Oria · Australia
Privacy Policy
About this Policy
Oria is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
By using Oria, you agree to the collection and use of information as described in this policy. If you disagree, please do not use our services.
What Personal Information We Collect
1.1 Account Information
When you create an account, we collect:
- Your name (first name is used to personalise your experience)
- Email address
- Authentication credentials
- Profile photo (optional — only if you choose to set one from your device's photo library)
1.2 Voice & Text Input
Oria's core feature is voice-first capture. We process:
- Voice transcriptions: Speech-to-text is performed on your device using your platform's native speech recognition. We receive the resulting text, not your raw audio.
- Text input: Any tasks, reminders, or mind-clear entries you type or dictate.
- Mind Clear entries: Your raw, unedited stream-of-consciousness text is always preserved as you entered it. AI-sorted output is derived data — it supplements but never replaces your original entry.
1.3 Family & Task Data
To do its job, Oria stores the information you give it:
- Tasks, reminders, and their due dates or timing
- Family members' names and the context you associate with them (e.g. "Ella has swimming Mondays")
- Partner handoff briefings you generate
- Notes and voice memo transcripts
1.4 Device & Technical Information
We collect limited technical information necessary to operate the service:
- Device push notification token (for morning briefings and reminders)
- App version and operating system version
- Anonymised crash reports and error logs
1.5 Usage Data
We collect anonymised, aggregated data about how features are used to improve the product. This data cannot identify you individually.
How We Collect Personal Information
We collect personal information:
- Directly from you — when you create an account, use the app, add tasks, or speak into the microphone
- Automatically — device tokens and crash logs are collected automatically when you use the app
- From third-party services — when you sign in using a third-party identity provider, we receive the name and email associated with that account
We do not collect personal information from publicly available sources, data brokers, or social media profiles.
Why We Collect and Use Personal Information
We collect and use your personal information to:
| Purpose | Personal information used |
|---|---|
| Provide the Oria service (task management, reminders, briefings) | Account info, task/family data, voice transcriptions |
| Display your profile photo within the app | Profile photo (if provided) |
| Generate your personalised Morning Briefing and Evening Wind-down | Task and family data |
| Power AI features (intent extraction, Mind Clear sorting) | Voice transcriptions, task entries |
| Send push notifications (reminders, briefings) | Device push token |
| Enable Partner Handoff sharing links | Curated task/briefing data |
| Improve the product and fix bugs | Anonymised usage data, crash logs |
| Communicate with you (support, policy updates) | Email address |
| Comply with legal obligations | As required |
We will not use your personal information for any purpose incompatible with those listed above without first seeking your consent.
AI Processing
Oria uses AI to make sense of natural language input and generate personalised briefings:
- Intent extraction: When you speak or type into Oria, your text is sent to our AI provider to extract tasks, reminders, and timing.
- Briefing generation: Your stored tasks and context are sent to our AI provider to generate your morning and evening briefings.
- Mind Clear sorting: Your raw mind-clear transcript is sent to our AI provider to organise it into tasks, reminders, and notes.
What this means for you: Portions of your task and family data are processed by our AI provider's servers in the United States. See Section 6 (Overseas Disclosure) for more detail.
We do not use your data to train AI models. Our AI provider's data handling is governed by enterprise data agreements that prohibit use of API inputs for model training.
Disclosure to Third Parties
We disclose personal information only to the following categories of third-party service providers that help us operate Oria. Each is engaged under a contractual obligation to handle your data only as directed by us:
| Category | Purpose | Data shared |
|---|---|---|
| Identity and notification provider | Account login, identity verification, and delivering reminders and briefings | Name, email, push device token |
| AI processing provider | Intent extraction, briefing generation, Mind Clear sorting | Task entries, voice transcriptions |
| Database hosting provider | Storing your tasks, reminders, and profile | All personal data you store in Oria |
| Cloud infrastructure provider | Hosting and running the Oria API, and storing profile photos in secure object storage | All data in transit to the API; profile photos |
We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.
We may disclose personal information if required by Australian law, a court order, or a government authority with lawful authority to require it. We will notify you of any such request to the extent legally permitted.
Overseas Disclosure
Our third-party service providers are based in or primarily process data in the United States.
By using Oria, you acknowledge that your personal information will be transferred to and processed in the United States. We take reasonable steps to ensure that these overseas recipients handle your personal information in a manner consistent with the Australian Privacy Principles, including through contractual data processing agreements.
Under APP 8.1, before disclosing personal information to overseas recipients, we take reasonable steps to ensure they will not breach the APPs in relation to that information.
How We Store and Protect Your Information
- In transit: All data between your device and Oria's servers is encrypted using TLS 1.2 or higher.
- At rest: Your data is stored in a secure, encrypted database. Database access is restricted to Oria's API servers. Profile photos are stored in secure cloud object storage and served over HTTPS via a CDN.
- Authentication: Access to your account requires authentication. We do not store passwords.
- Partner Handoff links: Share links use a 32-character cryptographically random token and expire after 24 hours. No identifying family data is included in link previews or metadata.
- Access controls: Only authorised Oria team members can access production systems, under a least-privilege policy.
We will notify you and the Office of the Australian Information Commissioner (OAIC) of any eligible data breach, as required under the Notifiable Data Breaches (NDB) scheme (Part IIIC, Privacy Act 1988 (Cth)).
Data Retention
We retain your personal information for as long as your account is active.
| Data type | Retention |
|---|---|
| Account information | Deleted immediately upon account deletion |
| Tasks, reminders, family data | Deleted immediately upon account deletion |
| Voice transcriptions / Mind Clear entries | Deleted immediately upon account deletion |
| Profile photo | Deleted immediately upon account deletion |
| Anonymised usage and crash data | Up to 24 months |
| Partner Handoff links | 24 hours from generation |
When you delete your account, your personal information is permanently and immediately deleted from our systems.
Children's Privacy
Oria is designed for adult users (18 years and over). We do not knowingly collect personal information from children under 13.
Oria does collect the names of your children as part of family context you choose to provide (e.g. "Ella has swimming on Mondays"). This is your data about your family, provided at your discretion. We treat it with the same protections as all other personal data.
If you believe a child under 13 has created an account, please contact us at privacy@oria.family and we will promptly delete it.
Direct Marketing
We may send you product updates, feature announcements, and tips by email. You can opt out at any time by clicking "unsubscribe" in any email we send, or by contacting us at privacy@oria.family.
We will not use your personal information for direct marketing if you have opted out, and we will not sell your contact details for marketing by third parties.
Push notifications for reminders and briefings are core service notifications, not marketing. You can disable these in your device settings.
Your Rights
Under the Australian Privacy Principles, you have the right to:
Access your information (APP 12)
You may request a copy of the personal information we hold about you. We will respond within a reasonable period (typically within 30 days). We may charge a small fee for processing complex access requests, but we will advise you of any charge before proceeding.
Correct your information (APP 13)
If you believe personal information we hold about you is inaccurate, out of date, incomplete, or misleading, you may request a correction. Most of your data can be edited directly in the app. For information you cannot edit yourself, contact us.
Delete your account
You may delete your account and all associated personal information from within the app or by contacting us.
To exercise any of these rights, contact: privacy@oria.family
Cookies and Tracking
The Oria mobile app does not use browser cookies. The Oria partner handoff web pages (oria.family/handoff/*) may use:
- Essential session cookies required to serve the page securely
- No advertising or tracking cookies
Complaints
If you have a complaint about how we have handled your personal information, please contact us first:
We take complaints seriously and will investigate and respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
Changes to This Policy
We may update this policy from time to time. When we make material changes, we will notify you via email or an in-app notice before the changes take effect. The updated policy will be available at oria.family/privacy.
Continued use of Oria after the effective date of a revised policy constitutes your acceptance of the changes.
Contact Us
For any privacy questions, access requests, or concerns: