Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, job title when you create an account or request a demo.
• Business Data: Customer records, contacts, opportunities, and other business information you input into the platform.
• Communication Data: Email content, voice recordings, and messages processed by our agents with your explicit authorization.
• Integration Data: Data from third-party systems (Salesforce, Gmail, Outlook, Slack) that you connect to OrionEQ.

1.2 Information Collected Automatically

• Usage Data: Log data including agent actions, feature usage, and system interactions.
• Technical Data: IP address, browser type, device information, and operating system.
• Audit Logs: Comprehensive logs of all agent actions for governance and compliance purposes.

2. How We Use Your Information

We use your information to:

• Provide Services: Operate the platform, orchestrate agents, and deliver the functionality you expect.
• Agent Intelligence: Train and improve agent performance within your tenant using your data (never shared across tenants).
• Security & Governance: Maintain audit logs, detect anomalies, and ensure compliance with enterprise security requirements.
• Communication: Send service updates, security alerts, and respond to your inquiries.
• Legal Compliance: Meet our legal obligations including data retention requirements.

3. Data Storage and Security

3.1 Data Storage

• Infrastructure: Data is stored on Amazon Web Services (AWS) in secure, enterprise-grade data centers.
• Data Residency: EU customers can request data storage in EU regions for GDPR compliance.
• Tenant Isolation: Each customer's data is isolated in separate databases with no cross-tenant access.

3.2 Security Measures

• Encryption at Rest: AES-256 encryption for all stored data.
• Encryption in Transit: TLS 1.3 for all network communication.
• Access Controls: Role-based access control (RBAC) with SSO and MFA support.
• Audit Logs: 3-year retention of all agent actions with full traceability.
• SOC 2 Type II: Our security controls are designed to meet SOC 2 Type II requirements.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

• Service Providers: Third-party vendors who assist in operating our platform (AWS, email providers, analytics tools) under strict data processing agreements.
• Integrations: Third-party systems you explicitly connect (Salesforce, Gmail, etc.) to enable agent functionality.
• Legal Requirements: When required by law, court order, or government regulation.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

5. Your Rights (GDPR & Privacy)

Under GDPR and applicable privacy laws, you have the following rights:

• Right to Access: Request a copy of your personal data we hold.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data (subject to legal retention requirements).
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Restrict Processing: Limit how we process your data in certain circumstances.
• Right to Object: Object to processing of your data for specific purposes.
• Right to Withdraw Consent: Withdraw consent for data processing at any time.

To exercise these rights, contact us at privacy@orioneq.ai

6. Data Retention

• Active Accounts: We retain your data for as long as your account is active and as necessary to provide services.
• Audit Logs: Retained for 3 years for compliance and governance purposes.
• Deleted Accounts: Upon account deletion, personal data is removed within 90 days, except where retention is required by law.
• Backup Data: Backup copies are retained for 30 days and then permanently deleted.

7. International Data Transfers

OrionEQ is based in the United States. If you access our services from outside the US, your data may be transferred to and processed in the US or other countries where our service providers operate.

For EU users, we provide:

• Standard Contractual Clauses (SCCs) for data transfers
• Data residency options in EU regions
• GDPR-compliant data processing agreements

8. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze platform usage and performance

You can control cookies through your browser settings. Note that disabling cookies may limit platform functionality.

9. Third-Party Integrations

When you connect third-party services (Gmail, Outlook, Salesforce, Slack), you authorize OrionEQ agents to access data from those services on your behalf. We only access data necessary for agent functionality and in accordance with your permissions.

Third-party services have their own privacy policies. We recommend reviewing them before connecting integrations.

10. Children's Privacy

OrionEQ is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Continued use of OrionEQ after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data access requests, or to exercise your rights:

• Email: privacy@orioneq.ai
• Data Protection Officer: dpo@orioneq.ai
• General Inquiries: hello@orioneq.ai