Oria Privacy Policy

1. Who we are and how to contact us

2. Scope of this Policy

This Policy applies to personal information we collect online and offline in connection with:

• The Oria PowerPoint add-in, including when obtained through Microsoft Marketplace
• Our website and web app
• Related support, marketing, and communications.

It does not apply to:

• Third-party websites, services, or content that link to or integrate with our Services
• Microsoft's own products, stores, or services, which are governed by Microsoft's terms and privacy statement.

3. Information we collect

We aim to collect only what we need to provide and improve the Services.

3.1 Account and contact information

• Name (if you choose to provide it)
• Email address
• Password or other credentials for your Oria account
• Communication preferences.

3.2 PowerPoint slide and content information (Add-in)

When you use the Oria PowerPoint add-in on a slide, we process information from:

• The currently selected slide, such as:
  • Text on the slide
  • Layout and positions of elements (e.g., text boxes, shapes, images, placeholders)
  • A screenshot or representation of the selected slide for design purposes
• Reference images or other assets you choose to upload or reference in Oria
• Additional input you provide, such as prompts, style preferences, or comments.

We use this information only to generate or improve presentation slides and related features.

Unless explicitly stated otherwise, we do not scan your entire computer or account and we do not access content outside the scope necessary to provide the requested Oria functionality within PowerPoint.

3.3 Usage, logs, and device information

When you use the Services, we may collect:

• IP address
• Country or general location (derived from IP)
• Device type and operating system
• PowerPoint version and environment (e.g., desktop client, Microsoft 365)
• Log data such as:
  • Dates and times of sessions
  • Add-in events (e.g., when you run a slide generation request)
  • Technical error and crash information.

We use this primarily for security, troubleshooting, usage analytics, and product improvement.

3.4 Payment and billing information

Payments for Oria subscriptions or one-off credit packages are processed by Stripe or other payment providers on our behalf.

• We generally receive limited information such as transaction IDs, payment status, and the fact that a payment was made.
• Card details (e.g., full credit card numbers) are collected and processed directly by our payment provider, not by Oria.
• Payment providers may collect additional device or fraud-prevention data in line with their own privacy policies.

3.5 Communications and support

If you contact us (for example via email or a support form), we collect:

• Your contact details
• The content of your message, attachments, and any follow-up communication
• Metadata related to support (e.g., ticket IDs, internal notes).

3.6 Inferences and analytics

We may derive simple analytics and inferences from the data above, such as:

• How often features are used
• Typical presentation sizes or patterns (in aggregated or de-identified form)
• General user preferences and usage trends.

4. How the Oria PowerPoint add-in accesses and uses your content

When you trigger Oria on a slide, the Add-in:

1. Reads the selected slide's content:
   • Text, positions, and other properties of slide objects
   • A screenshot or internal representation of the selected slide
   • Reference images you've associated with the slide or presentation.
2. Sends necessary data to our servers to:
   • Generate or redesign slides using AI models
   • Apply your style or brand preferences where available
   • Return updated or new slide content back to PowerPoint.
3. May send that data to AI / cloud providers (such as OpenAI or Google) acting as our service providers, to run the underlying AI models on our behalf.

We do not use the Add-in to:

• Access files or folders unrelated to providing Oria's functionality
• Secretly collect personal documents outside the Office context
• Sell your slide content or prompts as a product.

5. Why we use information (purposes)

We use personal information for the following purposes:

1. Provide and operate the Services
   • Authenticate you and manage your Oria account
   • Provide free credits, subscriptions, and one-off credit purchases
   • Power the Oria PowerPoint add-in and generate slides on your behalf.
2. Process payments and manage subscriptions
   • Coordinate with payment providers (e.g., Stripe)
   • Handle billing, credit balances, and subscription status.
3. Improve and develop the Services
   • Understand how features are used
   • Fix bugs and technical issues
   • Experiment with new features and improve existing ones, often using aggregated or de-identified data.
4. Security and abuse prevention
   • Detect and prevent fraud, spam, misuse, or security incidents
   • Protect the integrity of our Services, users, and infrastructure.
5. Communications
   • Send service-related messages (e.g., account notices, technical alerts)
   • Respond to your support requests
   • Send marketing or product updates where permitted by law, with the option to opt out.
6. Legal, compliance, and enforcement
   • Comply with applicable laws and legal processes
   • Enforce our terms and other agreements.

6. Legal bases for processing

Where the GDPR or similar laws apply, we rely on one or more of the following legal bases:

• Contract – To provide the Services you requested (e.g., to run the Add-in on your slides).
• Legitimate interests – For example, to secure and improve the Services, prevent fraud, and understand how the Services are used, where these interests are not overridden by your rights and interests.
• Consent – For certain cookies, marketing communications, or specific optional features where required by law.
• Legal obligation – Where processing is necessary to comply with applicable laws.
• Vital interests – In rare cases, to protect someone's life or vital interests.

7. Cookies and similar technologies

Our website and web-based components may use cookies, SDKs, and similar technologies to:

• Provide core functionality (e.g., login, session management)
• Perform analytics and measure usage
• Support marketing where permitted.

You can usually control cookies through your browser settings. Where required, we will request your consent for certain cookies and will respect your choices.

8. How we share information

We share personal information only as needed and with appropriate safeguards in place.

8.1 Service providers and processors

We use third-party service providers to operate our business, such as:

• Cloud hosting and infrastructure (e.g., data centers and compute services)
• Databases and storage platforms
• Logging, analytics, and monitoring tools
• Customer support and communication tools
• Payment processors (e.g., Stripe)
• AI / machine-learning providers (e.g., OpenAI, Google) that process prompts and slide content for us.

These providers may process personal information on our behalf and are contractually required to:

• Use the data only to provide services to us
• Protect the data with appropriate security measures.

8.2 AI and LLM providers

When we send your prompts, slide text, and related context to AI providers:

• They process this data to generate outputs (e.g., improved slide layouts or text) on our behalf.
• We configure and use these services in line with their privacy and security documentation, to the extent available to us.
• Their own privacy policies and terms may apply in addition to this Policy.

We do not sell or publish your slide content or prompts as training datasets for third parties. If we materially change how we use your content for AI training in the future, we will update this Policy and, where required, provide you with additional notice or choices.

8.3 Professional advisers

We may share limited personal information with professional advisers (such as lawyers, auditors, and tax advisers) as necessary for their services and subject to confidentiality obligations.

8.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will take steps to ensure that any recipient continues to protect your personal information as described in this Policy.

8.5 Legal and safety

We may disclose information if we believe in good faith that it is reasonably necessary to:

• Comply with laws, regulations, legal processes, or governmental requests
• Enforce our terms and policies
• Protect the rights, property, or safety of Oria, our users, or the public.

8.6 No selling of personal information

We do not sell personal information for money. If we ever engage in activities that constitute a "sale" or "sharing" of personal information under applicable privacy laws, we will provide required notices and opt-out mechanisms.

9. International data transfers

We are based in the United States and use service providers located in various countries. This means your information may be transferred to, stored in, or processed in countries that may have data protection laws different from those in your jurisdiction.

10. Data retention

We retain personal information only for as long as reasonably necessary to:

• Provide the Services and operate our business
• Fulfill the purposes described in this Policy
• Comply with legal, tax, or accounting requirements
• Resolve disputes and enforce our agreements.

In general:

• Account information is kept while your account is active and for a reasonable period afterwards (for example, to answer questions, prevent fraud, or comply with legal obligations).
• Slide content and prompts processed through the Add-in are retained only as long as needed to:
  • Provide the requested feature or output
  • Maintain service quality and security (for example, transient logs or backups)
  • Comply with legal or regulatory requirements.
• We may de-identify or aggregate data so that it is no longer reasonably linked to an identified or identifiable person, in which case we may use that information for longer.

You can request deletion of your personal information as described in Section 12 below; we will honor such requests in accordance with applicable law.

11. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, including measures such as:

• Encryption in transit (e.g., HTTPS) and, where appropriate, at rest
• Access controls and authentication for internal tools
• Limiting access to personal information to staff and service providers who need it
• Monitoring and logging for security-relevant events
• Periodic reviews of our security practices.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your rights and choices

Your rights depend on your location and the privacy laws that apply to you, but may include the following:

12.1 Access, correction, and deletion

You may have the right to:

• Request access to personal information we hold about you
• Request that we correct inaccurate or incomplete personal information
• Request deletion of personal information, subject to certain exceptions (for example, where we must retain data for legal reasons).

12.2 Restriction and objection

In some regions you may have the right to:

• Request that we restrict certain processing of your personal information
• Object to processing based on our legitimate interests, in which case we will stop or limit processing unless we have compelling legitimate grounds or other legal bases.

12.3 Data portability

You may have the right to request a copy of certain personal information in a structured, commonly used, and machine-readable format.

12.4 Marketing communications

You can opt out of marketing emails:

• By following the unsubscribe instructions in those emails, or
• By contacting us at the email address below.

We may still send you non-marketing communications, such as transactional or service-related messages.

13. Third-party services and links

The Services may contain links to third-party websites, apps, or services (including Microsoft, payment providers, AI providers, and other tools). These third parties have their own privacy policies and practices, which we do not control.

We encourage you to review the privacy policies of any third-party services you use.

14. Microsoft store and ecosystem disclosures

When you install or use the Oria PowerPoint add-in via a Microsoft store (such as Microsoft AppSource):

• Microsoft may collect its own diagnostic, usage, and account data under the Microsoft Privacy Statement.
• This Privacy Policy covers how Oria handles data that we receive or process via the Add-in.
• Our Product is designed not to collect highly sensitive categories of personal information unless necessary to provide the requested functionality, and we clearly explain what we collect, why, and how it is used, as required by Microsoft Store policies.

15. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will:

• Update the "Last updated" date at the top, and
• Provide additional notice if required by law (for example, via email or an in-app notification).

Your continued use of the Services after any changes take effect means you accept the updated Policy.

16. How to contact us

If you have questions, concerns, or requests regarding this Policy or our data practices, you can contact us at:

Email: andrew@oria.one

Postal address:
Oria One Inc.
1007 N Orange St., 4th Floor, Suite #4801
Wilmington, DE 19801
USA