Privacy Policy

Short version: in BYOK mode, we do not store your API keys, conversation content, or model outputs. Cloud sync, encrypted backups, and Oriveo Free are optional features, and we only process the data needed when you choose to use them.

• Your API keys: stay only in your device's secure system storage and are never uploaded to our servers.
• Your chats and attachments: in BYOK mode, requests go directly from your device to the AI provider; uploads happen only if you turn on cloud sync or create a backup, and backups use end-to-end AES-256 encryption.
• Oriveo Free: requests are relayed through Oriveo servers to third-party model providers; we retain only the minimum records required for quota enforcement, abuse prevention, and audit.
• What we do not do: we do not sell your personal data, use it for targeted advertising, or train Oriveo's own AI models on your content.

For purposes of this Privacy Policy, the data controller (or equivalent personal data handler under applicable law) is the Oriveo team.

• Operating entity: Oriveo team
• Registered / mailing address: contact [email protected] for the applicable operating entity and mailing information
• Privacy and data protection contact: [email protected]
• General support: [email protected]

If you are located in the EEA, the United Kingdom, or Switzerland, you may also contact us or your local data protection authority regarding the processing of your personal data in connection with the Service.

We collect only the minimum information required to operate the Service. Main categories include:

• Account information: through Firebase Authentication, we process your email address, display name, profile image URL, and login method (Google, Apple, or email OTP). We do not store your password; email OTP codes are sent through Resend and typically expire within 10 minutes.
• Cloud sync metadata (if enabled): we use Firebase Firestore to sync conversation titles, timestamps, folders, Skills directory data, Memory text, preferences, and usage statistics. Message bodies do not go to the cloud by default; they are uploaded only if you explicitly create an AES-256 encrypted backup in Firebase Cloud Storage.
• Attachments (if sync is enabled): images, PDFs, and other files may be uploaded to your account partition in Firebase Cloud Storage to support multi-device access; you can delete them at any time.
• Skill knowledge-base files: when you upload knowledge files for a Skill, our backend may relay them to OpenAI Vector Store to enable retrieval; the original files and vectors are used only within your account.
• Technical and device data: IP address (for abuse prevention, rate limiting, and geographic compliance checks), approximate IP-based location, device model, operating system version, app version, language, and time zone.
• Error and performance diagnostics: through Sentry, we may receive uncaught exception stack traces, breadcrumbs, your current user identifier (Firebase UID), and device fingerprints. These records may be linked to your account and are not fully anonymous; if you do not want to send them, you can turn diagnostics off in "Settings → Privacy".
• Operational records for Oriveo Free: when you use the free tier, we may keep a Guest Session ID, device identification token, model ID for each call, token usage counters, and complaint / quota audit logs. Message bodies are not retained by default; limited, temporary sampling may occur only when needed to review a compliance complaint.
• Admin security data: when administrators sign in, we may use Cloudflare Turnstile to verify human access and log the related sign-in events.

In BYOK mode, the following data does not leave your device, and we do not collect it or have the ability to read it:

• the API keys you enter;
• the content of your conversations with third-party AI providers such as OpenAI, Anthropic, or Google;
• model responses and any quotations contained in them;
• the original contents of local attachments, unless you explicitly enable cloud sync or create an encrypted backup;
• your conversation history, unless you explicitly enable cloud sync or create an encrypted backup.

In BYOK mode, your requests are sent directly from your device to the AI provider you choose and do not pass through Oriveo servers. We do not act as a proxy and we do not mirror that traffic.

We process personal data only for the following purposes and, where applicable, on the legal bases required by GDPR, CCPA/CPRA, PIPL, and similar laws:

• Providing and maintaining the Service (account sign-in, cloud sync, multi-device access) — necessary for contract performance.
• Diagnosing failures and improving the product (error logs, crash stacks, aggregated usage metrics) — based on our legitimate interest in improving stability and quality.
• Security, abuse prevention, and quota controls (rate limiting, CAPTCHA, anomalous login detection, Oriveo Free quota auditing, anti-fraud measures) — based on legitimate interests and/or legal obligations.
• Operating Oriveo Free (request routing, quota calculation, complaint handling) — necessary for contract performance.
• Responding to legal requirements (court orders, regulatory requests, data subject requests) — to comply with legal obligations.
• Communicating with you about service changes, security incidents, and other important notices — necessary for contract performance or based on legitimate interests.

We do not:

• sell or rent your personal data to third parties;
• use your personal data for targeted advertising or advertising profiling;
• use your content to train Oriveo AI models.

To operate the Service, we share only the minimum necessary data with the following sub-processors and put data processing agreements in place where required:

• Google Firebase (Authentication / Firestore / Cloud Storage / Hosting) — account data, sync data, and attachments; infrastructure may be located in the United States.
• Sentry — error and performance diagnostics.
• Resend — recipient email addresses and one-time login codes.
• Cloudflare — network metadata, IP addresses, and protection mechanisms, including Turnstile for Admin.
• OpenAI — only for Skill knowledge-base Vector Store usage and, where applicable, specific Oriveo Free routing scenarios.
• AI providers you choose — in BYOK mode, your device connects directly to providers such as OpenAI, Anthropic, Google, DeepSeek, OpenRouter, Groq, Together AI, Fireworks AI, MiniMax, Z.ai, Qwen, SiliconFlow, and any Relay endpoint you configure.

Each such provider has its own privacy policy and data-processing rules. You are responsible for reviewing and complying with them, including configuring opt-out settings where available. Outside the situations listed above and cases required by law, we do not disclose, sell, rent, or transfer your personal data to third parties.

Our cloud infrastructure (including Firebase, Sentry, and Cloudflare) operates across multiple regions. If you access the Service from a region different from where certain infrastructure is located, your personal data may be transferred internationally.

We use the following mechanisms:

• For users in the EEA / United Kingdom / Switzerland: Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary safeguards where required.
• For users in mainland China: necessity assessments and notice requirements in accordance with applicable PIPL requirements for cross-border transfers.
• For users in other jurisdictions: compliance with the applicable local requirements governing international transfers.

If you would like more information about the relevant transfer mechanism or copies of the supporting documentation, please contact [email protected].

Retention periods:

• account information: for the life of your account plus up to 30 days after deletion to handle mistaken-deletion recovery;
• sync metadata / attachments / knowledge-base files: until you delete them or close your account;
• Oriveo Free usage logs: up to 180 days for abuse detection and compliance audits;
• snapshots tied to Oriveo Free complaints: up to 12 months or until the related dispute is resolved;
• Sentry error logs: up to 90 days;
• Admin sign-in logs: up to 12 months;
• OTP codes: 10 minutes or immediate expiry after successful verification;
• data that must be retained by law: for the period required by applicable law, even if longer than the periods above.

Security measures:

• Encryption in transit: all client-server connections use TLS 1.2 or higher.
• Encryption at rest: server infrastructure uses encryption at rest; user backups use end-to-end AES-256 encryption and the decryption key remains under your control.
• On-device API key protection: iOS Keychain / Android Keystore on native apps; browser local storage isolated by the same-origin policy on the web.
• Access controls: internal access follows the principle of least privilege, and sensitive operations are audited.
• Breach notification: if a personal data incident is likely to pose a high risk to you, we will try to notify you within 72 hours by email or in-app notice and, where required, notify the relevant regulator.

Depending on the law that applies to you (including GDPR, UK GDPR, CCPA/CPRA, PIPL, and similar laws), you may have the following rights regarding your personal data:

• Access and copy: you can export all of your data as an encrypted ZIP from "Settings → Backup → Export".
• Correction: you can update editable information yourself in account settings; for other fields, you can contact us by email.
• Deletion: from "Settings → Account → Delete Account" you can delete the server-side data associated with your account; certain logs may remain within the applicable retention period.
• Portability: export in a structured, commonly used, machine-readable format.
• Restriction or objection: you can disable diagnostics, turn off cloud sync, or stop using your account at any time.
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
• Right not to be subject to legally significant automated decisions: we do not use automated decision-making that produces legal effects on you; Oriveo Free quota calculation is an operational anti-abuse measure and not profiling.
• Right to lodge a complaint: users in the EEA / United Kingdom may contact their local data protection authority; California users may contact the California Attorney General; users in mainland China may contact the relevant authority under PIPL.

Response time: we generally respond within 30 days after receiving a verifiable request. For complex requests, we may extend that period within the limits allowed by law, up to two times and by no more than 30 days each, with notice of the reason.

The Oriveo website and web app use the following storage technologies, and not for advertising targeting or cross-site tracking:

• Strictly necessary: Firebase Auth session cookies, CSRF protection tokens, and Admin JWT cookies.
• Functional: theme, language, and layout preferences; conversation drafts; and model metadata caches stored in browser IndexedDB or equivalent local storage.
• Security: Cloudflare Turnstile for Admin and Cloudflare DDoS-protection tokens.

We do not use third-party advertising cookies, cross-site tracking pixels, or ad-tech scripts. You may clear or block cookies in your browser settings, but doing so may affect sign-in or certain features.

The Service is not directed to children under 13 years old. If your jurisdiction sets a higher digital-consent age, such as 16 in parts of the European Union, you must meet that local legal age to use the Service. Users below the applicable age may use the Service only with the consent and supervision of a parent or legal guardian.

We do not knowingly collect personal data from children below the applicable legal age. If you are a parent or legal guardian and believe your child has provided us with personal data, please contact [email protected] and we will verify and delete the data promptly.

Policy changes: we may update this Privacy Policy from time to time to reflect changes in the product, technology, operations, or applicable law. If a change is material, we will notify you before it takes effect through an in-app notice, email, or a prominent notice on our website, and we will update the "Last updated" date accordingly. If you continue using the Service after the revised policy takes effect, that means you accept the updated version. If you do not agree, you may stop using the Service and delete your account.

Contact:

• Privacy and data subject requests: [email protected]
• General product support: [email protected]
• Legal inquiries: [email protected]

We will make reasonable efforts to respond within a reasonable time.