Privacy Policy

Oreko is a product of Infinite Wisdm FZ LLC, based in Al Hulaila Industrial Free Zone, RAK, United Arab Emirates.

• Email: privacy@oreko.app
• Website: oreko.app

Grievance Officer: reachable at grievance@oreko.app. Acknowledgement within 48 hours, substantive response within 30 days.

2.1 Account and Identity Data

• Your name and email address.
• Password (stored encrypted, never visible in plain text).
• OAuth profile data if you sign in via Google or another provider.

2.2 Billing Data

Our payment processor (Stripe or Razorpay) handles your card details directly. Oreko does not store your full card number, CVV, or banking credentials. We only store:

• Your subscription plan and status.
• Payment history and invoice records.
• Billing name and address for invoice generation.

2.3 Usage Data

Collected on the basis of legitimate interest (improving service quality and fixing bugs):

• Pages visited and features used.
• Browser type, device type, and operating system.
• IP address and approximate location (country/city level). Retained for no longer than 12 months.
• Error logs and crash reports.

2.4 Data You Submit

Any content you create, upload, or submit while using Oreko is stored on our servers and treated as your data.

• To provide and operate the Oreko service.
• To process payments and manage your subscription.
• To send transactional emails (receipts, password resets, account alerts).
• To fix bugs, improve performance, and develop new features.
• To comply with applicable legal obligations.

We do not sell your data. We do not use your data for advertising.

We share your data only with the following third-party service providers, and only to the extent necessary:

• Payment processors: Stripe and/or Razorpay.
• Cloud infrastructure: Amazon Web Services (AWS), region ap-south-1 (Mumbai), and/or Supabase.
• Email delivery: Postmark and/or Resend.
• Analytics: PostHog (self-hosted or EU-hosted). All analytics data is pseudonymised. You may opt out from your account settings.

Your data is stored on secure cloud servers. Backups may be replicated to additional regions for redundancy.

• Encryption in transit (HTTPS/TLS).
• Encryption at rest for sensitive fields.
• Access controls limiting who on our team can view user data.
• Regular security reviews.

We will notify you within 72 hours of discovery if a breach affects your personal data.

• Account data: retained for as long as your account is active.
• Billing records: retained for 7 years as required by applicable tax law.
• Usage/log data (including IP addresses): retained for up to 12 months, then deleted or anonymised.
• Data you submitted: automatically deleted within 30 days of account closure. You may contact support@oreko.app to export your data before deletion.

Under applicable data protection law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data (subject to legal retention obligations).
• Withdraw consent for processing at any time.
• Raise a grievance with our Grievance Officer.

To exercise any of these rights, email privacy@oreko.app. We will acknowledge within 48 hours and respond within 30 days.

If you are in the EU, you may have additional rights under GDPR, including data portability and the right to lodge a complaint with your local supervisory authority.

• Strictly necessary cookies: session cookies to keep you logged in. Essential, cannot be disabled.
• Preference cookies: to remember your settings.
• Analytics cookies: non-essential, require your affirmative consent. Not set until you opt in.

You can change your cookie preferences at any time from your account settings or by clicking “Cookie Preferences” in the footer.

Oreko is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, contact privacy@oreko.app and we will delete it promptly.

Your data may be transferred to and processed in jurisdictions outside your own. We ensure compliance with applicable data protection laws and, where applicable, GDPR requirements through appropriate safeguards such as Standard Contractual Clauses (SCCs).

We may update this Privacy Policy from time to time. We will update the “Last updated” date and notify you by email if the changes are material. Continued use after changes are posted constitutes acceptance.

• Email: privacy@oreko.app
• Grievance Officer: grievance@oreko.app
• Website: oreko.app
• Company: Infinite Wisdm FZ LLC, Al Hulaila Industrial Free Zone, RAK, UAE