Privacy policy

Introduction

This Privacy Policy explains how Orria collects, uses, stores, and protects your personal data when you access our software tools, services, and platform. We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR, CCPA, and other international standards.

Information We Collect

1. Information You Provide

Personal Information

  • Name and contact details

  • Email address

  • Billing information

  • Company information (if applicable)

Project & Service Data

  • Responses to onboarding forms

  • Feature requests or feedback

  • Uploaded files or assets

  • Communications related to support or custom development

2. Information Collected Automatically

Usage & Device Data

  • IP address

  • Browser type and version

  • Device and operating system

  • Pages visited and actions taken

  • Date, time, and duration of visits

  • Referrer URLs

Cookies & Tracking Technologies

  • Essential cookies (for login, security, UX)

  • Analytics cookies (usage behavior, performance)

  • Functional cookies (preferences, session info)

  • Marketing cookies (only if explicitly accepted)

How We Use Your Information

1. Service Delivery

  • Provide access to Orria applications and tools

  • Process payments and manage subscriptions

  • Deliver project assets and SaaS features

  • Provide customer support and respond to inquiries

  • Notify you of account activity or service changes

2. Product Improvement

  • Analyze usage data to improve product design and performance

  • Debug issues and maintain platform security

  • Optimize onboarding and user experience

  • Prioritize new features and product updates based on usage

3. Communication

  • Notify users about product changes and service updates

  • Send transactional emails (payments, alerts, usage)

  • Send marketing and newsletter emails (only with opt-in consent)

Data Storage & Security

1. Storage and Protection

  • Your data is stored securely via reputable cloud providers (e.g. AWS, GCP)

  • Encrypted using industry standards (SSL/TLS)

  • Access limited to authorized team members only

  • Secure backups performed regularly

2. Data Retention

  • Active client data is retained as long as the account is active

  • Archived data may be stored up to 5 years unless deletion is requested

  • Financial data retained as required by applicable laws

3. Security Practices

  • Strong password enforcement and 2FA where available

  • Regular security patches and audits

  • Secure data handling procedures for all staff

Information Sharing

1. With Trusted Third Parties

  • Payment processors (e.g. Stripe)

  • Cloud infrastructure services (e.g. AWS)

  • Analytics platforms (e.g. Plausible, PostHog)

  • Email and notification systems (e.g. MailerLite)

  • Project management or support tools (e.g. Notion, Linear)

We only share data required to provide the service and ensure privacy agreements are in place.

2. Legal Obligations

We may disclose personal data when required to:

  • Comply with legal processes or government requests

  • Prevent fraud or misuse of our services

  • Protect the rights, safety, and property of Orria or our users

Your Rights and Choices

1. Access and Control

  • Request access to your data

  • Modify or update your personal information

  • Download your data in machine-readable format

  • Request deletion of your account and associated data

  • Opt-out of marketing emails at any time

2. Cookie Preferences

You can manage your cookie consent preferences directly from the cookie banner or browser settings.

Children’s Privacy

Orria does not knowingly collect personal data from children under 13. If we become aware that we have collected data from a minor without parental consent, we will delete it immediately.

International Data Transfers

  • Data may be transferred to servers outside your country (including the U.S., EU, or Canada).

  • All transfers are done in compliance with GDPR and relevant frameworks.

  • We use standard contractual clauses and data processing agreements when required.

Changes to This Policy

We may update this Privacy Policy from time to time. In the case of material changes, users will be notified via email or in-app notification at least 30 days prior to enforcement. Continued use of our services implies acceptance of the updated terms.

Contact

For privacy-related inquiries or to exercise your rights:
📧 privacy@orria.co
Orria — Paul Bertucci (CEO) & Téo Bacher (CTO)

Regional Rights

European Union (GDPR)

  • Right to access, correct, delete, and restrict use of personal data

  • Right to data portability

  • Right to object to processing

  • Right not to be subject to automated decision-making

California Residents (CCPA)

  • Right to know what personal data is collected

  • Right to request deletion or correction

  • Right to opt out of the sale of personal information

  • Right to non-discriminatory service

Other Regions

We comply with local data protection laws as applicable in your region.

Compliance

Orria complies with:

  • General Data Protection Regulation (GDPR)

  • California Consumer Privacy Act (CCPA)

  • International data transfer standards

  • Industry best practices in security and data management

By using Orria’s products and services, you acknowledge that you have read and accepted this Privacy Policy.