Privacy Policy

1. Scope

This Policy applies to visitors to our website, users who create Accounts, and customers who connect data sources through the Service. It covers information collected directly from you and information processed on your behalf through third-party integrations you configure.

This Policy does not cover the end-user data of our customers’ own products. Customers are responsible for their own privacy disclosures to their users regarding data shared with the Service.

2. Information We Collect

2.1 Account Information

When you create an Account, we collect basic information such as your name, email address, company name, and a securely hashed password.

2.2 Usage Data

We collect information about how you use the Service, including features accessed, actions taken, and interactions with the platform. We also collect technical data such as error events and performance metrics to diagnose issues and improve the Service.

2.3 Customer Data

The Service is designed to connect with data sources you control — such as analytics, billing, or monitoring tools — to generate intelligence about product usage. When you connect a data source by providing credentials or API keys, we access and process that data on your behalf solely to deliver the Service.

Your credentials are stored encrypted, scoped to your organization, and used only to authenticate with the relevant provider. We do not sell or share this data with third parties for their own purposes.

2.4 Communications

If you contact us directly, we retain the content of that communication and your contact details in order to respond and keep records.

2.5 Cookies and Tracking

We use cookies and similar technologies to maintain session state, remember preferences, and understand how the Service is used. You can manage cookies through your browser settings, though some features may not function correctly if cookies are disabled.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your Account and verify your identity;
• Provide, operate, maintain, and improve the Service;
• Monitor performance and security, and diagnose errors;
• Send transactional messages such as account confirmations and billing receipts;
• Communicate product updates and changes to this Policy (you may opt out of non-essential messages at any time);
• Comply with applicable legal obligations;
• Develop and improve our models and features using aggregated, de-identified data that cannot reasonably identify you or your users.

We do not use your Customer Data to train general-purpose models that serve other customers.

4. How We Share Your Information

We do not sell your personal information or Customer Data. We share information only as follows:

4.1 Service Providers

We work with third-party providers that process data on our behalf — for example, for hosting, authentication, analytics, error monitoring, and AI inference. These providers access only what is necessary to perform their functions and are bound by data protection obligations. We maintain a current list of sub-processors available upon request.

4.2 AI and Machine Learning

The Service uses artificial intelligence and machine learning, including third-party AI inference providers, to analyze Customer Data and generate insights. Customer Data sent to these providers is used solely to produce outputs within the Service. We contractually require that AI providers do not use your data to train or improve their own models.

4.3 Legal Requirements

We may disclose information if required by law, regulation, or legal process, or to protect the rights, property, or safety of Pontis, our customers, or others.

4.4 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will provide notice before your data becomes subject to a materially different privacy policy.

5. Data Retention

We retain Account and usage data for as long as your Account is active and for a reasonable period thereafter to meet legal obligations and resolve disputes. Customer Data is retained in accordance with your Subscription terms. Upon Account termination, we will delete or anonymize your data within 90 days, except where longer retention is required by law.

6. Security

We implement technical and organizational safeguards to protect your information from unauthorized access, disclosure, or loss. These include encryption at rest and in transit, access controls scoped to your organization, and continuous monitoring for security issues.

No system is completely secure. While we take these measures seriously, we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on where you are located, you may have certain rights regarding your personal information, including:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Delete your personal information, subject to legal retention requirements;
• Port your data in a machine-readable format;
• Object to certain types of processing;
• Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at shivam@oriyn.ai. We will respond within the timeframe required by applicable law.

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your information in accordance with applicable law.

8. International Data Transfers

Pontis Inc. is based in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

If you are located in the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate legal mechanisms for such transfers, which may include standard contractual clauses approved by the relevant authorities. You may request more information about the safeguards we apply by contacting us at shivam@oriyn.ai.

9. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have done so inadvertently, contact us and we will delete it promptly.

10. Third-Party Services

The Service may integrate with or link to third-party services not operated by us. This Policy does not apply to those services. We encourage you to review their privacy policies independently.

11. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes via email or within the Service at least 14 days before they take effect. The “Effective” date at the top of this Policy reflects the most recent update.

12. Contact Us

For questions or requests regarding this Policy or your data:

Email: shivam@oriyn.ai

Pontis Inc., a Delaware corporation

If you are located in the European Economic Area and we are unable to resolve your concern, you have the right to contact your local data protection authority.