Privacy Policy

1. Who We Are

Orso is developed and published by Orso Inc., a California C Corporation. The registered business address is 2108 N ST STE N, Sacramento, Sacramento County, CA 95816, United States. Unless otherwise stated, Orso Inc. is the entity responsible for the processing of personal information described in this Policy.

Orso is designed as a wellbeing-focused product. Because some features may involve reflective, emotional or health-adjacent information, privacy is treated as a product-level responsibility rather than a background formality.

Privacy contact: contact@orso-assistant.com

2. Scope of This Policy

This Privacy Policy applies to the Orso application, Orso-operated websites that link to this Policy, support communications, legal and product pages, waitlists, contact forms, and related services that expressly incorporate this Policy.

This Policy does not govern services that are operated independently by third parties, including Apple, your internet provider, your mobile carrier, payment platforms, or third-party sites you may access through links. Those services are subject to their own terms and privacy policies.

3. Information That May Be Processed

3.1 Information you provide or create

You may provide or create information such as journal entries, mood logs, reflections, tags, routines, notes, answers to questionnaires, settings, preferences, and other content you choose to store in Orso. Depending on how you use the app, this information may be sensitive or highly personal. Orso is developed with the objective that this private wellbeing content remains under user control and, wherever reasonably possible, outside Orso’s direct access.

3.2 Permission-based information

If you grant permission, selected categories of information from your device or platform environment may be used in connection with Orso features, including health-related categories made available through Apple Health and HealthKit, notification settings, and limited system data needed for feature functionality. The existence and scope of such processing can depend on platform architecture, permissions, and the specific feature involved.

3.3 Technical and diagnostic information

Technical or operational information may in some circumstances be processed, including app version, iOS version, device model, performance metrics, crash logs, error reports, hosting logs, delivery metadata, or similar diagnostics, to operate, secure, maintain or improve the service where such processing exists in practice.

3.4 Support and correspondence

If you contact us, Orso may receive your name, email address, the contents of your message, attachments, screenshots, and any follow-up correspondence related to your request. Support or contact workflows are one of the main situations in which Orso may receive user information directly.

3.5 Commercial and compliance information

Where relevant, Orso or applicable platform providers may process subscription status, entitlement state, transaction references, fraud-prevention signals, abuse indicators, or records required for accounting, tax, legal or security purposes.

4. Health Data and HealthKit

Some Orso features may allow selected categories of Apple Health data to be used in order to help you understand patterns between wellbeing and daily habits. This access is optional and subject to your explicit authorization through Apple’s permission framework. Orso’s product direction is to treat such information as especially sensitive and to avoid unnecessary external exposure.

Examples may include sleep, activity, steps or similar categories that you choose to make available. Orso does not claim to provide diagnosis, treatment or emergency response. Health-related data is intended to support reflective features, not to operate as a medical device workflow.

If you do not grant Health access, Orso should still retain a meaningful core experience, although some contextual features may be more limited. You may revoke Health permissions through the Health app or through iPhone settings at any time.

5. How We Use Information

Information that Orso or its providers may receive can be processed for the following purposes:

• to provide, maintain and improve Orso
• to display and organize your stored wellbeing content
• to enable selected insight, reminder, preference and continuity features
• to process optional Health-based features you authorize
• to diagnose bugs, improve performance and protect service integrity
• to respond to support requests, feedback and business communications
• to administer subscriptions, access rights and premium entitlements
• to detect fraud, abuse, unauthorized access or violations of our Terms
• to comply with law, enforce our rights and protect users, Orso and the public

Where applicable, legal bases may include performance of a contract, legitimate interests, legal obligations and, for sensitive permission-based features such as Health access, your consent.

6. On-Device Processing and AI

Orso is designed with an on-device-first and data-minimization approach for sensitive wellbeing features where reasonably possible. This means the product direction is to keep intimate reflective content under user control, to avoid direct access to that content wherever reasonably possible, and to limit unnecessary external processing.

Some features may use system intelligence or locally available processing to generate summaries, patterns or structure. If optional cloud-assisted features are introduced in the future and they materially change how sensitive content is processed, those changes should be described through an updated Policy or a feature-specific notice.

On-device processing does not mean that no technical providers are ever involved anywhere in the product. It means that the service is intended to distinguish between sensitive reflective content and the separate operational systems needed to run a modern app, such as hosting, support or diagnostics.

7. Sharing and Disclosures

Orso does not present intimate wellbeing content as a product to be broadly distributed. Information may be shared or disclosed only in the limited situations described in this Policy, including:

• with service providers acting on our behalf
• with Apple or other platform operators where necessary to administer app distribution, permissions or billing
• if required by law, regulation, valid legal process or governmental request
• to investigate fraud, abuse, security issues or violations of our Terms
• to protect rights, property, safety or the integrity of the service
• in connection with a merger, financing, acquisition, reorganization or sale of assets, subject to applicable safeguards

We do not sell Health data for advertising. We do not represent the service as an advertising-profile business built around intimate wellbeing content.

8. Service Providers

Orso may use technical providers for infrastructure, hosting, website operations, diagnostics, email, support, limited operational analytics, content delivery, payment-related administration and similar business purposes. Different providers may receive different categories of information depending on the function they perform, and the existence of a provider relationship does not mean all categories of private wellbeing content are available to that provider.

Where providers process data on our behalf, they are expected to do so under appropriate contractual, security and operational restrictions consistent with the purpose for which they are engaged.

9. International Transfers

Because technical infrastructure and providers may operate across multiple jurisdictions, personal information may be processed outside your country of residence. Where applicable law requires it, we intend to rely on lawful transfer mechanisms and appropriate safeguards for cross-border processing.

Cross-border processing does not change the basic principle that sensitive data should be handled in a proportionate and purpose-limited manner.

10. Retention

Information may be retained for different periods depending on the category of information and the reason it exists. Private wellbeing content may remain on the user’s device for as long as the user keeps it there, subject to the device, platform or backup environments the user chooses. Support records may be retained long enough to resolve a request, maintain continuity, document issues and comply with legal obligations. Technical or operational logs may be retained for security, debugging, delivery, fraud prevention or service improvement for an appropriate period and then deleted, aggregated or anonymized where appropriate.

Retention is based on operational need, legal necessity, security and the nature of the information involved. We do not intend to retain personal information indefinitely without purpose.

11. Security

Orso uses administrative, technical and organizational measures designed to protect personal information, taking into account the nature of the service and the sensitivity of certain categories of data. These measures may include permission controls, device-level protections, limited access practices, reputable infrastructure providers, security reviews, and minimization of unnecessary external processing. Where private wellbeing content is intended to remain under user control, that architectural choice is itself part of the privacy and security approach.

No service can guarantee absolute security. Users should also help protect their information by securing their devices, accounts and email access, and by using current software and device protections.

12. Your Choices and Rights

Depending on your location, you may have rights relating to access, correction, deletion, restriction, portability, objection, withdrawal of consent and the right to receive information about Orso’s data practices. Some of these rights may apply differently depending on the nature of the processing involved and on whether the relevant information is held by Orso, by a platform provider, or remains only within the user’s own device environment.

You may also be able to control certain data uses directly through your device settings, such as Health permissions, notifications, app permissions and other system-level controls.

To make a privacy request, contact contact@orso-assistant.com. We may need to verify your identity before acting on a request in order to protect your information.

13. Children and Age Limits

Orso is not intended for children under 15. We do not knowingly collect personal information from children below that threshold through the service. If we learn that prohibited under-age use has resulted in improper collection, we may take appropriate steps including deleting relevant information where required.

The existence of an age threshold does not remove the need for careful defaults, clear language and restrained data practices. Wellbeing products can be sensitive even for older users.

14. Support and Communications

When you contact us for support, feedback or business communication, we may use the information you provide to respond, troubleshoot, maintain continuity, document recurring problems and improve the service. Support communications should not be repurposed for unrelated profiling or hidden commercial exploitation.

You should avoid sending more intimate content than necessary in a support request when a shorter technical explanation is enough to resolve the issue.

15. Website Data, Cookies and Similar Technologies

The Orso website is not intended to operate as a behavioral advertising platform. That said, like most websites, it may involve server logs, strictly necessary cookies, security tools, basic operational analytics, hosting records or similar technologies needed to maintain reliability, safety and performance.

If the website later introduces materially different cookie or analytics practices that require additional disclosure or consent, this Policy and any related notices should be updated accordingly.

16. Billing and Platform Records

If Orso offers subscriptions, trials or purchases, certain records may be created through Apple’s systems or other payment-related infrastructure. These may include subscription status, transaction references, billing region, entitlement state or similar records needed to administer access and support premium features. Even where Orso seeks to minimize direct data collection, platform-managed commercial flows can still generate limited operational records.

These records are used for service administration, support, accounting, fraud prevention and compliance. They are not intended to convert intimate wellbeing content into a commercial profile.

17. Legal Requests, Abuse Handling and Compliance

We may preserve, review or disclose information where reasonably necessary to comply with applicable law, valid legal process, regulatory requirements, court orders, governmental requests, fraud-prevention needs, abuse investigations, security reviews or the protection of rights, property and safety.

Where appropriate, we may also preserve records needed to enforce our Terms, respond to claims, or investigate misuse of the service.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect product changes, legal developments, infrastructure changes, new features or improved explanations. The “Last Updated” date at the top of this page indicates when the latest revision was made.

Your continued use of the service after the effective date of an updated Policy may mean that the updated version applies, to the extent permitted by law. Where required, additional notice may be provided.

19. Contact Us

If you have questions about this Privacy Policy or about how Orso handles personal information, you may contact us at contact@orso-assistant.com.

Where applicable, you may also have the right to contact a competent supervisory or data protection authority in your jurisdiction if you believe your rights have not been respected.