Privacy Policy

Short version: BYOK means you use your own provider account and API key. We do not sell your data, use it for advertising, or train Oriveo-owned AI models on your content. We process content only where needed to provide the features you choose.

• API keys: stored locally by default. On web and other server-routed compatibility paths, the key may be transmitted for a single request so Oriveo can forward it to the provider you selected; we do not save it as an account record.
• Chats and attachments: stored locally first. If cloud sync is enabled, conversation records, message text, model output, reasoning text where available, and attachment metadata sync through Firebase Firestore. Attachment files may be uploaded to Firebase Cloud Storage for cross-device access.
• Provider routing: native apps may contact providers directly in many BYOK flows. The web app, Relay, Oriveo Free, and some capabilities may route requests through Oriveo servers for streaming, compatibility, quota, or safety controls.
• Backups: exported backups may include conversation data and attachments. API keys are encrypted only if you choose to include them and provide a password.
• What we do not do: we do not sell personal data, use it for targeted advertising, or train Oriveo-owned models on your content.

For purposes of this Privacy Policy, the data controller for the Service is the Oriveo team.

• Operating entity: Oriveo team
• Registered / mailing address: contact [email protected] for the applicable operating entity and mailing information
• Privacy and data protection contact: [email protected]
• General support: [email protected]

If you are located in the EEA, the United Kingdom, or Switzerland, you may also contact us or your local data protection authority regarding the processing of your personal data in connection with the Service.

We collect only the information required to operate the Service and the features you use. Main categories include:

• Account information: through Firebase Authentication, we process your email address, display name, profile image URL, and login method (Google, Apple, or email OTP). We do not store your password; email OTP codes are sent through Resend and typically expire within 10 minutes.
• Cloud sync data (if enabled): Firebase Firestore stores and syncs conversation records, message text, model output, reasoning text where available, timestamps, folders, Skills directory data, Memory text, preferences, usage statistics, model/provider metadata, attachment metadata, image thumbnails, and storage references.
• Attachments (if sync or attachment access requires it): images, PDFs, and other files may be uploaded to your account area in Firebase Cloud Storage to support multi-device access; you can delete them at any time.
• BYOK routing data: to complete model requests, prompts, attachments, model selections, API keys, and responses are processed by the AI provider you choose. In the web app, Relay, and some compatibility paths, this traffic may pass through Oriveo servers as a transient forwarding step.
• Skill knowledge-base files: when you upload knowledge files for a Skill, our backend may relay them to OpenAI Vector Store to enable retrieval; the original files and vectors are used only within your account.
• Technical and device data: IP address, approximate IP-based location, device model, operating system version, app version, language, and time zone for abuse prevention, rate limiting, diagnostics, and compliance.
• Error and performance diagnostics: through Sentry, we may receive uncaught exception stack traces, breadcrumbs, your current user identifier (Firebase UID), and device fingerprints. These records may be linked to your account and are not fully anonymous; you can turn diagnostics off in "Settings -> Privacy".
• Operational records for Oriveo Free: when you use the free tier, requests are relayed through Oriveo servers to upstream model providers. We keep the minimum records needed for quota, abuse prevention, stability, reports, and audit. Normal Free chat message bodies are not persisted as chat logs by default, but they are processed in transit.
• Admin security data: when administrators sign in, we may use Cloudflare Turnstile to verify human access and log the related sign-in events.

In BYOK mode, Oriveo is designed to minimize what we store, but the following data can still be processed depending on the feature and platform:

• API keys are stored locally by default; in web or server-routed compatibility paths they may be transmitted only to complete the selected provider request and are not saved as account records.
• Prompts, conversation context, attachments, and model responses are sent to the AI provider you choose so the model can generate a response.
• On the web app, Relay, Oriveo Free, and certain compatibility or streaming flows, requests and responses may pass through Oriveo servers transiently.
• If cloud sync is enabled, conversation history, message text, model output, reasoning text where available, and attachment metadata sync through Firebase Firestore; attachment files may be uploaded to Firebase Cloud Storage.
• If you export or restore a backup, the backup file may contain conversations and attachments. API keys are included only if you choose that option and protect them with a password.

We process personal data only for the following purposes and, where applicable, on the legal bases required by GDPR, UK GDPR, CCPA/CPRA, and similar laws:

• Providing and maintaining the Service (account sign-in, cloud sync, multi-device access) — necessary for contract performance.
• Diagnosing failures and improving the product (error logs, crash stacks, aggregated usage metrics) — based on our legitimate interest in improving stability and quality.
• Security, abuse prevention, and quota controls (rate limiting, CAPTCHA, anomalous login detection, Oriveo Free quota auditing, anti-fraud measures) — based on legitimate interests and/or legal obligations.
• Operating Oriveo Free (request routing, quota calculation, complaint handling) — necessary for contract performance.
• Responding to legal requirements (court orders, regulatory requests, data subject requests) — to comply with legal obligations.
• Communicating with you about service changes, security incidents, and other important notices — necessary for contract performance or based on legitimate interests.

We do not:

• sell or rent your personal data to third parties;
• use your personal data for targeted advertising or advertising profiling;
• use your content to train Oriveo AI models.

To operate the Service, we share only the data needed with the following sub-processors and service providers:

• Google Firebase (Authentication / Firestore / Cloud Storage / Hosting) — account data, sync data including conversation records and message content when sync is enabled, attachment metadata, attachment files, and hosting data.
• Sentry — error and performance diagnostics.
• Resend — recipient email addresses and one-time login codes.
• Cloudflare — network metadata, IP addresses, security controls, and Turnstile for Admin.
• OpenAI — Skill knowledge-base Vector Store usage and, where applicable, routed model requests.
• AI providers you choose — prompts, attachments, conversation context, model selections, and responses needed to provide BYOK or Relay model calls. Depending on platform and feature, the request may be sent directly by the client or forwarded through Oriveo compatibility endpoints.
• Oriveo Free upstream providers — prompts and conversation context needed to produce responses in the free tier.

Each provider has its own privacy policy and data-processing rules. You are responsible for reviewing them, including training-data opt-out settings where available. Outside the situations listed above and cases required by law, we do not sell, rent, or transfer your personal data for advertising.

Our cloud infrastructure (including Firebase, Sentry, and Cloudflare) operates across multiple regions. If you access the Service from a region different from where certain infrastructure is located, your personal data may be transferred internationally.

We use the following mechanisms:

• For users in the EEA / United Kingdom / Switzerland: Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary safeguards where required.
• For users in other jurisdictions: compliance with the applicable local requirements governing international transfers.

If you would like more information about the relevant transfer mechanism, please contact [email protected].

Retention periods:

• account information: for the life of your account plus up to 30 days after deletion to handle mistaken-deletion recovery;
• cloud sync data, synced message content, attachment metadata, attachment files, and knowledge-base files: until you delete them, disable/remove the relevant data, or close your account, subject to technical backup retention;
• Oriveo Free quota, abuse-prevention, and audit records: up to 180 days unless a longer period is required for security, legal, or dispute reasons;
• user-submitted report details: up to 180 days unless a longer period is required to resolve a dispute, enforce terms, or comply with law;
• Sentry error logs: up to 90 days;
• Admin sign-in logs: up to 12 months;
• OTP codes: 10 minutes or immediate expiry after successful verification;
• data that must be retained by law: for the period required by applicable law.

Security measures:

• Encryption in transit: all client-server connections use TLS 1.2 or higher.
• Encryption at rest: server infrastructure uses encryption at rest. Exported backup files can encrypt included API keys with AES-256 when you provide a password.
• On-device API key protection: iOS Keychain / Android Keystore on native apps; browser storage isolated by the same-origin policy on the web.
• Access controls: internal access follows the principle of least privilege, and sensitive operations are audited.
• Breach notification: if a personal data incident is likely to pose a high risk to you, we will try to notify you within 72 hours by email or in-app notice and, where required, notify the relevant regulator.

Depending on the law that applies to you (including GDPR, UK GDPR, CCPA/CPRA, and similar laws), you may have the following rights regarding your personal data:

• Access and copy: you can export all of your data as an encrypted ZIP from "Settings → Backup → Export".
• Correction: you can update editable information yourself in account settings; for other fields, you can contact us by email.
• Deletion: from "Settings → Account → Delete Account" you can delete the server-side data associated with your account; certain logs may remain within the applicable retention period.
• Portability: export in a structured, commonly used, machine-readable format.
• Restriction or objection: you can disable diagnostics, turn off cloud sync, or stop using your account at any time.
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
• Automated decision-making: we do not make decisions producing legal or similarly significant effects about you based solely on automated processing; Oriveo Free quota calculation is an operational anti-abuse control and is not profiling. Where applicable law grants you related rights, you can exercise them by contacting [email protected].
• Right to lodge a complaint: users in the EEA / United Kingdom may contact their local data protection authority; California users may contact the California Attorney General.
• No sale or sharing of personal information; non-discrimination (California): we do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We will not discriminate against you for exercising any of these rights.

Response time: we generally respond within 30 days after receiving a verifiable request. Where permitted by applicable law, we may extend this period for complex or numerous requests and will inform you of any extension and the reasons for it.

The Oriveo website and web app use the following storage technologies, and not for advertising targeting or cross-site tracking:

• Strictly necessary: Firebase Auth session cookies, CSRF protection tokens, and Admin JWT cookies.
• Functional: theme, language, and layout preferences; conversation drafts; and model metadata caches stored in browser IndexedDB or equivalent local storage.
• Security: Cloudflare Turnstile for Admin and Cloudflare DDoS-protection tokens.
• Analytics: we use PostHog, hosted in the European Union (eu.i.posthog.com), for privacy-conscious first-party product analytics. Capture is limited to actions you take, such as button clicks; we disable session recording, autocapture, and survey features, and PostHog stores only an anonymous identifier in your browser. These analytics are never used for advertising or cross-site tracking. You can opt out by blocking cookies and local storage in your browser settings.

We do not use third-party advertising cookies, cross-site tracking pixels, or ad-tech scripts. You may clear or block cookies in your browser settings, but doing so may affect sign-in or certain features.

The Service is not directed to children under 13 (or the higher minimum age required in your jurisdiction, such as 16 in parts of the EEA). Users below the applicable age may use the Service only with the consent and supervision of a parent or legal guardian.

We do not knowingly collect personal data from children below the applicable legal age. If you are a parent or legal guardian and believe your child has provided us with personal data, please contact [email protected] and we will verify and delete the data promptly.

Policy changes: we may update this Privacy Policy from time to time to reflect changes in the product, technology, operations, or applicable law. If a change is material, we will notify you before it takes effect through an in-app notice, email, or a prominent notice on our website, and we will update the "Last updated" date accordingly. If you continue using the Service after the revised policy takes effect, that means you accept the updated version. If you do not agree, you may stop using the Service and delete your account.

Contact:

• Privacy and data subject requests: [email protected]
• General product support: [email protected]
• Legal inquiries: [email protected]

We will make reasonable efforts to respond within a reasonable time.