Privacy Policy

1. Introduction & Data Controller

Welcome to oriiion, an AI-powered digital marketing platform. This privacy policy explains how we collect, use, and protect your personal information in compliance with GDPR, CCPA, and other applicable privacy regulations.

2. Information We Collect

We collect information that you provide directly to us and automatically through your use of our services:

Account Information

• Email address and password for account creation
• Name and business information
• Business details, website, and location data
• Contact preferences and communication settings

Social Media Integration Data

• Facebook page access tokens, page information, and post data
• Instagram business account data and content information
• WhatsApp Business API messages and verification codes
• Telegram bot interactions and user identifiers

Content and Communications

• Chat messages sent through our AI assistant
• Images uploaded for content generation and editing
• Social media posts created and published through our platform
• Engagement data and analytics from connected social accounts

Payment and Affiliate Data

• Payment information processed through Stripe (see Stripe's privacy policy)
• Affiliate referral data and commission information

3. Legal Basis for Processing

We process your personal data based on the following legal bases:

4. Third-Party Data Processors

We share your data with the following trusted service providers who act as data processors:

AI Processing Services

• OpenAI: Chat messages and images for AI-powered content generation and assistance
• Replicate: Images and prompts for AI image generation and editing services

Social Media Platforms

• Meta (Facebook/Instagram/WhatsApp): Account connections, post publishing, and engagement data synchronization
• Telegram: Bot interactions and message delivery for connected accounts

Infrastructure and Support Services

• Stripe: Payment processing and subscription management View Stripe's Privacy Policy
• Google Cloud: Cloud hosting and data storage infrastructure
• Replit: Development platform and file storage services
• NeonDB: PostgreSQL database hosting with encryption at rest
• Sidemail: Transactional email delivery for account notifications

5. Your Privacy Rights

Under GDPR, CCPA, and other applicable privacy laws, you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right of Rectification: Request correction of inaccurate or incomplete personal data
• Right of Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Request your data in a machine-readable format for transfer
• Right to Restriction: Request limitation of processing under certain circumstances
• Right to Object: Object to processing based on legitimate interest or for direct marketing

To exercise these rights, contact us at data@oriiion.ai

6. International Data Transfers

Your data may be transferred outside the EU/EEA to our service providers. We ensure adequate protection through:

7. Data Security

• Encryption: TLS encryption for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access controls and regular access reviews
• Monitoring: Continuous security monitoring and logging of system activities
• Backups: Daily encrypted backups with secure retention and recovery procedures

In case of a data breach, we will notify relevant authorities within 72 hours and affected users without undue delay. Our full incident response procedures are available here

8. Data Retention

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes via email or through our platform before they take effect.

10. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us: