Back to Home
End-to-End Database Isolation Active

Privacy Policy

Effective Date: February 24, 2026

At Orevi, we believe your data is fundamentally yours. We have engineered our entire application architecture around rigorous cryptographic separation and local-first data processing.

1. Information We Collect

We collect only the minimum amount of information necessary to provide and secure our Services. This includes:

  • Account Information: When you register, we securely store your email address and an encrypted password hash via Supabase Authentication. We do not store plaintext passwords.
  • Saved Preferences: UI settings, tier preferences, and vault items that you explicitly pin are encrypted and stored in our database.
  • Usage Diagnostics: Anonymous, aggregated metadata strictly used to calculate usage limits (e.g., `pro_actions_count`) to enforce subscription caps.

2. How We Store Your Data (The Orevi Security Model)

Unlike traditional platforms that pool user data in a single accessible bucket, Orevi utilizes military-grade isolation techniques:

  • Local-First Processing: When you upload photos or PDF files to the chat interface, they are predominantly processed locally within your browser's memory and IndexedDB.
  • Cryptographic RLS Isolation: Any data that *does* reach our cloud infrastructure (such as Vault pins) is subject to strict PostgreSQL Row Level Security (RLS). The database physically rejects any query attempting to read or write data where the request token's UUID does not mathematically match the row's owner UUID. It is structurally impossible for another user to access your data.
  • Zero-Trust Architecture: Our REST API enforces a "Default Deny" posture and explicitly blocks all anonymous internet access to our schemas to prevent data enumeration attacks.

3. Third-Party Integrations

To provide advanced AI reasoning and file parsing, Orevi interacts with select third-party API providers (such as Anthropic and Google). When you submit a prompt, the raw text and relevant context are securely transmitted over HTTPS/TLS 1.2+ for inference.

We do not sell, rent, or trade your personal data or conversation history to any third-party marketing or advertising networks. Integrations requiring your OAuth tokens (e.g., GitHub, Vercel) are rigorously scoped and tokens are encrypted at rest.

4. Data Retention and Deletion

We retain your Account Information for as long as your account is active. Because the vast majority of your chat history is stored locally on your device, clearing your browser cache or pressing "Clear Chat" permanently destroys that data from existence.

If you wish to completely wipe your cloud-saved Account Preferences and Vault Items, please contact support or use the Account Deletion tools within the App Settings (if available). Upon deletion, your data is cryptographically purged from our primary database and all associated RLS roles are revoked.

5. Contact Us

For any questions about our privacy practices, please contact our Data Protection Officer. For questions regarding the terms of utilizing this service, please see our Terms of Service.

© 2026 Orevi. All rights explicitly reserved.