Last updated: February 21, 2026
Orckai ("we", "us", or "our") operates the Orckai platform at orckai.app and the website at orckai.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and website.
Account Information: When you create an account, we collect your name, email address, organization name, and password (stored as a bcrypt hash).
Usage Data: We collect information about how you use the platform, including workflow executions, agent interactions, API calls, and feature usage. This data is used to improve the service and provide usage analytics.
Documents & Data You Upload: When you upload documents to Knowledge Bases or process files through workflows, that content is stored in your organization's isolated storage. We do not access, read, or use your uploaded content for any purpose other than providing the service to you.
Technical Data: We collect IP addresses, browser type, device information, and access timestamps for security and audit logging purposes.
Payment Information: If you subscribe to a paid plan, payment processing is handled by our third-party payment processor. We do not store credit card numbers on our servers.
We use the information we collect to:
Orckai is built with multi-tenant data isolation. Each organization's data is fully isolated using row-level security in PostgreSQL. Your documents, workflows, agents, and all associated data are scoped to your organization and cannot be accessed by other tenants.
Managed SaaS (orckai.app): When you use our managed cloud service, your data is stored on our infrastructure with full multi-tenant isolation. This privacy policy applies to our hosted service.
Self-Hosted: If you deploy Orckai on your own infrastructure, all data remains entirely on your servers. We have no access to your self-hosted instance, its data, or its usage.
When you use AI agents or workflows, prompts and responses are sent to the LLM provider you configure (e.g., Anthropic, OpenAI). These requests are made using your own API keys. We do not store LLM conversation content beyond what is needed for execution history and debugging. Please review the privacy policies of your chosen LLM providers for their data handling practices.
We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:
We retain your account data for as long as your account is active. Workflow execution logs are retained for 90 days by default. You can request deletion of your account and associated data at any time by contacting us. Upon deletion, we remove your data within 30 days, except where retention is required by law.
We implement industry-standard security measures including:
Depending on your jurisdiction, you may have the right to:
To exercise these rights, contact us at privacy@orckai.com.
Our platform uses essential cookies for authentication (JWT tokens) and session management. We do not use third-party advertising or tracking cookies. Our website may use analytics cookies to understand traffic patterns. You can disable cookies in your browser settings.
Orckai is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
If you access Orckai from outside the country where our servers are located, your data may be transferred across borders. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, contact us at: