Orika Logo

Orika Privacy Policy

Last Updated: November 19, 2025

1. Introduction

Orika ("we," "us," or "our") is an AI-powered engineering drawing analysis platform operated by Orika Futureworks Private Limited. We are committed to protecting your privacy and ensuring transparency in how we collect, process, store, and safeguard your information.

This Privacy Policy explains:

  • What information we collect
  • How and why we use your information
  • Your rights and choices
  • Our security practices
  • How we work with third-party providers

By accessing or using Orika, you agree to this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Scope and Applicability

This Privacy Policy applies to:

  • Orika's web and mobile applications
  • APIs, software, tools, and platforms provided by Orika

This Policy does not apply to third-party services you may interact with independently.

3. Definitions

  • Personal Information: Any data that identifies or can reasonably identify an individual.
  • Processing: Any operation performed on Personal Information (e.g., storage, access, modification, deletion).
  • Data Controller: Orika acts as a Data Controller for user account information.
  • Data Processor: Orika acts as a Data Processor for documents and engineering drawings uploaded by users.

4. Information We Collect

We collect the following categories of information:

4.1 Personal Information

  • Full name (if provided)
  • Email address
  • Account credentials (secured and hashed)
  • Communication history when you contact support

4.2 Documents and Uploaded Content

When you upload files for analysis, we process:

  • PDFs, CAD files, images, drawings, and related engineering documents
  • Extracted text, images, annotations, and metadata
  • Project-level metadata (file names, timestamps, usage logs)

We do not manually review your documents unless you explicitly authorize it for support or troubleshooting.

4.3 Automatically Collected Information

  • IP address and geolocation (approximate)
  • Device type, operating system, and browser
  • Application performance metrics
  • Cookies, log data, and analytics

5. How We Use Your Information

We use your information to:

5.1 Provide Core Services

  • Process, analyse, and extract information from engineering documents
  • Enable AI-powered features

5.2 Improve and Optimize the Platform

  • Enhance AI accuracy
  • Improve system performance
  • Debug issues and improve user experience

5.3 Communication

  • Provide service updates
  • Send security notifications
  • Respond to support requests

5.4 Authentication & Account Security

  • Verify user identity
  • Maintain secure access mechanisms

5.5 Legal and Compliance

  • Meet regulatory obligations
  • Investigate misuse or security incidents

6. What We Do Not Do With Your Data

  • We do NOT sell your personal information.
  • We do NOT use your uploaded documents to train third-party AI models.
  • We do NOT permit third-party providers to use your data for their own purposes.
  • We do NOT share your data with advertisers.

7. Legal Bases for Processing (GDPR & International Compliance)

Where applicable, we rely on the following legal bases:

7.1 Consent

For optional features or marketing communications.

7.2 Contractual Necessity

To provide services you explicitly request.

7.3 Legitimate Interest

For analytics, service improvement, and fraud prevention.

7.4 Legal Obligation

To comply with tax, audit, or regulatory requirements.

8. Third-Party Service Providers (Subprocessors)

We use trusted third-party partners:

8.1 Cloud Infrastructure & Storage

  • Amazon Web Services (AWS / S3) — secure file storage (encrypted)
  • Supabase (PostgreSQL) — user accounts, metadata, authentication

8.2 AI & Machine Learning Providers

  • OpenAI — document analysis, text extraction, generative features
  • Anthropic — advanced AI reasoning and understanding
  • Google Cloud — processing infrastructure and cloud ML tooling

8.3 Payment Processing

  • Razorpay — secure payments. We do not store full payment card data.

Each provider processes data strictly under contractual agreements and cannot use your data for independent purposes.

A full, most current list of subprocessors is available upon request.

9. International Data Transfers

Your information may be transferred to servers located in India, the United States, Singapore, or other jurisdictions.

We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements (DPAs)
  • Industry-recognized security certifications (where applicable)

10. Data Security

We employ industry-grade security measures including:

  • Encryption at rest: AES-256 (S3, Supabase)
  • Encryption in transit: TLS 1.2+
  • Role-based access control (RBAC)
  • Network isolation via VPC and firewall rules
  • API-level access controls
  • Continuous monitoring and logging

Internal access to customer documents is strictly limited and audited.

11. Data Retention

  • Uploaded documents: retained until you delete them or request deletion.
  • Account information: retained as long as your account remains active.
  • Backups: may retain residual data for up to 90 days, after which it is permanently deleted.

12. Data Deletion

You may request deletion of:

  • Your account
  • Uploaded files
  • Personal information

Deletion requests can be made at: connect@orika.ai.

We permanently remove data from active databases and schedule secure deletion from backups.

13. Automated Decision-Making & AI Transparency

Orika uses automated systems to:

  • Extract information
  • Classify drawing components
  • Generate insights

We do not make automated decisions that produce legal or significant personal impacts.

Human review options are available upon request.

14. Cookies & Tracking Technologies

We use cookies for:

  • Authentication (essential)
  • Usage analytics (optional)
  • Performance metrics (optional)

Where required by law, we request your consent for non-essential cookies.

15. Your Rights (GDPR, CCPA, and Global Privacy Laws)

Depending on your jurisdiction, you may have the right to:

  • Access your data
  • Correct inaccurate information
  • Delete your information
  • Restrict or object to processing
  • Export your data (data portability)
  • Opt out of marketing
  • Withdraw consent

To exercise rights, contact: connect@orika.ai.

16. Data Breach Notification

If a data breach occurs that may affect your information, we will:

  • Notify you without undue delay
  • Provide details on the nature and status of the breach
  • Offer guidance to protect your data
  • Notify regulators when required

17. Children's Privacy

Orika is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has submitted information, contact us for immediate deletion.

18. Policy Updates

We may update this Privacy Policy periodically. Changes will be reflected by the updated date at the top. We encourage you to review this Policy regularly.

19. Contact Us

For questions or concerns regarding privacy, data protection, or this Policy:

← Back to Home