Global legal and payment contour
Privacy Policy
How personal data, payment statuses, cookies, and AI Studio inputs are processed.
This policy is drafted as the public privacy document for the international ORI contour. It reflects the current service structure and the processor categories implied by the project files, while leaving exact processor naming to the final production review.
1. General
This Privacy Policy describes how Individual Entrepreneur Oleg Alekseyi Goncharov processes and protects personal data collected through the ORI website, account area, checkout pages, support channels, and AI Studio. It applies to all information provided or generated when the user registers, purchases access, uses service features, uploads files, or contacts support.
2. What data may be processed
| Category | Examples | Why it is processed |
|---|---|---|
| Account data | email, login, display name, account identifiers, authentication metadata | registration, sign-in, account security, communication |
| Payment data | payment status, amount, currency, order/payment IDs, subscription status, stored-payment token references | payment processing, renewals, refunds, support |
| Service input data | birth date/time/place, notes, chart-related inputs, saved calculation history | chart building, storage, synchronization, service features |
| AI Studio data | prompt ID, message text, selected scenario, attached files, response history, technical context | generation of AI outputs, support, service quality |
| Technical data | IP address, browser and device data, cookies, logs, timestamps, error events | security, diagnostics, analytics, abuse prevention |
| Support correspondence | emails, requests, attachments, dispute and refund details | support, claim handling, fraud prevention |
3. Purposes of processing
- to create and maintain user accounts;
- to provide digital features, subscriptions, AI packs, and AI outputs;
- to process payments, recurring renewals, refunds, charge investigations, and payment-related support;
- to answer support requests and send service messages;
- to protect the service, detect abuse, log technical events, and improve product quality.
4. Legal grounds
- performance of a contract or steps taken at the user's request before entering into a contract;
- the user's consent where a consent-based flow is used, including form and checkout checkboxes;
- the Merchant's legitimate interests in security, diagnostics, service administration, and improvement, provided those interests do not override the user's rights;
- compliance with accounting, tax, anti-fraud, or other legal obligations applicable to the Merchant.
5. Payment data
Card and similar payment-instrument data is processed by Evocabank V-POS / ARCA payment infrastructure. The Merchant does not receive the full card number, CVC/CVV, or other full payment credentials. The Merchant may receive and store payment statuses, IDs, subscription and stored-payment references, and other limited billing metadata required to confirm payment, handle recurring charges, process refunds, or resolve disputes.
6. AI Studio and AI outputs
- To generate AI outputs, the service may process the user's text prompts, selected scenario, uploaded files, technical context, and account-linked calculation data relevant to the request.
- Users must not upload unlawful content, excessive personal data, or third-party materials unless they have a valid right and lawful basis to do so.
- Where necessary, the Merchant may transmit the minimum required portion of the request to an external AI provider or cloud model used to generate the requested output.
7. Sharing with processors and contractors
- payment providers and banking/acquiring infrastructure — including Evocabank V-POS / ARCA for the international contour — to process payments, recurring billing, and refunds;
- hosting and infrastructure providers — to run the website, storage, and service logic;
- email and communication vendors — to send service messages and support replies;
- analytics and monitoring tools — to measure usage and maintain service stability;
- AI providers and subcontractors — to process a specific AI request or maintain AI functionality;
- authorities or other parties — where disclosure is required by law, court order, or a lawful request.
Some processors may operate outside the Republic of Armenia. Where cross-border processing is used, the Merchant seeks to limit transfers to what is necessary for the service and to apply reasonable contractual and organizational safeguards.
8. Cookies and technical identifiers
The site may use essential, functional, and analytics cookies or similar identifiers. Users can limit cookies in browser settings, but some service functions may then work incorrectly.
| Type | Purpose | Can it be disabled? |
|---|---|---|
| Essential | authentication, session security, baseline settings | Usually not, otherwise parts of the service may not work properly |
| Functional | remembering interface and preference settings | Yes, but some settings may not persist |
| Analytics | understanding site usage and improving the product | Yes, through browser settings or a cookie banner where applicable |
9. Retention
Data is retained no longer than necessary for the purposes described above, the lifetime of the account and purchased services, required accounting and tax periods, fraud-prevention needs, and the time needed to resolve support requests, payment disputes, and legal claims.
10. User rights
- to request information about how their data is processed;
- to request correction, deletion, or restriction where applicable;
- to withdraw consent where processing relies on consent;
- to object to certain processing or request data portability where such rights exist under applicable law;
- to contact the Merchant with privacy questions or complaints.
11. Security measures
- access to personal data is limited to persons and contractors who need it for service operation or support;
- the service uses technical and organizational measures, including access controls, logging, backups, and HTTPS where applicable;
- administrative, infrastructure, and support access is restricted and reviewed as reasonably necessary.
12. Privacy contacts
Privacy requests, consent withdrawals, and rights-related questions should be sent to support@ori24.app with the subject line “Privacy / Personal Data”. The Merchant may request additional information to verify the identity of the requester before acting on a request.
13. Updates
The Merchant may update this Privacy Policy. The current version should remain publicly available on the site wherever personal data is collected and in the footer or legal section.