address, browser type, pages visited, time spent, and interactions with features. We use cookies and similar tracking technologies to remember your preferences and analyze how you use Kordis.

2.5 Analytics and Cookies

Currently, the Kordis marketing website uses only essential and functional cookies to remember your preferences (e.g., dismissed notices, theme selection) and track basic traffic patterns via Plausible Analytics, a privacy-friendly analytics service that does not require cookie consent.

We do not currently load Google Analytics, PostHog, or other third-party analytics trackers on the marketing site. If we enable additional analytics services in the future, this section will be updated and a cookie consent banner will appear.

You can disable cookies in your browser settings at any time. Essential cookies (required for site functionality) cannot be disabled, but all non-essential tracking can be prevented by disabling third-party cookies in your browser.

3. How We Use Your Data

3.1 As Controller (Your Account)

  • Provide, maintain, and improve Kordis (feature development, debugging)
  • Process billing and send invoices
  • Send product updates and feature announcements
  • Respond to your support requests
  • Analyze usage patterns to optimize performance
  • Comply with legal obligations

3.2 As Processor (Worker Data)

We process worker data only as instructed by you (our customer), including:

  • Confirmation calls (placed automatically to workers to confirm shift availability)
  • Candidate prescreens (assessing fit against job requirements and client rubrics)
  • Reference and background checks (scoring against rubric, flagging red flags)
  • Dispatch and scheduling coordination (notifying workers of assignments)
  • Compliance documentation (generating audit packs, Form I-9 (Employment Eligibility Verification) tracking, Work Opportunity Tax Credit (WOTC) eligibility)

4. Legal Bases for Processing

4.1 GDPR (General Data Protection Regulation) — EU/UK

If you are a controller subject to the GDPR, our processing is based on:

  • Contract: Necessary to perform our service agreement with you
  • Legitimate interest: Improving service, preventing fraud, optimizing performance
  • Legal obligation: Compliance with employment law (payroll, tax, worker authorization)
  • Consent: For marketing communications (you can opt out anytime)

4.2 CCPA (California Consumer Privacy Act)

We process personal information to fulfill our service obligations and for our business purposes as permitted by the CCPA. See Section 7 for your rights.

5. TCPA (Telephone Consumer Protection Act) and Voice Call Consent

We place outbound voice calls to workers and candidates on your behalf. You are responsible for:

  • Obtaining prior express written consent (TCPA — Telephone Consumer Protection Act) before we call workers at personal cell numbers
  • Obtaining prior consent (CASL — Canadian Anti-Spam Legislation) before sending SMS or placing calls in Canada
  • Honoring Do-Not-Call registry obligations
  • Maintaining records of consent (we can assist with audit trails from Kordis interactions)

We log all outbound calls and consent status in Kordis. If you believe a worker has revoked consent or requested removal from calling lists, notify us immediately and we will honor the request.

5.1 SMS Opt-Out (CASL)

If Kordis sends SMS messages to workers in Canada, all SMS carries a STOP code. Workers may unsubscribe by replying STOP to any message. Alternatively, workers or customers may request removal from SMS calling lists by contacting us at kordisai2026@gmail.com.

6. Data Subject Rights (GDPR — General Data Protection Regulation)

If you are subject to GDPR, data subjects have the following rights. You may exercise these by contacting us (see Section 10):

  • Access: Receive a copy of your personal data held by us
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion (subject to legal retention obligations)
  • Restrict processing: Limit how we use your data
  • Portability: Receive data in a portable format
  • Object: Opt out of marketing and profiling
  • Automated decision-making: Object to decisions based solely on automated processing

We will respond to requests within 30 days. If we cannot fulfill a request, we will explain why. You also have the right to lodge a complaint with a supervisory authority.

7. California Privacy Rights (CCPA — California Consumer Privacy Act)

If you are a California resident, you have the following rights under the CCPA:

  • Right to Know: Request what personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal data (subject to exceptions for legal obligations or ongoing business needs)
  • Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell your data, but you may opt out of interest-based advertising)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights

To exercise any of these rights, contact us at kordisai2026@gmail.com. We will verify your identity and respond within 45 days.

8. Data Retention

We retain data only for as long as needed to provide the service and to meet our legal, tax, and contractual obligations:

  • Operational data (active placements, timekeeping, payroll): kept while your account is active and for the period your service agreement requires
  • Compliance and audit records: employment, wage-and-hour, and tax law (for example, Form I-9 (Employment Eligibility Verification) verification, payroll records, and Work Opportunity Tax Credit (WOTC) documentation)require certain records to be kept for several years; we retain those for the period the applicable law requires
  • Call recordings and transcripts: kept per your service agreement; you can request deletion at any time
  • Account data (your name, email, billing): kept while your account is active and as needed for tax, legal, and audit purposes

You can request export or deletion of your data at any time — subject to the legal and contractual obligations above — and we honor it through our data-subject request flow.

9. Subprocessors and Third Parties

We use the following third-party services to provide Kordis. You agree to our use of these processors:

  • Clerk: Authentication and account management
  • Twilio: Voice calling and SMS delivery (telephony infrastructure)
  • Deepgram: Speech-to-text transcription (converting call audio to text)
  • ElevenLabs: Text-to-speech voice synthesis (the synthesized call audio)
  • Microsoft Azure: Cloud hosting, compute, and storage
  • Stripe: Payment processing and billing
  • PostHog: Product analytics and feature usage tracking
  • Sentry: Error monitoring and application performance tracking

We have Data Processing Agreements in place with all subprocessors. These processors are bound to protect data to the same standard we do. We will notify you of any material changes to our processor list at least 30 days in advance. If you require details about any processor or wish to object to a new processor, contact us at kordisai2026@gmail.com.

10. Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest: All data stored in our database is encrypted using military-grade encryption
  • Encryption in transit: All data transmitted to and from Kordis is encrypted using secure encryption protocols
  • Data isolation: Your data is isolated from other staffing agencies — you only see your own workers and orders
  • Access controls: Team members only see what they need to manage their work, with full audit logging
  • Compliance: We name a security certification only once it's earned — never before

While we use industry-standard security, no system is completely secure. If you become aware of a security breach, contact us immediately.

11. International Data Transfers

Kordis is hosted on Microsoft Azure in the United States (eastus2 region). If you are a controller in the EU, UK, or other jurisdiction, any transfer of personal data to the US is governed by:

  • Standard Contractual Clauses (SCCs) with our hosting provider and third-party processors
  • Our commitment to implement appropriate safeguards

If you do not consent to US data storage, please notify us before using Kordis.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by updating the "Last updated" date on this page. Your continued use of Kordis after such changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data subject rights, contact:

Kordis Inc.

Email: kordisai2026@gmail.com

Data Protection Officer / GDPR Representative: If you are established in the EU or process any EU resident's personal data (including workers or candidates), GDPR applies to our processing. We will appoint a Data Protection Officer before processing begins and are committed to GDPR compliance, including data-subject requests, encryption at rest, and access logging. Contact us for a Data Processing Agreement (DPA) if needed.

We will respond to privacy requests within 30 days.

See it live on your own data