Privacy Policy

1. Information We Collect

To provide our bio-acoustic intelligence services, we collect and process the following categories of data:

1.1 Voice Recordings

Audio files you upload or record through our platform. These recordings are processed by our 1,000+ AI analysis engines across multiple categories to extract acoustic features including pitch, cadence, spectral energy, jitter, shimmer, harmonic-to-noise ratio, and other biosignal markers. We do not transcribe or store the semantic content of your speech.

1.2 Account Information

Email address, name, and authentication credentials provided during registration or Google OAuth sign-in. This data is used for account management, report delivery, and service communication.

1.3 Payment Data

All payment transactions are processed securely through Stripe. ORAVYS does not store your full credit card number, CVV, or banking details. We retain only transaction identifiers and purchase history necessary for order fulfillment and refund processing.

1.4 Technical Data

IP address, browser type, device information, operating system, session identifiers, and interaction timestamps collected automatically when you use the platform. This data supports security, performance monitoring, and abuse prevention.

1.5 Usage Data

Pages visited, analysis requests submitted, features used, and interaction patterns. Collected via anonymized Google Analytics (with IP anonymization enabled) for platform improvement.

2. How We Use Your Data

Your information is used exclusively for the following purposes:

• Service Delivery: Processing your voice recordings through our biosignal analysis engines and generating your requested reports.
• Account Management: Authentication, session handling, subscription management, and report access.
• Communication: Sending analysis reports, service notifications, order confirmations, and responding to support requests.
• Platform Improvement: Anonymized, aggregated data may be used to improve model accuracy and platform quality. No individual re-identification is possible from aggregated data.
• Security: Fraud detection, abuse prevention, and maintaining the integrity of our systems.
• Legal Compliance: Meeting our obligations under applicable law.

2b. Usage Monitoring, Fair Use Enforcement, and Compute Data

To maintain platform stability, enforce fair use policies, and protect the Service for all users, ORAVYS collects and processes the following additional categories of data:

2b.1 Compute and Resource Usage Data

ORAVYS monitors and records metrics related to your use of computational resources, including but not limited to:

• Analysis Request Metrics: Number of analyses submitted, frequency of submissions, audio file durations, file sizes, and audio formats processed per account and per billing period.
• Processing Resource Consumption: CPU time, memory usage, and engine processing duration associated with your analysis requests. This data is collected in aggregate per account and is not linked to the content of your audio recordings.
• Rate Limit and Quota Tracking: Records of your current usage against your tier's allocated quotas, including timestamps of analysis requests, API calls, and real-time session durations.
• Overage and Threshold Events: Automated records generated when your usage approaches or exceeds your tier's fair use thresholds, including timestamps, resource type, and volume of excess usage.

2b.2 Purpose and Legal Basis for Usage Monitoring

Compute and resource usage data is processed for the following purposes:

• Fair Use Enforcement (Legitimate Interest, Art. 6(1)(f) GDPR): Monitoring usage patterns to ensure equitable access and prevent any single account from consuming disproportionate resources that would degrade service for other users.
• Abuse Detection and Prevention (Legitimate Interest, Art. 6(1)(f) GDPR): Detecting automated access, bot activity, scraping, and other forms of compute abuse that violate our Terms of Service.
• Billing and Overage Calculation (Contract Performance, Art. 6(1)(b) GDPR): Calculating usage-based charges, overage fees, and ensuring accurate billing for your subscription tier.
• Capacity Planning (Legitimate Interest, Art. 6(1)(f) GDPR): Anonymized, aggregated resource usage data is used for infrastructure planning and capacity management. No individual re-identification is possible from this aggregated data.

2b.3 Automated Enforcement Actions

ORAVYS employs automated systems to enforce fair use policies and protect platform stability. These systems may automatically:

• Throttle or rate-limit your access when usage exceeds your tier's allocated quotas.
• Queue or delay analysis requests during periods of high platform load.
• Flag accounts exhibiting patterns consistent with automated or abusive usage for human review.
• Temporarily suspend access when automated abuse is detected with high confidence.

Automated enforcement actions are not considered "automated decision-making producing legal effects" under GDPR Article 22, as they are technical measures necessary for contract performance and do not produce legal effects beyond temporary service management. If you believe an automated enforcement action was applied in error, you may contact contact@oravys.com for human review.

2b.4 Retention of Usage Monitoring Data

Compute and resource usage data is retained as follows:

• Real-time metrics: Retained in memory during active sessions only; not persisted beyond the session.
• Daily and monthly usage aggregates: Retained for the duration of your account plus twelve (12) months for billing reconciliation and dispute resolution.
• Abuse detection logs: Retained for up to ninety (90) days for security and forensic purposes.
• Anonymized capacity planning data: Retained indefinitely in aggregate form with no possibility of individual re-identification.

3. Voice Data Processing

Voice data is uniquely sensitive. ORAVYS implements specific protections for audio recordings:

• Immediate Processing: Audio files are processed by our 1,000+-engine pipeline and acoustic features are extracted. The original audio is deleted within 24 hours (Free/Pro tiers) or per your configured retention policy (Enterprise).
• No Voice Fingerprinting: We do not create persistent voice fingerprints, speaker identification templates, or biometric profiles that could be used to identify you across sessions or platforms.
• No Third-Party Audio Sharing: Your voice recordings are never shared with, sold to, or accessible by any third party. Audio is encrypted in transit (TLS 1.3) and at rest (AES-256).
• No Cross-Session Linking: We do not link audio from different sessions to build persistent voice profiles unless you explicitly enable this feature.
• Consent Verification: ORAVYS may refuse to process audio that appears to have been recorded without proper consent of the speaker(s).

3.1 Real-Time Voice Analysis

When using WebSocket-based real-time analysis, your audio is streamed and processed as a continuous signal. During real-time sessions:

• Audio is processed in memory and is not persisted to storage during the session.
• Extracted biomarkers (stress, emotion, cognitive load) are transmitted back to your browser in real time.
• Sessions require authenticated access; unauthenticated connections are rejected.
• No audio data is retained after the real-time session ends unless you explicitly request a report.

3.2 Dual-Speaker Analysis

When two voice samples are submitted for comparative analysis:

• Each sample is processed independently by the engine pipeline.
• Comparative results (compatibility, relational dynamics) are derived from acoustic pattern differences, not identity matching.
• Both speakers must have provided consent for their voice to be analyzed. The submitting user is responsible for obtaining and documenting this consent.

3.3 Insurance and Forensic Analysis

For enterprise customers using forensic or insurance-related analysis:

• Forensic analysis engines (authenticity detection, coached speech detection, claim consistency) operate on acoustic patterns only.
• Results are investigative indicators, not definitive conclusions, and must be supplemented by human review.
• Enterprise forensic data handling is governed by a dedicated Data Processing Addendum (DPA) with enhanced retention and access controls.

4. No Training on Your Data (by Default)

ORAVYS does not use your voice recordings or analysis results to train, fine-tune, or improve AI/ML models unless you provide separate, explicit, informed consent through a dedicated consent mechanism distinct from your general terms acceptance. This commitment applies to all service tiers:

• Free Tier: No training by default. Optional opt-in toggle available in privacy settings. Opt-in requires affirmative action and clear disclosure of what data will be used and how.
• Pro Tier: No training by default. Optional opt-in available upon request. Consent can be granted or revoked at any time.
• Enterprise Tier: No training by default. Custom data contribution agreements available via Data Processing Addendum (DPA). Auditable upon request.

If you provide feedback (such as rating a report or flagging a false positive/negative in deepfake detection), that specific interaction may be used to improve detection accuracy and service quality, with explicit notice at the time of feedback. Feedback and content submitted through safety reporting mechanisms may always be used to maintain and improve the safety and reliability of the Service, regardless of your opt-out preferences. This limited exception ensures that critical safety signals (e.g., detection errors that could affect platform integrity) can be addressed.

Scope of "No Training" guarantee: This commitment covers all forms of machine learning model development, including but not limited to supervised training, unsupervised pre-training, reinforcement learning, knowledge distillation, transfer learning, synthetic data generation from your audio, and any technique that uses your audio or derived features as input to a model optimization process.

5. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes described in this policy. The following granular retention schedule applies:

5.1 Audio File Retention

• Voice Recordings (Free Tier): Deleted within 24 hours of analysis completion.
• Voice Recordings (Paid Reports): Retained for up to ninety (90) days to enable report regeneration and quality assurance, then permanently and irreversibly deleted from all storage systems including backups.
• Voice Heritage / Capsule Products: Retained for the contractual duration (10, 50, or perpetual years). Storage fees are included in the purchase price.

5.2 Report and Account Data Retention

• Analysis Reports: Retained for the duration of your account plus one (1) year after account closure or report generation date, whichever is later. You are responsible for downloading your report upon receipt.
• Account Data: Retained for the duration of your account, plus 12 months after account closure.

5.3 Billing and Financial Data Retention

• Billing Records: Transaction records, invoices, and payment history are retained for five (5) years from the date of the transaction, as required by applicable tax, accounting, and financial reporting regulations (including IRS requirements for U.S. entities and EU VAT record-keeping obligations).
• Payment Method Data: ORAVYS does not store credit card numbers or banking details. Stripe retains tokenized payment data per its own retention policies.

5.4 Biometric Data Retention

• Biometric Prints and Acoustic Features: Extracted biometric features (pitch profiles, spectral signatures, jitter/shimmer measurements, and other acoustic biomarkers) are deleted immediately after analysis completion unless you provide separate, explicit, informed consent for extended retention. No persistent biometric template, voiceprint, or speaker identification profile is retained beyond the active analysis session.
• With Explicit Consent: If you explicitly consent to extended biometric data retention (e.g., for baseline comparison or longitudinal analysis), biometric features are retained for the duration specified at the time of consent and deleted within thirty (30) days after consent expiration or withdrawal.

5.5 Technical and Security Data

• Technical / Usage Logs: Retained for up to 90 days for security, abuse detection, and debugging purposes.
• Abuse Detection Logs: Retained for up to 90 days for security and forensic purposes.
• Anonymized Capacity Planning Data: Retained indefinitely in aggregate form with no possibility of individual re-identification.

You may request early deletion of your data at any time by contacting contact@oravys.com. Deletion requests are processed within 30 days.

6. Data Storage and Security

ORAVYS employs industry-standard and enhanced security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers is protected by TLS 1.3.
• Encryption at Rest: Data stored on our servers is encrypted with AES-256.
• Infrastructure: Hosted on Google Cloud Platform (europe-west1 region, EU). Secured with access controls, network segmentation, and continuous monitoring.
• Access Control: Employee access to user data is restricted on a need-to-know basis and protected by multi-factor authentication.
• PII Protection in Logs: Email addresses and personal identifiers are cryptographically hashed (SHA-256) before being written to system logs. Raw PII is never stored in application logs.
• Input Sanitization: All user inputs undergo sanitization to prevent cross-site scripting (XSS), log injection (CRLF stripping), and other injection vectors.
• Thread-Safe Operations: All shared-state operations (API key management, session handling, rate limiting) use thread-safe locking to prevent data corruption under concurrent access.
• WebSocket Authentication: Real-time voice analysis connections require verified session authentication. Unauthenticated WebSocket connections are immediately terminated.
• API Security: Enterprise API keys are managed with audit logging. All API responses include security headers (no-sniff, no-cache) to prevent information leakage.

While we implement commercially reasonable measures to protect your data, no internet transmission or electronic storage method is 100% secure. We cannot guarantee absolute security against unauthorized intrusion.

7. Third-Party Sharing

We may share data only with trusted service providers necessary to operate the platform:

• Google Cloud Platform: Infrastructure hosting and data storage (EU region).
• Stripe: Payment processing. Stripe receives only the payment data necessary to complete your transaction.
• SendGrid: Email delivery for report notifications and service communications.
• Google Analytics: Anonymized usage statistics (IP anonymization enabled).

All third-party providers are bound by confidentiality and data processing agreements. We do not share data with third parties for their independent marketing purposes.

7b. Consent Architecture

ORAVYS implements a layered consent framework designed to comply with the most stringent data protection requirements across all jurisdictions in which it operates.

7b.1 First Upload Consent

Before submitting any audio recording for the first time, you must provide explicit, affirmative consent acknowledging that: (a) your audio will be processed by AI-powered analysis engines; (b) biometric features will be extracted from your voice; (c) a forensic and/or psychological profile will be generated; and (d) you have read and understood the data processing described in this Privacy Policy. This consent is captured via an in-application consent mechanism and recorded with a timestamp, IP address, and consent version identifier.

7b.2 Separate Biometric Processing Consent

Because voice data constitutes biometric data under GDPR Article 9, the Illinois Biometric Information Privacy Act (BIPA), and equivalent biometric privacy laws, ORAVYS obtains a separate, specific consent for biometric processing that is distinct from the general terms of service acceptance. This biometric consent: (a) specifically identifies that biometric identifiers will be collected and processed; (b) describes the purpose of biometric data collection; (c) states the retention schedule for biometric data; and (d) may be withdrawn at any time without affecting other Service features.

7b.3 GDPR Article 9 Compliance for EU Users

For users located in the European Economic Area, biometric data processing is authorized exclusively under GDPR Article 9(2)(a) (explicit consent). ORAVYS does not rely on any other Article 9 exception for biometric voice processing. EU users receive an enhanced consent flow that: (a) provides granular, purpose-specific consent options; (b) clearly separates biometric consent from general service consent; (c) uses plain language to describe data processing activities; and (d) provides a one-click consent withdrawal mechanism.

7b.4 Audio Recording Consent Warranty

By submitting any audio recording, you warrant and represent that: (a) you have obtained all required consents from every individual whose voice appears in the recording; (b) in jurisdictions requiring two-party or all-party consent for audio recording (including but not limited to California, Illinois, Florida, Washington, Pennsylvania, and equivalent jurisdictions globally), you have complied with all applicable consent requirements; and (c) the recording was not obtained through illegal wiretapping, covert surveillance, or any other unlawful means. ORAVYS is not responsible for verifying the consent status of submitted recordings and relies entirely on your representation.

7c. Illinois Biometric Information Privacy Act (BIPA) Compliance

The human voice may constitute a "biometric identifier" under the Illinois Biometric Information Privacy Act (740 ILCS 14). ORAVYS provides the following disclosures and commitments in compliance with BIPA:

7c.1 Written Notice and Consent

Before collecting any biometric identifier or biometric information from an Illinois resident, ORAVYS provides written notice (via the in-application consent mechanism) that biometric identifiers are being collected and stored, and the specific purpose and duration of such collection and storage. ORAVYS obtains a written release (electronic signature or affirmative click-through consent) from each individual whose biometric identifier is collected.

7c.2 Retention Schedule

Biometric identifiers and biometric information derived from voice recordings of Illinois residents are retained in accordance with the following schedule:

• Active Processing: Biometric features are retained only for the duration of the analysis session.
• Extended Retention (with consent): Where explicit consent is obtained for extended retention, biometric data is retained for the period specified at the time of consent, not to exceed three (3) years.
• Destruction Timeline: Upon expiration of the retention period, upon achievement of the initial purpose for collection, or within thirty (30) days of a deletion request -- whichever occurs first -- all biometric identifiers and biometric information are permanently and irreversibly destroyed from all systems, including backups and archives.

7c.3 Prohibition on Sale and Profit

ORAVYS does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information. Biometric data is used solely for the purpose of providing the Service as described in this Privacy Policy.

7c.4 Storage and Protection Standards

Biometric identifiers and biometric information are stored, transmitted, and protected using a standard of care that is at least as protective as the standard used for other confidential and sensitive information, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, and audit logging.

8. GDPR / RGPD Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or any jurisdiction with equivalent data protection laws, the following provisions apply:

8.1 Legal Basis for Processing

• Consent (Art. 6(1)(a) GDPR): We process your voice data based on your explicit consent, which you provide before initiating any recording or analysis. You may withdraw consent at any time.
• Contract Performance (Art. 6(1)(b)): Processing necessary to deliver the analysis report you requested and manage your account.
• Legitimate Interest (Art. 6(1)(f)): Anonymized, aggregated data used to improve model accuracy and maintain platform security. No individual re-identification is possible.
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws and regulations.

8.2 Special Category Data -- Biometric Voice Data (Art. 9)

The human voice constitutes biometric data under GDPR Article 9. ORAVYS processes voice recordings exclusively for the declared analysis purposes under the following framework:

• Legal Basis: Explicit consent of the data subject (Art. 9(2)(a) GDPR), obtained via the recording consent mechanism before analysis.
• No Permanent Voiceprint Extraction: We do not create persistent biometric templates, voiceprints, or speaker identification profiles that could be used to identify you across sessions or platforms.
• No Biometric Identification: We analyze acoustic patterns for psychological and forensic insights. We do not perform biometric identification of individuals.
• Immediate Deletion: Audio recordings are deleted after analysis in accordance with Section 5 retention timelines.
• No Third-Party Transfer: Biometric voice data is never shared with, sold to, or accessible by any third party.
• Data Protection Impact Assessment (DPIA): ORAVYS has conducted a DPIA in accordance with GDPR Article 35 for its voice processing activities, given the systematic processing of biometric data at scale. Enterprise customers may request a summary of the DPIA findings.

Data minimization and purpose limitation principles are strictly applied: voice data is used solely for generating your analysis report and is never used for speaker identification or surveillance.

8.3 Your Rights Under GDPR

You have the right to:

• Access (Art. 15): Request a copy of all personal data we hold about you, including voice recordings, analysis results, and account information.
• Rectification (Art. 16): Correct inaccurate or incomplete personal data.
• Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"). Requests are processed within 30 days.
• Restriction (Art. 18): Request restriction of processing while a complaint is resolved.
• Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Object (Art. 21): Object to processing based on legitimate interest.
• Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our Data Protection Officer at privacy@oravys.com. We will respond within 30 days as required by law.

8.4 International Data Transfers

All voice recordings and analysis results are processed and stored exclusively within the European Union (Google Cloud, europe-west1 region, Belgium). No audio data is transferred outside the EU at any point during processing or storage.

Account data (name, email) may be processed by our sub-processors (Stripe for payments, Google for authentication) in jurisdictions outside the EEA. Where such transfers occur, they are governed by:

• Standard Contractual Clauses (SCCs): EU Commission-approved SCCs (Commission Implementing Decision (EU) 2021/914) are in place with all sub-processors that process personal data outside the EEA.
• EU-U.S. Data Privacy Framework: Where applicable, transfers to the United States are also supported by the EU-U.S. Data Privacy Framework certification of the receiving party.
• Transfer Impact Assessments: ORAVYS has conducted Transfer Impact Assessments (TIAs) for all international data transfers, evaluating the legal framework of the destination country and supplementary measures in place.
• Technical Safeguards: All international transfers are protected by encryption in transit (TLS 1.3), encryption at rest (AES-256), and access controls that limit data access to authorized personnel only.

Enterprise customers may request copies of the applicable SCCs and Transfer Impact Assessments by contacting privacy@oravys.com.

8.5 Automated GDPR Rights Endpoints

ORAVYS provides programmatic API endpoints for exercising your GDPR rights:

• Data Export: Request a machine-readable export of all your personal data (account information, analysis history, consent records) via our GDPR data export endpoint.
• Data Deletion: Request complete erasure of your personal data via our GDPR deletion endpoint. Deletion is confirmed within 30 days.
• Consent Management: View and modify your consent preferences programmatically.

These endpoints are available at /api/v1/gdpr/ and require authenticated access. You may also exercise these rights by contacting our Data Protection Officer directly.

8.6 Data Protection Officer

For all GDPR-related inquiries, you may contact our Data Protection Officer at privacy@oravys.com. If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence (GDPR Art. 77).

8.7 EU AI Act Compliance (Article 50 and Article 52)

ORAVYS acknowledges the European Union Artificial Intelligence Act (Regulation (EU) 2024/1689) and its risk-based classification framework.

8.7.1 Risk Classification

Under the EU AI Act risk-based framework, ORAVYS has assessed its AI system as follows:

• General Consumer Use (Self-Analysis): Limited risk. Subject to transparency obligations under Article 50 (labeling AI-generated outputs).
• Employment and HR Context: High-risk AI system under Annex III, Category 4 (employment, worker management, access to self-employment). Subject to requirements for technical documentation, human oversight, accuracy monitoring, and conformity assessment.
• Insurance and Financial Context: High-risk AI system under Annex III, Category 5 (access to essential services, creditworthiness, risk assessment). Subject to enhanced documentation and oversight requirements.
• Law Enforcement Context: High-risk AI system under Annex III, Category 6. Subject to the most stringent compliance requirements including fundamental rights impact assessment.

ORAVYS is committed to meeting all applicable requirements including technical documentation, human oversight mechanisms, accuracy monitoring, bias testing, and transparency obligations. Enterprise customers deploying ORAVYS in high-risk contexts receive compliance guidance, risk assessment documentation, and may request conformity documentation.

8.8 Automated Personality Profiling (GDPR Art. 22)

ORAVYS offers an optional personality profiling feature that generates behavioral and personality trait assessments from acoustic biomarkers. This feature involves automated processing as defined by GDPR Article 22.

8.8.1 What Data Feeds Personality Profiling

Personality assessments are derived exclusively from acoustic signal features: pitch variability, speech rhythm, spectral energy distribution, vocal intensity patterns, pause dynamics, and respiratory markers. We do not analyze the semantic content (words, language, meaning) of your speech for personality profiling.

8.8.2 How Profiling Works

Acoustic features extracted by our engine pipeline are mapped against established vocal-behavioral correlation models to generate personality trait indicators across multiple dimensions (communication style, stress resilience, leadership patterns, emotional expressiveness, and others). These indicators are probabilistic and represent tendencies, not definitive characterizations. Confidence levels are displayed alongside each indicator.

8.8.3 Your Rights Regarding Personality Profiling

• Right to Human Review (Art. 22(3)): You may request human review of any personality assessment. A "Request Human Review" button is available on all profiling results. You may also submit your perspective on why you disagree with the assessment. Human reviews are conducted by a qualified reviewer with access to the raw data and the authority to modify or delete the automated profile. Reviews are completed within 30 days.
• Right to Object (Art. 21): You may object to personality profiling at any time via the "Skip Personality Profiling" toggle on the analysis page, or via the API endpoint /api/v1/gdpr/profiling-opt-out. Opting out does not affect other analysis features.
• Right to Contest (Art. 22(3)): You may contest any profiling result and express your point of view via the human review mechanism.
• Right to Withdraw Consent: You may withdraw personality profiling consent at any time without affecting the lawfulness of prior processing or other analysis features.

8.8.4 Data Minimization for Profiling

Personality deduction texts are generated client-side in your browser and are not transmitted to or stored on ORAVYS servers unless you explicitly choose to save or share your report. The profiling computation occurs locally, ensuring maximum data minimization.

8.8.5 Workplace and Educational Restrictions

In compliance with the EU AI Act Article 5(1)(f), ORAVYS restricts emotion-inferring features in workplace and educational contexts. Enterprise customers deploying ORAVYS for employment decisions (recruitment, evaluation, promotion) are subject to enhanced compliance requirements including mandatory fundamental rights impact assessments, formal human oversight protocols, and enhanced logging. Certain vocal stress and emotion indicators are suppressed in HR deployment contexts.

8.9 Automated Decision-Making (GDPR Art. 22)

ORAVYS analysis results are provided as informational and decision-support tools. No decision producing legal effects or significantly affecting any data subject is made solely on the basis of automated processing by the Service. The user is solely responsible for any decisions taken based on analysis results and must exercise their own professional judgment. ORAVYS does not engage in decision-making based solely on automated processing or profiling in a manner that produces legal effects concerning the data subject.

9. Privacy Settings and Consent Controls

ORAVYS provides a Privacy Settings dashboard with granular, reversible controls. Each setting can be changed at any time:

• "Use my data to improve ORAVYS models" -- Default: OFF. Only anonymized acoustic features would be used; raw audio is never used for training.
• "Share my anonymized results for academic research" -- Default: OFF. Fully anonymized, no re-identification possible.
• "Receive product updates and marketing" -- Default: OFF.

All privacy settings default to OFF (opt-in required), providing stronger protection than the industry standard of opt-out.

9b. Privacy by Tier

ORAVYS applies a clear, transparent distinction between free and paid tiers regarding data usage:

• Free Tier: Anonymized metadata (audio duration, format, sample rate, engine processing times) may be used to improve service performance and accuracy. No individual re-identification is possible from this metadata. Raw audio is never used for model training.
• Paid Tiers (Single Report, Pro, Startup, and above): No data of any kind -- including anonymized metadata -- is used for service improvement or any purpose beyond delivering your analysis. Your data is processed, your report is delivered, and all traces are deleted according to retention policies.
• Enterprise Tier: Contractual guarantee via Data Processing Addendum (DPA). Zero data usage for any purpose beyond service delivery. DPA available upon request.

9c. Data Processing in Connection with Service and Pricing Changes

When ORAVYS modifies its pricing, subscription plans, service features, or fair use policies (as described in our Terms of Service, Sections 8, 9, and 10), we may process the following data:

• Account and Subscription Data: Your current subscription tier, billing history, and payment method information are processed to apply pricing changes, migrate your account to an equivalent plan, calculate pro-rated refunds, or apply grandfathered pricing. Legal basis: Contract Performance (Art. 6(1)(b) GDPR).
• Communication Data: Your email address and notification preferences are used to deliver mandatory notices of material pricing or service changes, including grandfathering offers, migration notices, and cancellation options. Legal basis: Contract Performance (Art. 6(1)(b)) and Legal Obligation (Art. 6(1)(c) GDPR) where notice is required by consumer protection law.
• Usage History: Your historical usage patterns may be reviewed to determine appropriate plan migration recommendations when subscription tiers are restructured. This processing uses aggregated usage metrics only and does not involve access to your voice recordings or analysis content. Legal basis: Legitimate Interest (Art. 6(1)(f) GDPR).

Data processed in connection with pricing and service changes is retained in accordance with the retention periods specified in Section 5 of this Privacy Policy and applicable tax/accounting retention requirements.

10. Zero Data Retention (ZDR) Mode

Enterprise and Pro users can activate Zero Data Retention mode:

• Audio is analyzed via real-time streaming; no copy is stored on ORAVYS servers.
• Only the generated report is delivered to you.
• No logs, metadata, or derived features are retained beyond the active session.
• Abuse detection occurs during processing only.

ZDR mode is designed for legal, healthcare, and government use cases. Contact enterprise@oravys.com to activate.

11. Cookies and Tracking

ORAVYS uses only essential cookies required for the platform to function:

• Session Cookies: Authentication tokens and session identifiers. Expire when you close your browser or after the session timeout period.
• Security Cookies: CSRF protection tokens to prevent cross-site request forgery.
• Preference Cookies: Language selection and display settings.

We do not use advertising cookies, cross-site tracking pixels, or third-party trackers that share data with advertisers. Google Analytics (with IP anonymization) is used for basic usage statistics. You can opt out via your browser settings, an ad blocker, or the Global Privacy Control (GPC) signal.

12. Global Privacy Control (GPC)

ORAVYS automatically detects and honors the Global Privacy Control (GPC) signal from your browser. When GPC is enabled:

• All optional analytics, tracking cookies, and performance metrics are disabled.
• Privacy settings default to their most restrictive configuration.
• No manual action is required from you.

13. Children's Privacy

ORAVYS does not knowingly collect data from children under 16 years of age. We do not permit analysis of voice recordings of minors under 16. If we become aware that we have processed a minor's data, we will immediately delete it and notify the parent or guardian if contact information is available.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

• We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33).
• If the breach is likely to result in a high risk to you, we will notify you directly without undue delay (GDPR Art. 34).
• Notification will include the nature of the breach, likely consequences, and measures taken to address it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and/or a prominent notice on the platform at least 30 days before they take effect. The "Last Updated" date at the top reflects the most recent revision. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.

16. Contact Us

For privacy inquiries, data access requests, or concerns:

General: contact@oravys.com
Data Protection Officer: privacy@oravys.com
Enterprise / ZDR: enterprise@oravys.com

Oravys, Inc.
Delaware, USA

"ORAVYS" is a registered trademark (INPI No. 25 5212037, classes 9 & 42).