· Legal

Privacy Policy.

Last updated: April 23, 2026

This policy explains what oran.chat collects when you use the Service, why we collect it, and the choices you have. It applies to oran.chat and covers account, billing, and chat data.

1. What we collect

  • Account data: name, email, a hashed password (we never store your password in plain text), and any profile settings you add.
  • Chat data: the messages you send and receive, files you attach (PDFs, images), the model you used for each message, and conversation titles and metadata.
  • Usage data: message counts per day, which model was used, the feature flags on your account (e.g. free vs Pro), and basic request logs needed to run the Service.
  • Billing data: if you subscribe to Pro, Stripe handles payment details on our behalf. We store only the Stripe customer and subscription identifiers plus the status of your subscription — we do not store card numbers.
  • Technical data: IP address, user agent, and cookies described below. We use this to authenticate you and to detect abuse.

2. How we use it

  • Provide and maintain the Service, including sign-in and sessions;
  • Route messages to the AI provider you select, display conversations back to you, and keep your history available across devices;
  • Send transactional emails (email verification, password reset, magic-link sign-in);
  • Enforce usage limits and detect abuse;
  • Bill and support Pro subscriptions;
  • Communicate with you about the Service. We will not send marketing without your opt-in.

3. Third parties we share with

We share data only with the service providers we need to run oran.chat:

  • AI model providers (currently OpenAI and Anthropic). When you pick a model and send a message, the contents of that message — including any attachments — are transmitted to the chosen provider so it can generate a response. These providers process the data under their own API terms.
  • Stripe — payment processing for Pro subscriptions.
  • Resend — sending transactional email (verification, reset, magic-link).
  • Our hosting and database providers — to store account and conversation data and to serve the app.

We do not sell personal data. We do not share it for cross-context behavioural advertising.

4. Your chats and model training

We do not train any model on your conversations. We select AI providers whose API terms do not use customer inputs or outputs to train their models by default. If a provider changes this default in a way that would affect you, we will update this policy and, if the change is material, notify you before it takes effect.

5. Cookies and similar technologies

We use a small number of first-party cookies, all strictly necessary for the Service:

  • A session cookie that keeps you signed in;
  • A CSRF cookie that protects sign-in and sign-up forms;
  • A theme cookie that remembers whether you prefer light or dark mode.

We do not use advertising or cross-site tracking cookies. If we later add privacy-respecting analytics, we will list the provider here.

6. Security

Data is transmitted over HTTPS and stored with encryption at rest by our database and blob-storage providers. Passwords are hashed using a modern, memory-hard algorithm; we never see your plain password. Access to production data is limited to the maintainer and logged. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

7. How long we keep data

  • Account and chat data: kept while your account is active. If you delete your account, we remove or anonymise the data within 30 days, except where law requires us to keep it longer (for example, tax records).
  • Billing records: retained for as long as needed to meet accounting and tax obligations in the relevant jurisdiction.
  • Logs: retained for up to 30 days for troubleshooting and abuse detection.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you;
  • Ask us to correct or update it;
  • Ask us to delete it;
  • Object to or restrict certain processing;
  • Receive a copy of it in a portable format.

You can delete your account at any time from settings, which exercises several of these rights. For anything else, email hello@oran.chat from the address on your account and we will respond within 30 days.

9. Children

oran.chat is not intended for children under 13. If we learn we have collected personal information from a child under 13 without verified parental consent, we will delete it.

10. International users

Our infrastructure runs in regions we choose for reliability and performance. By using the Service you understand your data may be processed in countries other than your own, including the United States and the European Union.

11. Changes to this policy

We may update this policy as the Service evolves. We will change the “Last updated” date at the top and, for material changes, give at least seven days’ notice by email or in-app before they take effect.

12. Contact

Questions or requests? hello@oran.chat.

See also our Terms of Service.