Privacy Policy

Orin Labs, Inc. ("Orin Labs," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our suite of applications, websites, and services (collectively, the "Services"). This policy applies to all Orin Labs products, including those designed for minors and financial management tools.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Scope of This Policy
Information We Collect
How We Use Your Information
Legal Bases for Processing
Children's Privacy (COPPA Compliance)
Financial Information
Data Sharing and Disclosure
Data Retention
Data Security
International Data Transfers
Your Privacy Rights
California Privacy Rights (CCPA/CPRA)
European Privacy Rights (GDPR)
Cookies and Tracking Technologies
Third-Party Services
Do Not Track Signals
Changes to This Policy
Contact Information

1. Scope of This Policy

This Privacy Policy applies to all information collected through our Services, including:

Our websites and web applications
Mobile applications available on iOS and Android platforms
Educational and productivity applications designed for users of all ages, including minors
Financial management and planning tools
Any other services that link to this Privacy Policy

This policy does not apply to information collected by third parties, including through any application or content that may link to or be accessible from our Services.

2. Information We Collect

We collect several types of information from and about users of our Services:

2.1 Information You Provide Directly

Account Registration: Name, email address, username, password, date of birth, and profile information.
Identity Verification: Government-issued identification, Social Security Number (last four digits), or other verification documents when required for financial services.
Financial Information: Bank account numbers, routing numbers, credit/debit card information, transaction history, income information, and financial goals (for financial services only).
Communications: Information you provide when contacting customer support, responding to surveys, or participating in promotions.
User Content: Any content you create, upload, or share through our Services.

2.2 Information Collected Automatically

Device Information: Hardware model, operating system version, unique device identifiers, browser type, and mobile network information.
Log Data: IP address, access times, pages viewed, app crashes, and other system activity.
Usage Information: Features used, actions taken, time spent on pages, and interaction patterns.
Location Data: General location information derived from IP address. Precise location only with your explicit consent.
Cookies and Similar Technologies: Information collected through cookies, pixel tags, and similar tracking technologies.

2.3 Information from Third Parties

Financial Institutions: Account balances, transaction data, and account verification (with your authorization via secure APIs like Plaid).
Identity Verification Services: Results from identity verification checks.
Social Media Platforms: Information from connected social accounts (if you choose to link them).
Parents/Guardians: Information provided by parents or legal guardians on behalf of minor children.

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Provision: To create and manage your account, process transactions, and provide our Services.
Service Improvement: To understand how users interact with our Services and to develop new features and products.
Personalization: To customize your experience and provide content and features relevant to you.
Communications: To send you service-related notices, updates, security alerts, and support messages.
Marketing: To send promotional communications (with your consent where required by law).
Safety and Security: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Financial Services: To facilitate financial transactions, provide financial insights, and comply with financial regulations.

4. Legal Bases for Processing

We process your personal information based on the following legal grounds:

Contract Performance: Processing necessary to perform our contract with you or take steps at your request before entering into a contract.
Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Services, preventing fraud, and ensuring security.
Legal Obligations: Processing necessary to comply with legal requirements, including financial regulations and child protection laws.
Consent: Processing based on your consent, which you may withdraw at any time.
Vital Interests: Processing necessary to protect someone's life.

5. Children's Privacy (COPPA Compliance)

Orin Labs offers certain Services specifically designed for children under 13 years of age. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws protecting children's privacy.

5.1 Parental Consent

For Services directed to children under 13, we require verifiable parental consent before collecting, using, or disclosing personal information from children. Methods of obtaining consent may include:

Requiring a parent to sign a consent form
Requiring a parent to provide credit card or other payment information for verification
Having a parent provide a government-issued ID for verification
Video conferencing with a parent

5.2 Information We Collect from Children

With verified parental consent, we may collect from children:

Username (we encourage the use of screen names that do not reveal the child's identity)
Parent's email address (for account management and notifications)
Age or date of birth (to ensure age-appropriate experiences)
Usage data and progress within educational applications

We do NOT knowingly collect from children under 13 without parental consent:

Full name or address
Photos, videos, or audio files containing their image or voice
Geolocation information
Persistent identifiers for behavioral advertising

5.3 Parental Rights

Parents and legal guardians have the right to:

Review the personal information we have collected from their child
Request deletion of their child's personal information
Refuse to permit further collection or use of their child's information
Agree to the collection and use of their child's information without consenting to disclosure to third parties

To exercise these rights, please contact us at privacy@orinlabs.com with proof of parental relationship.

5.4 Teen Users (Ages 13-17)

For users between 13 and 17 years old, we may collect additional information with appropriate consent mechanisms. We apply enhanced privacy protections to teen accounts, including restricted data sharing and age-appropriate advertising practices where applicable.

6. Financial Information

Certain Orin Labs Services involve the collection and processing of financial information. We handle this data with the highest level of security and in compliance with applicable financial regulations.

6.1 Types of Financial Data Collected

Bank account information (account numbers, routing numbers)
Credit and debit card information
Transaction history and spending patterns
Income and employment information
Investment account information
Credit score and credit report information (with your authorization)
Tax-related information

6.2 How We Protect Financial Data

Encryption: All financial data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
PCI-DSS Compliance: We adhere to Payment Card Industry Data Security Standards for handling payment card information.
Access Controls: Financial data access is limited to authorized personnel on a need-to-know basis.
Tokenization: Sensitive payment credentials are tokenized and stored by PCI-compliant payment processors.
Regular Audits: We conduct regular security audits and penetration testing.

6.3 Financial Data Sharing

We may share financial data only with:

Financial institutions necessary to process your transactions
Payment processors and gateways
Account aggregation services (like Plaid) with your explicit consent
Regulatory authorities as required by law
Fraud prevention services

We do NOT sell financial data to third parties or use it for purposes unrelated to providing our financial Services.

6.4 Gramm-Leach-Bliley Act (GLBA) Compliance

To the extent our Services are subject to GLBA, we comply with its requirements regarding the privacy and safeguarding of nonpublic personal financial information. This includes providing you with clear notice of our information-sharing practices and your right to opt out of certain disclosures.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

7.1 Service Providers

We share information with third-party vendors and service providers who perform services on our behalf, such as hosting, analytics, customer support, payment processing, and marketing. These providers are contractually obligated to protect your information and may only use it for the purposes we specify.

7.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

Court orders and subpoenas
Government or regulatory agency requests
Law enforcement requests
National security or public safety requirements

7.3 Business Transfers

If Orin Labs is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

7.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

Account Data: Retained while your account is active and for a reasonable period thereafter (typically 3 years) for backup, archival, and audit purposes.
Transaction Data: Retained for 7 years to comply with tax and financial regulations.
Children's Data: Deleted promptly upon request from a parent/guardian or when no longer necessary for the purpose collected.
Marketing Data: Retained until you withdraw consent or opt out of communications.
Legal Hold: Data may be retained longer if subject to legal hold, litigation, or regulatory investigation.

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

9. Data Security

We implement comprehensive technical, administrative, and physical safeguards to protect your personal information:

Technical Measures: Encryption (TLS 1.3 in transit, AES-256 at rest), firewalls, intrusion detection systems, secure development practices, and regular security assessments.
Administrative Measures: Employee training, access controls, background checks, and incident response procedures.
Physical Measures: Secure data centers with access controls, surveillance, and environmental protections.

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

Breach Notification: In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

10. International Data Transfers

Orin Labs is based in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we use appropriate safeguards, including:

Standard Contractual Clauses approved by the European Commission
Data Processing Agreements with our service providers
Additional technical and organizational measures as appropriate

11. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information (subject to legal retention requirements).
Portability: Request a copy of your data in a structured, machine-readable format.
Restriction: Request that we limit how we use your information.
Objection: Object to processing of your information for certain purposes.
Withdrawal of Consent: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@orinlabs.com. We will respond to your request within the timeframe required by applicable law.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You can request information about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
Right to Correct: You can request correction of inaccurate personal information.
Right to Opt-Out: You can opt out of the sale or sharing of your personal information. Note: Orin Labs does not sell personal information.
Right to Limit Use of Sensitive Information: You can limit our use and disclosure of sensitive personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, email privacy@orinlabs.com. We may need to verify your identity before processing your request.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

All rights listed in Section 11 above
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you, unless certain conditions are met.

Data Controller: Orin Labs, Inc. is the data controller for personal information collected through our Services. For questions about our data practices, contact our Data Protection Officer at dpo@orinlabs.com.

14. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with our Services.

Types of Cookies We Use

Essential Cookies: Required for the operation of our Services. These cannot be disabled.
Functional Cookies: Enable enhanced functionality and personalization.
Analytics Cookies: Help us understand how users interact with our Services.
Marketing Cookies: Used to deliver relevant advertisements (not used for children's Services).

Managing Cookies

You can manage cookie preferences through your browser settings or through our cookie consent tool where available. Note that disabling certain cookies may affect the functionality of our Services.

15. Third-Party Services

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

Key third-party services we may integrate with include:

AI service providers (Anthropic, OpenAI, Google Gemini)
Payment processors (Stripe, PayPal)
Account aggregation services (Plaid)
Analytics providers (Google Analytics, Mixpanel)
Cloud infrastructure providers (AWS, Google Cloud)
Customer support platforms

16. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no uniform standard for how companies should respond to DNT signals. At this time, we do not respond to DNT signals. However, you can manage your privacy preferences through our cookie settings and by exercising your rights as described in this policy.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Provide notice through our Services or via email (for material changes)
Obtain consent where required by law, particularly for changes affecting children's data

We encourage you to review this policy periodically. Your continued use of our Services after any changes indicates your acceptance of the updated policy.

18. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Orin Labs, Inc.

Attn: Privacy Team
965 Oak St
San Francisco, CA 94117
United States

General Privacy Inquiries: privacy@orinlabs.com

Data Protection Officer: dpo@orinlabs.com

Children's Privacy: coppa@orinlabs.com

← Back to Home Terms of Service

Table of Contents