Privacy Policy
We wrote this in plain language. No legalese, no buried clauses. Here is exactly what we collect, why, and what you can do about it.
What we collect
When you create an account, we collect your email address, chosen username, and password (stored as a bcrypt hash — we never see your plain-text password). If you sign up with Google, we receive your name and email from Google.
Your display name, bio, avatar, links, and any customization settings you configure in your dashboard.
When visitors view your profile page, we record the event type (view or click), approximate country (derived from IP — the IP itself is not stored), device type, and referrer URL. This data is attributed to your profile, not to individual visitors.
We use Stripe to process payments. We never see or store your full card number. Stripe provides us with a customer ID, subscription status, and last-4 card digits for display purposes only.
Standard server logs including request timestamps, pages visited, and error events. These are used for debugging and infrastructure monitoring, retained for 30 days, and never sold.
How we use your data
Your account data is used to authenticate you, display your profile page, and power your dashboard. Without this data, the service cannot function.
Visitor events are aggregated and displayed in your analytics dashboard so you can understand your audience and optimize your page.
Billing data is used to manage your subscription, send receipts, and handle upgrades or cancellations.
We send emails for account verification, password resets, subscription confirmations, and important service updates. We do not send marketing emails unless you explicitly opt in.
Aggregated, anonymized usage patterns help us understand which features are used most and where users encounter friction. No individual user data is used for this purpose.
Data sharing
Full stop. Your personal data is never sold, rented, or traded to third parties for advertising or any other commercial purpose.
We share data with a small number of trusted providers who help us operate: Supabase (database and auth), Stripe (payments), Vercel (hosting), and Resend (transactional email). Each provider is bound by a data processing agreement.
We may disclose data if required by law, court order, or to protect the rights and safety of Orivan, our users, or the public. We will notify you of such requests where legally permitted.
If Orivan is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
Your rights
You can export all your data at any time from Dashboard → Settings → Account → Export Data. This includes your profile, links, and analytics history.
You can update your profile information, email address, and account settings directly in your dashboard at any time.
You can delete your account from Dashboard → Settings → Account → Delete Account. This permanently removes your profile, links, and personal data. Anonymized analytics aggregates may be retained for statistical purposes.
Your exported data is provided in JSON format, which is machine-readable and can be imported into other services.
If you are in the EU or California, you have additional rights including the right to object to processing and the right to restrict processing. Contact us at privacy@orivan.me to exercise these rights.
Security
All data transmitted between your browser and our servers is encrypted using TLS 1.3. We enforce HTTPS on all endpoints.
Your database is encrypted at rest by Supabase using AES-256. Passwords are hashed with bcrypt and never stored in plain text.
Our database enforces row-level security policies so that each user can only access their own data, even at the database query level.
In the event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR.
Questions about your privacy?
Email us at privacy@orivan.me. We respond to all privacy inquiries within 48 hours.
Contact us