Privacy Policy

Orii.ai is operated by Mindful Monk LLC.

2.1 Introduction

Orii.ai is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our Platform. It is designed to comply with:

• GDPR — European Union / EEA
• UK General Data Protection Regulation (UK GDPR)
• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
• Canada's PIPEDA
• Australia's Privacy Act 1988
• Brazil's LGPD
• India's Digital Personal Data Protection Act (DPDPA)
• Singapore's Personal Data Protection Act (PDPA)
• Other applicable national and regional privacy laws

2.2 Data Controller

Orii.ai is the data controller for your personal data. Data Protection Officer (DPO): [email protected]

2.3 Information We Collect

Directly Provided

• Account data: name, email, password (encrypted), company, job title;
• Profile data: investment preferences, geographic areas of interest;
• Payment data: billing address (processed by PCI-DSS compliant processor — we do not store full card numbers);
• Communications: support tickets, survey responses, feedback.

Collected Automatically

• Device/technical data: IP address, browser type, operating system, device identifiers;
• Usage data: pages viewed, features used, search queries, click-stream data;
• Location: general geographic location from IP address (no precise GPS unless explicitly authorized);
• Cookies and tracking technologies (see Cookie Policy).

From Third Parties

• Third-party login providers (e.g., Google OAuth): name, email, profile photo;
• Public real estate databases, government records, commercial data providers.

2.4 Legal Bases for Processing (GDPR/UK GDPR)

• Contract performance: to provide the Services you requested;
• Legitimate interests: improving the Platform, fraud prevention, security, analytics;
• Legal obligation: compliance with applicable laws;
• Consent: for marketing communications and non-essential cookies (withdrawable at any time).

2.5 How We Use Your Information

• Create and manage your account and deliver Services;
• Process payments and manage subscriptions;
• Personalize your experience and provide AI-driven recommendations;
• Send transactional and (with consent) marketing communications;
• Train and improve AI models using aggregated, de-identified data;
• Detect and prevent fraud, abuse, and illegal activities;
• Comply with legal obligations.

2.6 Data Sharing

We do not sell your personal data. We may share with:

• Service providers: payment processors, cloud hosts, analytics vendors — all bound by data processing agreements;
• Business transfers: in mergers/acquisitions, subject to comparable privacy protections;
• Legal authorities: when required by law, subpoena, or legal process;
• Third parties: only with your explicit consent.

2.7 International Data Transfers

Your data may be transferred internationally. Safeguards include EU Standard Contractual Clauses (SCCs), UK IDTA, and adequacy decisions where applicable.

2.8 Data Retention

• Account data: duration of account plus up to 7 years after deletion (legal/tax compliance);
• Transaction records: up to 7 years;
• Log data: up to 24 months;
• Marketing data: until unsubscribe or withdrawal of consent.

2.9 Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

• Access, rectify, erase, or restrict processing of your personal data;
• Data portability (receive your data in machine-readable format);
• Object to processing based on legitimate interests or for direct marketing;
• Withdraw consent at any time;
• Opt out of sale/sharing of personal information (CCPA/CPRA — we do not sell data);
• Lodge a complaint with your local data protection authority.

To exercise your rights, contact us at [email protected]. We respond within 30 days as required by law.

2.10 Children's Privacy

The Platform is not directed to individuals under 18. We do not knowingly collect data from minors. Contact us immediately if you believe a minor has provided personal data.

2.11 Security

We implement industry-standard security including TLS/SSL encryption in transit, AES-256 encryption at rest, multi-factor authentication, regular penetration testing, and employee privacy training. No system is completely secure; you are responsible for your account credentials.

2.12 Changes to This Policy

We will notify you of material changes by posting the updated Policy on the Platform. Continued use after changes constitutes acceptance.