Effective date: July 9, 2026. This policy explains what information ORi collects, how we use and share it, and the choices and rights you have. It applies to the ORi web application and the oriaro.com website (the "Service"), operated by Oriaro, LLC ("Oriaro", "we", "us").
This policy covers personal information we process when you create an ORi account, use the Service to run or augment meetings, or visit our website. It supplements, and is incorporated by reference into, the ORi Beta Terms of Service. During the invite-only beta the Service is offered in the United States only.
2.1 Account information. When you sign up we collect your mobile phone number (used to verify your identity by SMS), and, if you provide them, your email address and a display name. When you accept our Terms we keep a tamper-evident record of that consent: the version you accepted, a cryptographic fingerprint of the exact document text as shown to you, the time, and the originating IP address.
2.2 Meeting content. When you use ORi during a meeting, your browser captures audio and sends short audio segments to our processing service. Each segment is transcribed and then discarded; raw audio is never written to durable storage. While a meeting is active we hold only a brief rolling window of recent transcript text (on the order of a minute) server-side, and older text is continually pruned — we do not keep a full transcript of your meeting. From the transcript we derive concepts, signals, questions, and related items ("Derived Content"). You may choose to save ("Keep") specific concepts; Derived Content and Kept items are stored with your account until you delete them (see Section 8).
2.3 Usage and technical information. We collect basic operational data such as feature and usage events, approximate request timing, the app version you are running, error and diagnostic logs, and standard request metadata (including IP address and user-agent) needed to operate and secure the Service.
2.4 Support information. If you contact support or submit feedback, we collect the content of your message and any diagnostic information you choose to share.
2.5 Payment information. Outside the free beta, payments are handled by our payment processor. We do not receive or store full payment-card numbers.
We use information to provide, operate, secure, and improve the Service; to authenticate you and maintain your account; to transcribe and analyze your meetings and produce Derived Content; to enforce usage limits and our Terms; to respond to support requests; to detect, prevent, and investigate abuse or security incidents; and to comply with law. We do not sell your personal information, and we do not use your meeting content to train our own models.
ORi is built so that privacy is a property of how the system works, not only a promise in this policy.
4.1 Transcription. To turn speech into text, your audio segments are processed by ORi's transcription systems and then discarded — raw audio is never written to durable storage. This processing happens on ORi's servers rather than on your device, so audio does leave your device for this step.
4.2 Analysis. To produce Derived Content, transcript text is analyzed by AI. Depending on the feature and your settings, this analysis is performed using AI capabilities ORi provides, or by a third-party AI provider you choose to connect (see Section 5). We may change the underlying systems that perform transcription or analysis over time; whichever we use, the protections in this policy apply.
4.3 What we do not do. We do not use your meeting content to train our own models, and we do not permit any AI service we engage to train its models on your content. ORi ranks and recalls information using your own activity — how often and how recently things came up, and what you chose to keep — and does not build vector embeddings of your meeting content or train a per-user model. Personalization comes from this activity at the moment of use, not from training on your data.
You may configure the Service to use your own account with a supported third-party AI provider by adding your API key ("bring your own key"). We protect your key: it is stored securely, is never shown back to you or exposed in the app, and is not included in a data export. It is used only to send your requests to the provider you chose, whose handling of that content is governed by your agreement with that provider.
If you do not add your own key, some features are available using AI capabilities ORi provides, while others may ask you to add a key for your chosen provider before use.
6.1 Service providers. We share information with vendors that perform services on our behalf, under contracts that limit their use of it to providing those services — for example, cloud hosting and storage, communications (such as SMS verification), and payment processing. Some meeting analysis may also be performed by a third-party AI provider you choose to connect (Section 5); where ORi performs analysis with its own systems, no third-party AI provider receives your content for that step.
6.2 Legal and safety. We may disclose information if required by law or valid legal process, or where we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, or to investigate fraud or abuse.
6.3 Business transfers. If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this policy.
6.4 We do not sell your personal information or share it for cross-context behavioral advertising.
We retain your account information for as long as your account is active. We do not retain raw audio, and we hold only a brief rolling window of recent transcript text while a meeting is active (Section 2.2). Derived Content and Kept items persist until you delete them or close your account; they are not deleted automatically on a schedule. Sign-in sessions expire after about thirty days. We retain operational logs and diagnostic data for a limited period as needed to operate and secure the Service, and we retain consent records as long as needed to evidence your agreement to our Terms. When you delete data or close your account, we purge the associated personal information from your account within a reasonable period, except where retention is required by law.
8.1 Access and export. You can export your data using the in-app data controls.
8.2 Deletion. You can delete your Kept concepts, your history, and your account using the in-app data controls. Deleting your account removes your durable account data as described in Section 7.
8.3 Analytics choice. You can opt out of non-essential usage analytics in Settings.
8.4 To make a request you cannot complete in the app, contact us using Section 13. We will respond consistent with applicable law.
ORi augments a meeting you are already part of. You are responsible for capturing and processing meeting audio lawfully, including obtaining any consent required from other participants under the laws that apply to you. Do not use the Service to capture conversations you are not authorized to record.
We use technical and organizational measures designed to protect personal information, including encryption in transit, encryption of stored API keys, and access controls. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.
The Service is not directed to, and may not be used by, anyone under 18. We do not knowingly collect personal information from children.
The Service is currently offered in the United States, and information is processed and stored in the United States. If you access the Service from outside the United States, you do so on your own initiative.
We may update this policy from time to time. When we do, we will post the updated version with a new effective date, and prior dated versions remain available. Your continued use of the Service after an update takes effect constitutes acceptance of the updated policy.
Questions about this policy or your personal information can be sent to privacy@oriaro.com.