Privacy Policy

1. Who we are

Oriv is a product built by Oriv AI, operating from Mumbai, India. For privacy questions, write to [email protected].

2. What we collect

We collect the following categories of data:

• Account information— your name, email address, phone number (if you use phone OTP login), profile picture from Google (if you sign in with Google), and the Firebase user identifier created for your account.
• Business data you put in— contacts, deals, invoices, freelancer records, tickets, support conversations, files you upload, and anything else you enter into Oriv.
• WhatsApp messages— if you connect a WhatsApp Business number, the inbound and outbound messages routed through Meta's WhatsApp Business API are stored in your workspace so you can read, reply, and search them.
• Payment metadata from Razorpay— the order ID, payment ID, amount, status, and timestamp of subscription transactions. We do not store full card numbers, CVVs, or UPI PINs. Razorpay handles those directly.
• Usage and device information— IP address, browser type, pages visited, features used, and timestamps. This helps us debug and improve the product.

3. How we use it

We use the data we collect to:

• Operate and provide the service to you — show your dashboard, store your invoices, route your WhatsApp messages, and so on.
• Send AI inference requests on your behalf when you use AI features. The relevant context is forwarded to an AI provider (see Section 4).
• Send transactional email through Resend — account verification, password resets, billing receipts, in-app notifications you've subscribed to.
• Diagnose problems, monitor performance, prevent abuse, and improve the product.
• Comply with our legal obligations under Indian law.

We do not sell your data. We do not use your business data or AI conversations to train AI models — ours or anyone else's.

4. Who we share it with (sub-processors)

To run the service, we share data with a small set of trusted vendors. Each one only receives what it needs to do its job:

• Firebase (Google) — user authentication (email + password, Google sign-in, phone OTP).
• Railway — hosting our backend services and the PostgreSQL database where your data is stored.
• AWS S3-compatible object storage — storage for files you upload (invoices, attachments, profile pictures, business cards).
• Resend — sending transactional email.
• Meta WhatsApp Business API — sending and receiving messages on the WhatsApp Business numbers you connect.
• Razorpay — processing payments for Oriv's own subscription billing.
• AI inference providers — Google Gemini, OpenAI, Anthropic, and Groq. We pick the provider based on which model is best suited to the task. We send only the prompt and the context the model needs to answer it. Per our contracts, these providers do not use your inputs or outputs to train their public models.

We may also disclose data if compelled to do so by lawful order from an Indian authority, or where disclosure is necessary to investigate fraud, security incidents, or violations of our Terms of Service.

5. International data transfer

Some of the providers listed above are based outside India, or run infrastructure outside India (OpenAI, Anthropic, Groq, parts of Google's Gemini infrastructure, AWS, Resend, Meta). As a result, your data may leave India when it is sent to those providers. We take reasonable steps to choose providers that handle data securely, but the precise legal mechanism that authorises these transfers under the DPDP Act, 2023 and any other applicable Indian law must be finalised by counsel before public launch.

6. Retention

We keep your data while your account is active. When you delete your account — either through Settings or by writing to us — we purge your business data from our primary database within a documented window (we're currently targeting 30 days, subject to encrypted backup rotation and legal hold requirements).

We may retain certain records longer where the law requires it — for example, GST invoice records and Razorpay transaction logs may need to be kept for tax and audit purposes for the period prescribed by Indian tax law.

7. Your rights

You have the following rights over your data:

• Access — you can see and download what we have. Most of it is already visible in your dashboard.
• Correction — you can edit your data inside the app at any time.
• Deletion — go to Settings → Delete Account to permanently remove your account and your data. If you can't find the option or it doesn't work, email [email protected].
• Portability — you can export your business data (contacts, invoices, deals) from inside the app. For a full bulk export, write to us.
• Withdraw consent — you can stop using the service at any time. Note that withdrawing consent doesn't affect processing that has already happened.

8. Cookies and tracking

We set authentication cookiesthrough Firebase so the app can remember you between page loads and sessions. These are essential — without them you can't stay signed in.

We don't use third-party advertising cookies, cross-site trackers, or behavioural ad networks. We don't serve ads in the product. If we ever add product analytics that goes beyond basic server logs, we'll describe it here.

9. Children

Oriv is a business-to-business product. We don't knowingly collect data from anyone under 18. If you believe a child has signed up for Oriv, write to us at [email protected]and we'll delete the account.

10. Changes to this policy

We may update this Privacy Policy as the product changes — for example, when we add or remove a sub-processor. When we make a material change, we'll update the effective date at the top of this page and, where reasonable, notify you by email or in-app message.

11. Contact

Questions, requests, or complaints about your data? Email us at [email protected].