Privacy Policy

Effective [Effective date]

Oryn (“Oryn”, “we”, “us”) is a personal morning-briefing app. This policy explains what we collect, why, who we share it with, and the choices you have. We designed Oryn to keep sensitive data minimal and, where possible, on your device.

Information we collect

Account & identity. When you sign in with Apple or by email one-time code, we receive your email address and, on first Apple sign-in only, your name. Apple also provides an opaque user identifier used by our authentication provider. We store your name, email, time zone, and chosen wake-up time.

Connected accounts (only the ones you choose to link):

• Gmail (optional).If you connect Gmail, we read recent inbox messages on our servers to triage what needs your attention and to let you archive or reply from the app. For the small number of messages chosen for your briefing we process the sender, subject, date, and Gmail’s short preview snippet — notfull message bodies or attachments. See “Google user data” below for the full disclosure.
• Plaid / financial accounts (optional). If you link bank or card accounts through Plaid, our servers retrieve account names, masked account numbers (last 4), balances, and recent transactions (merchant, amount, category, date) to build the money section of your briefing. Plaid credentials are held only on our servers; they are never stored on your device.
• Apple Health (optional). If you grant Health access, Oryn reads metrics such as sleep, steps, resting heart rate, heart-rate variability, activity rings, and workouts on your device. Raw HealthKit samples never leave your device. Only rounded daily totals (e.g. total sleep minutes, step count) are sent to our AI provider to write your health summary.
• Calendar (optional).If you grant Calendar access, event titles, times, locations, and attendees are used to build your day’s schedule section. This data is stored on our servers to generate your briefing.

Usage data. We record basic in-app events (e.g. app opened, a card expanded, an account connected) to improve the product. This is stored in our own database. Oryn uses no third-party analytics, advertising, or tracking SDKs (no Google Analytics, Firebase, Segment, Amplitude, Meta, etc.).

Notifications. If you enable notifications, we store a push token to deliver your briefing.

Subscriptions. Purchases are processed by Apple and managed through RevenueCat. We store your subscription status (active/expired), product, and expiry — not your payment card details.

How we use your information

• To generate and deliver your personalized morning/evening briefing.
• To perform actions you request (archive or send an email, refresh data).
• To operate, secure, and improve the app.
• To process subscriptions and provide support.

We do not sell your personal information, and we do not use it for third-party advertising.

AI processing

Oryn uses Anthropic’s Claude API to turn your connected-account data into readable summaries. The data described above (email metadata and snippets, summarized financial figures, daily health aggregates, calendar events) is sent to Anthropic solely to generate your briefing and suggested replies. This data is not used to train generalized AI models, and no human reads your content as part of providing this feature.

Google user data

Oryn (“we”, “us”) lets you connect one or more Gmail accounts so the app can surface the emails that need your attention in your morning briefing and let you act on them. This section describes exactly what Google user data we access, why, where it goes, and how to remove it.

Scopes we request and why

• https://www.googleapis.com/auth/gmail.modify — to read recent inbox messages so we can triage which ones matter, and to archive a message on your behalf when you tap Archive (we remove the INBOX label; we do not delete mail).
• https://www.googleapis.com/auth/gmail.send — to send a reply when you choose a suggested reply or write your own from within the app.

We request the narrowest set of scopes needed for these features and nothing more.

What we access and what we do with it

When you connect a Gmail account, Oryn reads metadata and short previews of your recent inbox messages on our servers to build your briefing. Specifically, for the small number of messages selected for your briefing we process:

• the sender’s name and email address,
• the subject line,
• the date the message was received,
• Gmail’s auto-generated preview snippet (a short excerpt, not the full message),
• the list of participant email addresses in a thread when a thread has multiple unread messages,
• short snippets from your Sent mail, only if you opt into a reply tone that matches your writing voice.

We do not access, transmit, or store:

• full message bodies,
• attachments,
• quoted or forwarded text beyond the preview snippet.

Sharing with AI service providers

To select which emails matter and to draft optional suggested replies, the metadata and preview snippets listed above are sent to our AI provider, Anthropic (the Claude API), acting as our service provider (subprocessor). This processing happens only to generate your briefing and reply suggestions — the user-facing features you asked for. This data is not used to train generalized AI/ML models, and no human at Oryn or Anthropic reads your emails as part of providing this feature.

We do not sell your Google user data, and we do not transfer it to third parties except the service providers strictly needed to operate these features (currently our cloud backend provider, Supabase, and our AI provider, Anthropic).

Limited Use disclosure

Oryn’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

• We only use Google user data to provide and improve the user-facing features described above.
• We do not transfer or sell Google user data for advertising, and we do not use it for any purpose other than these features.
• We do not allow humans to read Google user data unless (a) you give explicit consent for specific messages, (b) it is necessary for security or to comply with applicable law, or (c) the data is aggregated and anonymized for internal operations.
• We do not use Google user data to train, develop, or improve generalized AI/ML models.

Where your data lives and how it’s secured

• OAuth tokens(the credentials that let Oryn act on your behalf) are stored in two places: on your device in the operating system’s secure keystore (iOS Keychain via Secure Store), and on our backend so we can build your briefing on a schedule. On our backend, tokens are encrypted at rest using AES symmetric encryption (PostgreSQL pgcrypto / pgp_sym_encrypt), with the encryption key held in our database’s secrets vault and accessible only to privileged server-side database functions. Tokens are never exposed to the app or to other users.
• Your briefing (the triaged summary and selected emails) is stored on our backend and cached on your device for up to a few hours so the app loads quickly. The cache is cleared when you disconnect an account or sign out.
• Email reading happens server-side during briefing generation; the app itself contacts Gmail directly only to perform the actions you initiate (archive, send reply) using the token on your device.

Data retention and deletion

• Disconnecting a Gmail account(Settings → the account → Disconnect) immediately revokes Oryn’s access at Google, deletes that account’s stored tokens from our backend, removes the tokens from your device’s keystore, and clears the local briefing cache.
• Deleting your Oryn account revokes access for every connected Gmail account at Google and permanently deletes all associated data from our backend, including stored tokens and briefings.
• You can also revoke Oryn’s access at any time directly from your Google Account at myaccount.google.com/permissions.

Contact

Questions about how we handle Google user data: [Contact email] — [Legal entity], effective [Effective date], governed by the laws of [Governing jurisdiction].

Service providers (subprocessors)

We share data only with providers needed to run Oryn:

Data retention & deletion

• Disconnect an account(Gmail, Plaid, Health, Calendar) at any time in Settings; we revoke access and delete that connection’s stored data.
• Delete your account from within the app. This permanently deletes your stored data — profile, briefings, preferences, connected-account tokens, and financial/calendar snapshots — and revokes connected third-party access. For Gmail/Plaid you can also revoke access directly with those providers.
• We retain data only as long as your account is active or as required by law.

Security

Connected-account credentials (Gmail and Plaid tokens) are encrypted at rest. Access to stored data is restricted by row-level security so you can only access your own data. See the Security page for details.

Your rights

Depending on where you live (e.g. GDPR in the EU/UK, CCPA/CPRA in California), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise most of these directly in-app, or contact us at [Contact email]. We do not sell or “share” personal information as those terms are defined under CCPA/CPRA.

Children

Oryn is not directed to children and is intended for users 13 and older (or the minimum age in your jurisdiction). We do not knowingly collect data from children.

International users

Your data may be processed in the United States and other countries where our providers operate.

Changes

We’ll update this policy as the app evolves and revise the effective date. Material changes will be communicated in-app or by email.

Contact

[Legal entity], [Mailing address] — [Contact email].