Privacy Policy

Privacy Policy

Controller: ORISMION Research (the “Controller”).

Contact: Use the in-product support channel or the email address shown in your account billing settings to reach our privacy contact.

This Policy explains how we process personal data when you use ORISMION Research. It is not legal advice. If you need legal guidance, consult a qualified professional.

1. What we process

We process account identifiers (such as email and user ID), authentication data, workspace and product usage data needed to run the service, and billing-related metadata associated with your subscription.

2. Purposes and legal bases (GDPR Articles 13–14)

We process data to:

- Provide the service — contract performance and steps prior to entering a contract.

- Security and abuse prevention — legitimate interests in securing accounts, detecting fraud, and enforcing acceptable use.

- Analytics — only where you have provided analytics consent through the in-product consent flow; you may withdraw or opt out as described below.

- Email marketing — only where you have given separate marketing consent; you may unsubscribe using the link in each marketing email or via account settings where available.

3. Retention

We retain personal data only as long as needed for the purposes above, to meet legal obligations, and to resolve disputes. Specific retention windows may vary by data category and jurisdiction; contact us for more detail about your account.

4. Your rights

Depending on your location, you may have the right to access, rectify, erase, restrict processing, object, data portability, and to withdraw consent where processing is consent-based. To exercise these rights, contact us through the channels in section 1. You may also lodge a complaint with your local supervisory authority.

5. Payment processing

Payments are processed by our payment service provider (e.g. Stripe). Card details are handled by the provider under its terms; we do not store complete primary account numbers (PANs) on our systems. We may store limited billing metadata (such as subscription status and invoice references) needed to operate the product.

6. Email marketing and analytics

- Marketing emails are sent only with appropriate consent. You can opt out at any time via the unsubscribe mechanism in the message or account settings.

- Product analytics (where enabled) uses the consent you provide in-app. You can change analytics consent in the application where the control is offered.

7. International transfers

Where data is transferred across borders, we use appropriate safeguards required by applicable law (such as standard contractual clauses where relevant).

8. Updates

We may update this Policy. The `document_version` and `effective_date` in the front matter reflect the current published version.