Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, organization name, and billing information. If you sign up through a third-party authentication provider, we receive the profile information you authorize.

1.2 Agent Execution Data

When you deploy and run Agents on our platform, we collect and process execution data necessary to provide the Services. This includes:

• Execution traces — records of tool calls, LLM queries, decision points, inputs, outputs, latency, and token usage generated during Agent runs.
• State checkpoints — snapshots of Agent execution state captured for durable execution and replay purposes.
• Workflow configurations — Agent definitions, tool integrations, orchestration rules, and cost guardrail settings.
• Resource usage metrics — compute time, API call volumes, token consumption, and storage usage for billing and observability.

1.3 Customer Data Processed by Agents

Your Agents may process data on your behalf, which may include personal data, business records, communications, or other information ("Customer Data"). Orizin processes this data solely to provide the Services and acts as a data processor on your behalf. You remain the data controller and are responsible for ensuring that your collection and use of Customer Data complies with applicable laws.

1.4 Usage and Analytics Data

We collect information about how you interact with our website and platform, including pages visited, features used, browser type, device information, IP address, and referring URLs. This data is used to improve the Services and is collected through cookies and similar technologies.

1.5 Communications

When you contact us for support, provide feedback, or communicate with us through any channel, we collect the content of those communications along with associated metadata.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Services, including durable execution, tracing, replay, cost management, and multi-agent orchestration.
• Process billing and enforce usage-based pricing and cost guardrails.
• Generate observability dashboards, execution analytics, and cost reports for your account.
• Detect, prevent, and address security incidents, abuse, fraud, and technical issues.
• Improve, develop, and optimize the Services, including infrastructure performance and reliability.
• Provide customer support and respond to your inquiries.
• Send transactional communications such as service alerts, billing notifications, and security notices.
• Comply with legal obligations and enforce our Terms of Service.

3. How We Store and Protect Your Data

3.1 Infrastructure

Your data is hosted on Amazon Web Services (AWS) across multiple regions. We select data regions based on performance and compliance requirements. Enterprise customers may specify preferred data residency regions.

3.2 Security Measures

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Network isolation, firewalls, and intrusion detection systems.
• Role-based access controls and principle of least privilege for internal systems.
• Regular security audits, vulnerability assessments, and penetration testing.
• Incident response procedures with defined notification timelines.

3.3 Compliance and Certifications

Orizin maintains all industry-standard compliance certifications required for our line of business. We undergo regular third-party audits and maintain compliance with applicable data protection regulations, including the IT Act (India), GDPR (where applicable), and other relevant frameworks. Details of specific certifications are available upon request.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. Specific retention periods include:

• Execution traces and state checkpoints are retained according to your plan settings. You can configure retention periods and delete traces at any time.
• Account information is retained for the duration of your account and for a reasonable period thereafter for legal and business purposes.
• Billing records are retained as required by applicable tax and financial regulations.
• Usage and analytics data is retained in aggregated or anonymized form for service improvement purposes.

Upon account termination, Customer Data is available for export for thirty (30) days, after which it is permanently deleted from our systems within a reasonable timeframe.

5. Data Sharing and Disclosure

We do not sell your personal data or Customer Data. We may share information in the following limited circumstances:

• Service providers. We work with trusted third-party providers (cloud infrastructure, payment processors, analytics tools) who process data on our behalf under strict contractual obligations.
• LLM providers. When your Agents make LLM API calls routed through the platform, the relevant prompts and data are transmitted to the LLM provider you have configured. This data is governed by the LLM provider's terms and privacy policy.
• Third-party integrations. When your Agents interact with third-party tools and APIs you have configured, data is transmitted to those services according to their respective policies.
• Legal requirements. We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to equivalent privacy protections.
• With your consent. We may share information with your explicit consent or at your direction.

6. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and platform for the following purposes:

• Essential cookies that are necessary for the platform to function, including authentication and session management.
• Analytics cookies that help us understand how visitors interact with our website and platform so we can improve the user experience.
• Preference cookies that remember your settings and preferences.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Services.

7. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete personal data.
• Deletion — request deletion of your personal data, subject to legal retention requirements.
• Portability — request your data in a structured, machine-readable format.
• Restriction — request that we restrict the processing of your personal data under certain circumstances.
• Objection — object to the processing of your personal data for certain purposes.
• Withdrawal of consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at ask@orizin.ai. We will respond within the timeframes required by applicable law.

8. International Data Transfers

Your data may be processed and stored in regions outside your country of residence, including India and other AWS regions globally. Where data is transferred across borders, we ensure appropriate safeguards are in place, including standard contractual clauses, adequacy decisions, or other legally recognized transfer mechanisms as required by applicable law.

9. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take steps to delete it.

10. Self-Hosted Deployments

If you self-host the open-source Agent Engine, Orizin does not collect or have access to any data processed by your self-hosted instance. This Privacy Policy applies only to data processed through Orizin's managed Services and website. You are solely responsible for the data handling practices of your self-hosted deployments.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date. For significant changes that affect how we process Customer Data, we will provide advance notice through email or an in-product notification. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Orizin
Email: ask@orizin.ai
Hyderabad, India