Privacy Policy
We believe privacy is a right, not a feature. This policy explains exactly what data we collect, why, and how you can control it.
1. Information We Collect
Account Information
When you create a Orivan account, we collect your email address, username, and password (stored as a secure hash). If you sign up with Google, we receive your name, email, and profile picture from Google.
Profile Information
Information you voluntarily add to your public profile, including your display name, bio, avatar image, and the links you add to your page.
Usage Data
We collect analytics data about how visitors interact with your profile page, including page views, link clicks, device type, approximate country (derived from IP address), and referrer URL. We do not store full IP addresses.
Payment Information
If you subscribe to Orivan Pro, payment is processed by Stripe. We never store your full credit card number. We only receive a token and the last 4 digits of your card from Stripe.
Communications
If you contact us via email or our contact form, we store your message and email address to respond to your inquiry.
2. How We Use Your Information
To provide the service
We use your information to create and maintain your account, display your public profile page, process payments, and provide customer support.
To improve the service
Aggregated, anonymized usage data helps us understand how people use Orivan and where we can improve. We never sell individual user data.
To communicate with you
We may send you transactional emails (account confirmations, password resets, billing receipts) and, if you opt in, product updates and newsletters. You can unsubscribe from marketing emails at any time.
To prevent abuse
We use account and usage data to detect and prevent spam, fraud, and violations of our Terms of Service.
3. Data Sharing
We do not sell your data
We never sell, rent, or trade your personal information to third parties for their marketing purposes.
Service providers
We share data with trusted service providers who help us operate Orivan: Supabase (database and authentication), Stripe (payment processing), Vercel (hosting), and Resend (transactional email). Each provider is bound by data processing agreements.
Legal requirements
We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Orivan, our users, or the public.
Business transfers
If Orivan is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
4. Data Retention
Active accounts
We retain your data for as long as your account is active or as needed to provide you with our services.
Account deletion
When you delete your account, we permanently delete your profile, links, and personal data within 30 days. Anonymized analytics data (with no personally identifiable information) may be retained for statistical purposes.
Backups
Deleted data may persist in encrypted backups for up to 90 days before being permanently purged.
5. Your Rights
Access and portability
You can access and download all your personal data from your account settings at any time.
Correction
You can update your profile information, email address, and username directly in your account settings.
Deletion
You can delete your account and all associated data from Settings → Account → Delete Account. This action is permanent and cannot be undone.
GDPR rights (EU users)
If you are in the European Union, you have the right to access, rectify, erase, restrict processing, and object to processing of your personal data. You also have the right to data portability. To exercise these rights, contact us at privacy@orivan.me.
CCPA rights (California users)
California residents have the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information (we do not sell personal information).
7. Security
Technical measures
We use industry-standard security measures including TLS encryption for data in transit, AES-256 encryption for data at rest, row-level security in our database, and regular security audits.
Reporting vulnerabilities
If you discover a security vulnerability, please report it responsibly to security@orivan.me. We will respond within 24 hours and work with you to resolve the issue.
8. GDPR Compliance
Legal basis for processing
We process your data on the following legal bases: contract performance (to provide the service you signed up for), legitimate interests (to improve our service and prevent abuse), consent (for marketing communications), and legal obligation (to comply with applicable laws).
Data transfers
Orivan is based in the United States. If you are in the EU/EEA, your data may be transferred to and processed in the US. We ensure appropriate safeguards are in place through Standard Contractual Clauses with our service providers.
Data Protection Officer
For GDPR-related inquiries, contact our Data Protection Officer at privacy@orivan.me.
9. Changes to This Policy
Notification of changes
We will notify you of material changes to this Privacy Policy by email and by posting a notice on our website at least 30 days before the changes take effect. Your continued use of Orivan after the effective date constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us: