Skip to main content
LEGAL

Privacy Policy

How we collect, use, and protect your personal information.

Effective from July 24, 2025.

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, company information, and billing details when you create an account
  • Communication Data: Messages, support requests, and feedback you send to us
  • Payment Information: Credit card details and billing information (processed securely through our payment processors)
  • Content: PEAC policies, receipts, and other data you upload or generate through our services

Information We Collect Automatically

  • Usage Data: API calls, feature usage, performance metrics, and interaction patterns
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Analytics Data: Page views, clicks, time spent on our services, and user flows
  • Technical Logs: Error logs, security events, and system performance data

Information from Third Parties

  • Authentication Providers: Profile information from SSO providers like Google, GitHub, or Microsoft
  • Payment Processors: Transaction status and payment verification data
  • Integration Partners: Data from connected services and platforms you authorize

2. How We Use Your Information

Service Provision

  • Provide, operate, and maintain our PEAC protocol infrastructure
  • Process payments and manage billing for our services
  • Generate and verify cryptographic receipts
  • Facilitate policy discovery and consent management

Communications

  • Send service-related notifications and updates
  • Respond to your inquiries and provide customer support
  • Share product updates and feature announcements
  • Send marketing communications (with your consent)

Improvement and Analytics

  • Analyze usage patterns to improve our services
  • Monitor system performance and security
  • Develop new features and capabilities
  • Conduct research on agentic web technologies

Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Protect against fraud, security threats, and abuse
  • Enforce our terms of service and policies
  • Respond to legal requests and court orders

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our business:

  • Cloud Hosting: Vercel, AWS, and other infrastructure providers
  • Payment Processing: Stripe, PayPal, and other payment processors
  • Analytics: Google Analytics, Mixpanel, and similar services
  • Customer Support: Intercom, Zendesk, and communication platforms

Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred as part of the transaction.

Legal Requirements

We may disclose your information when required by law, regulation, or legal process, or when necessary to protect our rights or the safety of others.

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: Data is encrypted in transit using TLS 1.3 and at rest using AES-256
  • Access Controls: Strict role-based access controls and multi-factor authentication
  • Monitoring: Continuous security monitoring and intrusion detection
  • Regular Audits: Third-party security assessments and penetration testing
  • Incident Response: Comprehensive incident response and breach notification procedures

5. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for 3 years after closure
  • Receipt Data: Retained for 7 years for compliance and audit purposes
  • Payment Records: Retained for 7 years as required by financial regulations
  • Usage Logs: Retained for 2 years for security and analytics purposes

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Rectification: Request correction of inaccurate or incomplete information
  • Erasure: Request deletion of your personal information (subject to legal obligations)
  • Portability: Request a copy of your data in a machine-readable format
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdrawal: Withdraw consent for marketing communications

To exercise these rights, please contact us at contact@originary.xyz.

7. International Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for transfers to countries with adequate data protection
  • Certification schemes and codes of conduct where applicable

8. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

  • Essential Cookies: Necessary for basic functionality and security
  • Analytics Cookies: Help us understand how our services are used
  • Marketing Cookies: Used for targeted advertising (with your consent)

You can manage cookie preferences through your browser settings or our cookie preference center.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered email address
  • Prominent notice on our website
  • In-app notifications for significant changes

Your continued use of our services after such notice constitutes acceptance of the updated policy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Contact: contact@originary.xyz

Mailing Address (US):
Originary
3260 Hillview Ave
Palo Alto, California, US - 94304
United States

Mailing Address (India):
Originary
Ground floor, DLF Cyber City
WeWork Forum, DLF Phase 3
Gurugram, Haryana 122002
India

12. Jurisdiction-Specific Provisions

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and how it’s used, and the right to delete personal information.

European Union Residents (GDPR)

EU residents have rights under the General Data Protection Regulation, including the right to access, rectify, erase, restrict processing, and data portability.

Virginia Residents (VCDPA)

Virginia residents have rights under the Virginia Consumer Data Protection Act, including rights to access, correct, delete, and opt-out of certain processing activities.