Privacy
Policy

• Account data — email address, account name, locale and authentication identifiers;
• Workspace content — knowledge-base documents you upload, assistant settings and prompts, connected bot configuration;
• Messaging data — conversations between your customers and your connected assistants (see section 2);
• Billing data — subscription plan, status, billing period and payment identifiers (card details are handled by Paddle and never reach our servers);
• Technical data — logs needed for security and reliability (timestamps, request metadata, error reports).

The platform connects to Instagram through the official Meta APIs (Instagram Graph API) and to Telegram through the Telegram Bot API. When a customer messages a connected business in Instagram Direct or Telegram, we process and store:

• the content of the conversation messages;
• the sender’s Instagram-scoped ID (IGSID) or Telegram ID and username;
• the connected business account identifier;
• contact details the customer chooses to leave (name, phone number) and their stated interest.

This data is used solely so the AI assistant can reply on behalf of the connected business, record the lead and book appointments. We do not publish content on your behalf and we do not use conversations for advertising.

Your data is used exclusively to operate the platform: generating AI replies, storing leads and bookings, showing analytics in your dashboard, providing support, preventing abuse, and keeping the service reliable and secure. We do not sell your data and we do not use it for third-party advertising.

To generate replies, the text of an incoming message and the relevant excerpts from your knowledge base are sent to our AI provider — Google Gemini — over an encrypted connection. Only what is necessary to produce the reply is transmitted, and the data is not used to train third-party models.

We share data only with the processors required to run the service:

• Meta (Instagram) — receiving and sending Instagram messages through official APIs;
• Telegram — receiving and sending Telegram bot messages;
• Google Gemini — AI reply generation;
• Supabase — managed PostgreSQL database hosting on secured infrastructure;
• Paddle — payment processing and subscription management (Merchant of Record).

All transfers happen over SSL/TLS connections. We never sell personal data to third parties.

Subscription payments are processed by Paddle, acting as the Merchant of Record. Card details are collected and processed by Paddle and never reach our servers — we store only service information about your subscription (plan, status, billing period and subscription identifier). Refunds are described in our Refund Policy.

We use a small set of cookies that are strictly necessary to run the service: authentication session cookies, your language preference, and cookies set by the Paddle checkout. We do not use advertising or cross-site tracking cookies. The full list and management options are in our Cookie Policy.

We keep your data for as long as your account is active. You can delete your account at any time in Dashboard → Account → Danger zone. Access is closed immediately, your bots stop, any active subscription is cancelled, and all data — conversation history, leads, settings and knowledge base — is irreversibly deleted from our servers within 7 days.

Detailed instructions, including for end users who messaged a business via Instagram or Telegram, are on the Data Deletion page.

Depending on your jurisdiction (including the GDPR if you are in the EU/EEA or UK), you have the right to:

• access the personal data we hold about you;
• correct inaccurate data;
• request deletion of your data;
• receive a copy of your data in a portable format;
• object to or restrict certain processing;
• lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@ormiar.com. We respond within 30 days.

Questions about data processing and security: