Sign in

Privacy

The short version

Can Oria read my email?

Only if you connect it, and only to read. Oria looks for subscriptions, bills, flights, and bookings. It never sends, deletes, or changes anything in your inbox.

Do you sell my data?

No. Never. We don't sell it, rent it, or hand it to advertisers.

Who can see my information?

You, and anyone you explicitly invite. Our operators only look when you ask for support or we are investigating abuse.

Can I delete everything?

Yes. One click in Settings and it is gone within seconds. Backups clear within seven days.

Is it encrypted?

Yes, both while it is stored and while it is moving. Email tokens get their own separate key.

The details

For the technically curious: the full, binding policy.

Last updated: June 2, 2026

What we collect

We collect only what we need to run Oria for you:

  • Your email and password, handled by our authentication provider (Supabase Auth).
  • Files you upload. These are stored encrypted at rest in Supabase Storage, in a United States region.
  • Text extracted from your files, stored in our Postgres database so it can be searched and organized.
  • Embeddings, which are numeric vector representations of your text used to power semantic search.
  • Reminders, sections, and entities you create.
  • An audit log of your sign-ins and sensitive account actions, which you can view and export in Settings.

Gmail access

When you connect Gmail, Oria requests read-only access to your inbox (gmail.readonly). We use this to scan for receipts, subscriptions, bills, flights, and bookings so you can track recurring expenses automatically.

  • We never send, delete, modify, or forward your email.
  • We never sell or share your email data with third parties.
  • We store encrypted OAuth tokens required to maintain your connection.
  • We store structured data extracted from emails (e.g. merchant name, amount, date). We do not store raw email bodies.
  • You can set keywords that cause matching emails to be skipped entirely during scanning.

Disconnecting Gmail

You can disconnect Gmail at any time from Settings. Disconnecting revokes our access at Google and permanently deletes your tokens from our system. You can also request deletion of all extracted data by emailing support@heyoria.com.

How we process it

To understand your files, Oria sends their contents to a small set of AI providers:

  • Files are sent to Anthropic (the Claude API) for text understanding, classification, and extraction.
  • Voice recordings are sent to OpenAI (the Whisper API) for transcription only.
  • Neither Anthropic nor OpenAI trains on our API traffic by default, and both process data under their respective data processing agreements.

Where it lives

Your data is stored in United States regions across our infrastructure providers: Supabase Postgres for structured data, Supabase Storage for files, and Upstash Redis for ephemeral state. Backups are handled by Supabase.

Who can access it

The following parties can access your data, and no one else:

  • You.
  • Members you invite, limited to the access level you grant them.
  • Oria operators (the founder), for support and abuse investigation.
  • Our subprocessors, strictly to provide their service: Supabase, Anthropic, OpenAI, Vercel, Railway, Resend, Sentry, Upstash, and Cloudflare.

Retention

We keep your data until you delete it. Account deletion is permanent and immediate. We hold backups for 7 days after deletion, after which they are pruned by Supabase.

Your rights

You can export all of your data at any time from Settings, and you can delete your account at any time. To request a complete deletion confirmation, email privacy@heyoria.com.

Cookies and tracking

We use essential cookies for authentication only. We do not use advertising trackers. For details on analytics, see our Terms of Service.

Children

Oria is not intended for users under 16 years of age.

Changes

We will notify you by email before any material change to this policy takes effect.

Contact

Questions about your privacy? Email us at privacy@heyoria.com.