Legal · Privacy
Privacy Policy
Ovandor —
Your Personal
Intelligence
Effective date: June 25, 2026
Data controller: Ovandor, Inc.
This Policy applies to the Ovandor application, website, and related services (the "Service"). It does not apply to third-party sites we may link to.
1. Introduction
Ovandor ("we," "us," "our") builds a Personal Intelligence platform that turns your input into a private semantic record and proactively surfaces patterns and actions back to you. This Privacy Policy explains what we process, how we process it — including how we work with AI providers — how long we keep it, and the rights you have over it.
2. Information We Process
2.1 Information you provide
- Account information: name, email address, password (hashed), and billing information (processed by our payment processor — we do not store full card numbers).
- Content you submit: input you provide through the Service, including through voice, text, and document features. If your content contains information about other individuals, you are responsible for ensuring you have the right to upload and process that information in the context of the Service.
- Feedback and communications: anything you send us via support, surveys, or (if you participate) Concierge Beta interviews and check-ins.
2.2 Information generated by the Service
- Derived content: transcripts of voice input, the canonical markdown version of your input, version/audit-log history, and AI-generated assertions, relationships, syntheses, and proactive alerts produced from your content.
- Usage and device data: log data (timestamps, feature usage, error logs), device type, operating system, and app version, used for reliability and security purposes. This data is retained for up to 12 months in identifiable form and then deleted or aggregated.
- Voice processing: voice input is processed exclusively to convert speech to text. We do not use voice recordings to create voiceprints, voice profiles, or any other biometric identifier, and we do not use voice data for biometric identification, authentication, or any purpose other than transcription. By enabling voice features, you consent to this processing.
What we do not do
We do not use advertising SDKs, cross-app tracking identifiers, or third-party analytics tools that share your data with ad networks. We do not run advertising, and your content is never used to build advertising profiles or train general-purpose AI models.
3. How We Use Your Information
- To provide the Service: store your content, run the semantic compilation pipeline, generate wiki pages, and deliver proactive alerts, daily actions, and syntheses.
- To maintain security and integrity: authenticate you, detect abuse, and enforce our Terms of Service. This represents a legitimate interest we have assessed as proportionate to your privacy rights.
- To communicate with you: service notices, billing, support responses, and — only with your consent or as permitted by law — product updates.
- To comply with legal obligations: tax, accounting, and regulatory recordkeeping.
4. AI Processing and Sub-processors
Delivering Ovandor's core functionality requires routing your content to AI service providers for transcription and semantic analysis. We have selected providers under contractual Zero-Data-Retention (ZDR) terms: your content is processed to return a result and is not retained by any provider afterward, and is not used to train their models.
- Speech-to-text providers — transcription of voice input, under Zero-Data-Retention agreements.
- Language model providers — semantic compilation, assertion generation, and proactive syntheses, under Zero-Data-Retention agreements.
- Infrastructure providers — cloud hosting, database, and storage services used to run the Service, bound by data processing agreements.
We never log or store decrypted plaintext content outside the processing pipeline itself; decryption for AI processing happens in a secure enclave. A current list of sub-processors is available upon request at [email protected]. We will update this Policy and provide notice to users of material changes to our sub-processor arrangements before those changes take effect.
5. Personal Profile and AI Transparency
A core function of the Service is building and maintaining a personal semantic profile — an organized, evolving representation of the patterns, open loops, goals, and relationships derived from your input. This constitutes profiling under applicable data protection law (including Article 4(4) GDPR). You have full control over this profile at all times:
- Every assertion is labeled Human, Validated AI, or Candidate AI. You can accept, reject, or edit any assertion at any time.
- Every proactive push the Service sends you is identified as AI-originated at the point of delivery.
- AI-generated assertions display a confidence score, the reasoning behind them, and the source evidence they were drawn from.
- No solely automated decisions with legal or similarly significant effects are made about you based on your profile. Every output from the Service is advisory and requires your own review, judgment, and action. This means that Article 22 GDPR (restrictions on solely automated decision-making) does not apply to the Service's outputs.
What the Service does not do: the Service does not perform emotion recognition or infer emotional state from voice; voice is used for transcription only. The Service does not make consequential decisions on your behalf.
6. Legal Basis for Processing (EEA/UK Users)
- Performance of a contract (Art. 6(1)(b) GDPR) — processing your content, building your personal semantic profile, and delivering proactive outputs are all necessary to provide the Service you have signed up for.
- Legitimate interests (Art. 6(1)(f) GDPR) — security monitoring and fraud prevention, where we have assessed that our interests are not overridden by your privacy rights.
- Consent (Art. 6(1)(a) GDPR) — for optional marketing communications; for voice processing under applicable biometric or voice-recording laws; and wherever else consent is the basis we identify at collection.
- Legal obligation (Art. 6(1)(c) GDPR) — for tax, accounting, and regulatory recordkeeping.
Special category data
Because you control what you input, your content may incidentally reveal special category data under Article 9 GDPR (e.g., health, beliefs, or other sensitive information you choose to record). We do not intentionally extract or infer special category data. By submitting such content, you provide explicit consent (Art. 9(2)(a)) to its processing for the purpose of providing the Service. You control what you record and can delete any entry at any time.
Right to object to profiling
Where profiling is conducted on the basis of legitimate interests, you have the right to object at any time under Article 21 GDPR. Contact us at [email protected] to exercise this right. Note that objecting to profile-based processing may limit or prevent delivery of the Service's core features.
7. How We Share Information
We do not sell your personal information or your content. We do not share it with advertisers or use it for cross-context behavioral advertising. We share information only with:
- The sub-processors listed in Section 4, solely to provide the Service to you, under contractual confidentiality and Zero-Data-Retention terms;
- Service providers who support our operations (payment processing, customer support tooling, infrastructure), under data processing agreements;
- Professional advisors and successors in a merger, acquisition, or asset sale, subject to confidentiality obligations and continuity of this Policy's protections; and
- Authorities, where required by law, regulation, or valid legal process.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) and similar applicable laws. We will not discriminate against you for exercising any privacy rights available to you under applicable law.
8. Data Retention and Deletion
Your content is retained for as long as your account is active, including during the post-trial read-only state described in our Terms of Service — moving to read-only is a downgrade in functionality, not a deletion of data. This reflects a core product commitment: no idea you've recorded is lost simply because a subscription lapses.
If you request account deletion (via account settings or by emailing [email protected]), we will delete or irreversibly anonymize your content, derived assertions, embeddings, and backups within 30 days, except for records we are required to retain for legal, tax, or accounting purposes, which are retained only as long as required and then deleted. Anonymization means the data can no longer be linked back to you and is no longer personal data under applicable law.
You can request an export of your data at any time in a portable format.
9. Data Security
- Encryption at rest using AES-256-GCM with per-user encryption keys.
- Decryption for AI processing occurs in a secure enclave; plaintext is never logged or persisted outside that pipeline.
- Logical workspace isolation — every data access is scoped to your workspace.
- Authentication via short-lived access tokens and longer-lived refresh tokens stored in HttpOnly, Secure cookies on web, and in the OS-level secure keystore on mobile.
- Encrypted local queueing for offline mobile capture, with server-confirmed receipt before local deletion.
No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.
10. International Data Transfers
We and our sub-processors may process your information in countries other than where you live, including the United States. Where we transfer personal information out of the EEA, UK, or Switzerland, we rely on recognized transfer mechanisms — such as Standard Contractual Clauses or applicable adequacy decisions. For more information about the specific safeguards applied to any transfer, contact us at [email protected].
11. Your Rights
Depending on where you live, you may have rights over your personal information. These include the right to:
- Access, correct, or receive a portable copy of your personal information;
- Delete or request deletion of your personal information (subject to retention obligations — see Section 8);
- Restrict or object to certain processing, including the right to object to profiling based on our legitimate interests (see Section 6);
- Withdraw consent at any time where we rely on consent as the legal basis, without affecting the lawfulness of prior processing;
- Not be subject to solely automated decisions with legal or significant effects (see Section 5 — the Service does not make such decisions);
- Lodge a complaint with your local data protection authority (EEA/UK residents);
- Not be discriminated against for exercising your privacy rights (California residents under CCPA/CPRA);
- Opt out of the sale or sharing of your personal information — we do not sell or share personal information, so no opt-out is required; and
- Limit the use and disclosure of sensitive personal information (California residents under CPRA) — we do not use sensitive personal information beyond what is necessary to provide the Service.
These rights apply to different users depending on jurisdiction: EEA/UK residents have rights under the GDPR/UK GDPR; California residents have rights under the CCPA/CPRA; other jurisdictions may provide similar rights. To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law (typically 30 days, extendable once where permitted).
We are assessing applicable EU-specific obligations — including those under the GDPR and EU AI Act — and will implement required mechanisms as the Service and its user base develop.
12. Children's Privacy
The Service is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, contact [email protected] and we will delete it promptly.
13. Cookies and Tracking
We use cookies and similar technologies strictly necessary to authenticate you and maintain your session. We do not use third-party advertising cookies or cross-site tracking technologies, and we do not share information through such technologies with ad networks.
To the extent we use analytics to understand how the Service is used, we do so using privacy-preserving, aggregated methods that do not involve setting third-party cookies or sharing identifiable data with external parties. We will update this section if our approach to analytics changes in a material way.
We do not currently respond to browser "Do Not Track" signals, as there is no established technical standard for doing so that has been adopted across the industry. We will reassess this as standards develop.
14. Changes to This Policy
We may update this Policy from time to time. For material changes, we will provide notice (email or in-app) at least 14 days before the change takes effect. The "Effective date" above reflects the latest revision. Continued use of the Service after a change takes effect constitutes your acceptance of the updated Policy.
15. Contact Us
Effective date: June 25, 2026 · Ovandor Personal Intelligence Platform