Privacy Policy

Orately ("we," "us," or "our") operates the Orately mobile application (the "App"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. By using Orately, you consent to the data practices described herein.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and authentication credentials (via Apple Sign In, Google Sign In, or email/password).
• Profile Information: Optional profile details such as display name, speaking goals, and preferences you set within the App.
• Voice Recordings: Audio recordings you make during practice sessions, Arena conversations, diagnostic assessments, real-world recordings, and other App features. These recordings are essential to provide our core speaking analysis and coaching service.
• Text Input: Messages you send to the AI Coach feature, feedback you provide, and any other text you input into the App.
• Payment Information: If you subscribe to premium features, payment processing is handled entirely by Apple through the App Store. We do not collect, store, or have access to your credit card or payment details.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the App, including session frequency, features used, session duration, scores achieved, and in-app navigation patterns.
• Device Information: Device type, operating system version, app version, device identifiers, language settings, and timezone.
• Performance Data: Crash reports, error logs, and performance metrics to maintain and improve App stability.
• Analytics Data: We use analytics services (such as Mixpanel) to understand usage patterns. This data is collected in aggregate and used solely to improve the App experience.

1.3 Information We Derive

• Speaking Analysis: From your voice recordings, our AI systems derive speaking metrics including filler word frequency, speaking pace (words per minute), clarity scores, precision scores, fluency scores, impact scores, and composure scores. These derived metrics are stored as part of your profile to track your progress over time.
• Speaking Archetype: Based on your initial diagnostic, we classify your speaking style into an archetype to personalize your coaching experience.
• Transcripts: Voice recordings may be transcribed to text for analysis purposes. Transcripts are stored alongside your recordings.

2. How We Use Your Information

We use the information we collect to:

• Provide Core Services: Analyze your speaking, generate personalized feedback, track your progress, deliver daily practice sessions, power the Arena feature, and provide AI coaching.
• Personalize Your Experience: Tailor practice sessions, skill tracks, vocabulary exercises, and coaching recommendations based on your specific speaking patterns and improvement areas.
• Improve the App: Use aggregated, de-identified usage data to improve our AI models, algorithms, user interface, and overall service quality.
• Communicate with You: Send you practice reminders (if enabled), streak notifications, achievement celebrations, and important service updates. You can manage notification preferences in the App settings.
• Ensure Security: Protect against unauthorized access, fraud, and abuse of our services.
• Comply with Legal Obligations: Fulfill any applicable legal or regulatory requirements.

3. Voice Recording Data — Special Protections

We recognize that voice recordings are among the most sensitive personal data. We apply the following special protections:

• Purpose Limitation: Voice recordings are used exclusively to provide speaking analysis, generate feedback, and improve our speech analysis models. They are never used for advertising, marketing, or sold to third parties.
• Encryption: All voice recordings are encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256 encryption on our cloud storage infrastructure.
• Access Controls: Recordings are stored in private, authenticated storage buckets. Only your authenticated account can access your recordings. Our engineering team does not access individual recordings except when required for debugging with your explicit consent.
• Retention: Audio files are retained for 90 days by default to support replay and comparison features. After 90 days, audio files are automatically deleted; derived analysis data (scores, transcripts, metrics) is retained for the life of your account unless you request deletion. You can pin recordings to prevent automatic deletion.
• AI Processing: Voice recordings are processed by AI services (including Google Gemini) to generate analysis. When processed by third-party AI services, recordings are sent via encrypted connections and are not retained by these services beyond the processing session, in accordance with their data processing agreements.
• Deletion: You may delete individual recordings at any time through the App. You may also delete all data associated with your account (see Section 7).

4. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

• Service Providers: We use third-party service providers to host data (Supabase), process AI analysis (Google Gemini), handle analytics (Mixpanel), manage subscriptions (RevenueCat/Apple), and deliver notifications. These providers are bound by data processing agreements and may only use your data to provide services to us.
• User-Initiated Sharing: When you choose to share scores, challenge friends, or make your Player Card public, you explicitly initiate the sharing of limited data (scores, archetype, avatar) with others. No voice recordings or personal contact information are shared.
• Legal Requirements: We may disclose your information if required by law, court order, subpoena, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via the App or email of any change in ownership or uses of your personal information.
• Aggregated/De-Identified Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, or business purposes.

5. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for data at rest
• Row-level security (RLS) on all database tables ensuring users can only access their own data
• Regular security audits and vulnerability assessments
• Rate limiting on all API endpoints to prevent abuse
• Secure authentication through Apple Sign In, Google Sign In, and industry-standard OAuth 2.0 protocols

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data. You can delete all your data through the App (Settings → Privacy & Data → Delete All Data).
• Data Portability: Request an export of your data in a machine-readable format. You can export your data through the App (Settings → Privacy & Data → Export My Data).
• Opt-Out of Communications: Manage push notification preferences within the App settings or your device settings.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise these rights, contact us at adk0110112@gmail.com. We will respond within 30 days.

7. Account Deletion

You may delete your account and all associated data at any time:

• In the App: Settings → Privacy & Data → Delete All Data
• By emailing adk0110112@gmail.com with the subject "Account Deletion Request"

Upon deletion, we will permanently remove all your personal data, voice recordings, analysis results, progress data, and account information from our servers within 30 days. Some anonymized, aggregated data that cannot identify you may be retained for analytical purposes.

8. Children's Privacy

Orately is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at adk0110112@gmail.com and we will promptly delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have different data protection laws than your jurisdiction. By using Orately, you consent to such transfers. We ensure appropriate safeguards are in place, including data processing agreements with our service providers.

10. Third-Party Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party service you interact with. Key third-party services we use include:

• Apple (App Store, Sign In, StoreKit): Subject to Apple's Privacy Policy
• Google (Sign In, Gemini AI): Subject to Google's Privacy Policy
• Supabase (Data Hosting): Subject to Supabase's Privacy Policy

11. Cookies and Tracking Technologies

The Orately App does not use cookies. We use standard mobile analytics SDKs to collect usage data as described in Section 1.2. You can limit ad tracking through your device settings (iOS: Settings → Privacy & Security → Tracking).

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information is collected, used, shared, or sold
• The right to delete personal information held by businesses
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising CCPA rights

To make a request, contact us at adk0110112@gmail.com.

13. European Data Protection Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR:

• Right of access, rectification, erasure, and restriction of processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing personal data includes: performance of a contract (providing the service), legitimate interests (improving the service, security), and consent (where specifically obtained).

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App and updating the "Last updated" date above. Your continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: adk0110112@gmail.com
• In-App: Settings → Support → Contact Us