Privacy Policy — orain.ai

Last updated: 20.12.2025

This Privacy Policy explains how orain.ai (“we”, “our”, “the Service”) collects, processes, stores, and protects personal data when you use our AI-powered chatbot platform, including our dashboard, embedded chat widgets, and website.

By using orain.ai, you agree to the practices described below.

1. Data We Collect

We collect only the data necessary to operate and improve the Service. Depending on your usage, the following categories of data may be processed.

1.1 Account & Workspace Information

Name
Email address
Workspace or company name
Login credentials (securely hashed)
Billing details (if applicable)

1.2 Uploaded Content (Knowledge Sources)

Users can upload the following file types:

PDF documents
Excel spreadsheets (XLS, XLSX)
PowerPoint presentations (PPT, PPTX)
Text files (.txt, .md, .docx if supported)
URLs (to fetch website content)

These files and links are processed solely for:

Knowledge base creation
Extracting text and content
Generating embeddings
Improving chatbot response accuracy

We do not use uploaded content to train public AI models.

1.3 Chat & Interaction Data

When end users interact with your chatbot, we may process:

User messages
AI-generated responses
Conversation logs
Timestamps
Basic device and browser metadata

This data is stored to:

Generate accurate answers
Allow workspace owners to review conversations
Improve service reliability and performance

1.4 Technical & Usage Data

Collected automatically during use:

IP address (may be anonymized where required)
Browser and device type
Referrer URLs
Error logs
Performance data

This information helps us monitor security and optimize the platform.

2. How We Use Your Data

We use the collected data for the following purposes:

Operating and improving the chatbot platform
Generating AI-based responses
Creating and maintaining knowledge bases
Providing user support
Authentication and security
Usage analytics
Managing subscriptions and billing
Complying with legal obligations

We never sell your data or use it for external marketing.

3. Legal Basis for Processing (EU/EEA GDPR)

If you are located in the EU/EEA, we process your data under:

Art. 6(1)(b) GDPR — Performance of a contract
Art. 6(1)(f) GDPR — Legitimate interests (security, analytics, platform operation)
Art. 6(1)(a) GDPR — Consent for optional analytics and cookies
Art. 28 GDPR — Processing under Data Processing Agreements

Workspace owners act as data controllers for all chatbot interactions and uploaded content.

4. Data Storage & Security

We protect your data using industry-standard security measures, including:

GDPR-compliant servers located within the EU
Encryption in transit (TLS 1.2+) and at rest
Regular backups
Strict access control for employees
Hashed authentication credentials
Continuous monitoring and security audits

While we maintain strong protections, no system is entirely immune to security risks.

5. AI Processing

To generate responses, user prompts and relevant context may be sent to approved AI providers such as OpenAI or Azure OpenAI.

We guarantee that:

Your data is used only for inference
It is never used to train public AI models
All providers comply with strict GDPR and privacy requirements

A full list of sub-processors is available upon request.

6. Data Sharing & Sub-Processors

We may share data with trusted third-party service providers supporting:

Hosting and infrastructure
AI inference processing
Payments
Authentication
Error monitoring and analytics

All third parties operate under GDPR-compliant Data Processing Agreements.

We do not sell or rent personal data.

7. Data Retention

We retain data based on operational and legal requirements:

Account data — until deleted by the user
Uploaded files (PDF, XLS, PPT, text) — until removed by the workspace owner
Imported website content (URLs) — until manually deleted
Chat logs — stored until deleted via workspace settings
Billing information — retained as required by law

Users may request data deletion at any time.

8. Your Rights (GDPR / EEA Users)

You have the right to:

Access your personal data
Correct inaccurate information
Request deletion
Restrict processing
Object to processing
Withdraw consent
Request data portability

To exercise these rights, please contact us.

9. Cookies

We use:

Essential Cookies

Required for:

Login
Session management
Security

Optional Analytics Cookies

Used only with explicit consent.

10. Links to Third-Party Sites

orain.ai may contain links to external websites.
We are not responsible for their content or privacy practices.

11. Children’s Privacy

The Service is not intended for children under 16 years of age, and we do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time.
The “Last updated” date at the top reflects the latest version.

13. Contact

For questions about this Privacy Policy or your personal data rights:

orain.ai — Privacy Department
📧 Email: pz@solidscale.co

Address:
SolidScale Ltd.
Georgiou Karaiskaki 11–13
Carisa Salonica, Office 102
7560 Pervolia, Larnaca
Cyprus