Privacy Policy

Orayol Ltd ("Orayol", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform, website, and related services (the "Service"). By using the Service, you agree to the practices described here. This Policy is consistent with the UK GDPR and the Data Protection Act 2018.

We collect: (i) Account information such as name and email address; (ii) Health session content, encrypted end-to-end and stored securely; (iii) Payment data processed securely by our payment partners; (iv) Technical data such as browser type and IP address for security and service improvement.

Before any AI-assisted quality review is performed, all personal identifiers are automatically removed from session content using Named Entity Recognition (NER) technology. Your raw personal health data is never directly processed by AI systems. Only the anonymised quality score and a cryptographic hash are processed further. No health session is analysed by AI without your explicit consent, which you provide during registration and may withdraw at any time through your account settings.

We use your information to: provide and improve the Service; perform AI-assisted quality review of anonymised session content (with your consent); process subscription payments; respond to your enquiries; and comply with legal obligations.

Your account data is stored on secure servers in the United Kingdom and/or the EEA. Encrypted session records may also be stored on an immutable ledger for verification purposes; such records contain only cryptographic hashes and quality scores, not identifiable health content. We retain your data for the duration of your account and up to 7 years thereafter as required by law, unless you request earlier deletion.

We implement industry-standard measures to protect your data, including end-to-end encryption of session content, strict access controls, regular security audits, and secure HTTPS transmission. If you suspect unauthorised access to your account, please contact us immediately at support@orayol.com.

We do not sell or rent your personal information. We may share data with: service providers who assist in operating the platform (subject to confidentiality obligations); payment processors for subscription management; and legal authorities where required by law. Any sharing is limited to what is strictly necessary.

Under UK GDPR, you have the right to: access your personal data; correct inaccurate data; request deletion; restrict or object to processing; data portability; and withdraw consent. To exercise these rights, contact privacy@orayol.com. We will respond within 30 days.

Our website uses cookies to enhance your experience and analyse usage. You may adjust your browser settings to refuse cookies; however, some features may not function correctly without them.

Orayol reserves the right to update this Privacy Policy at any time. We will notify you of material changes by email or by posting a notice on our website. Continued use of the Service after such notice constitutes your acceptance of the updated policy.

For questions regarding this Privacy Policy, please contact: privacy@orayol.com. Our registered office is Orayol Ltd, United Kingdom.