Privacy Policy

Effective date: [DATE] — Last updated: [DATE]

The short version: Your conversations, goals, and personal data are stored in your private iCloud account. We cannot read them. Conversation content is sent to our AI provider only during active chats, and is not stored by them. We collect anonymous analytics to improve the app. We will never sell your data.

1. Who We Are

Ora is developed and operated by [YOUR COMPANY NAME] ("[we]", "[us]", "[our]"). Ora is a personal coaching app that helps you set intentions and follow through across three areas of your life: Mind (work and focus), Body (health and fitness), and Soul (relationships and personal growth).

If you have any questions about this policy, you can reach us at privacy@ora-app.com.

2. What Data We Collect

We collect only what is necessary to provide the service. Here is everything, with nothing left out:

Data	Purpose	Where it's stored
Email address	Account creation and login (OTP verification)	Apple iCloud (CloudKit private database)
Phone number (optional)	Account recovery backup, if you choose to add one	Apple iCloud (CloudKit private database)
First name	Personalisation (Ora addresses you by name)	Apple iCloud (CloudKit private database)
Conversations	Your chat messages with Ora across all three pillars	Apple iCloud (CloudKit private database)
Intentions and goals	Things you commit to doing, and whether you completed them	Apple iCloud (CloudKit private database)
Check-in preferences	Your preferred check-in times for each pillar	Apple iCloud (CloudKit private database)
Anonymous usage analytics	Understanding how the app is used (which features, where people get stuck)	TelemetryDeck (EU-hosted, no personal identifiers)
Subscription status	Managing your subscription through Apple's App Store	Apple (managed entirely by Apple's StoreKit)

What we do NOT collect

We do not collect your location
We do not collect advertising identifiers (IDFA)
We do not track you across other apps or websites
We do not collect contacts, photos, or any data from other apps on your device
We do not use cookies (Ora is a native iOS app)
We do not build advertising profiles

3. Where Your Data Lives

Apple iCloud (CloudKit Private Database)

The majority of your data — your profile, conversations, intentions, and goals — is stored in Apple's CloudKit private database. This is your personal iCloud storage. The data is encrypted in transit and at rest by Apple. We do not have access to read your conversations, goals, or personal information stored in CloudKit. This data syncs across your Apple devices using your iCloud account and is subject to Apple's Privacy Policy.

On your device

Some data is processed and stored locally on your iPhone, including your notification preferences, biometric authentication settings, and cached conversation data. If you enable Apple's Foundation Models features, on-device AI processing happens entirely on your phone and no data is sent to any server.

4. When Your Data Leaves Your Device

Your data is sent to external services in only two situations:

Situation 1: When you actively chat with Ora

When you send a message in a conversation, the content of that conversation (your messages and Ora's responses) is sent to our server, which forwards it to Anthropic's Claude AI to generate Ora's reply. This is the core of how the app works — Ora's coaching responses are generated by an AI language model.

What is sent: The current conversation (typically the last 20 messages in that pillar), your first name, and your stated goals. This is the minimum context needed for Ora to respond helpfully.

What happens to this data at Anthropic:

It is used solely to generate Ora's response to your message
Anthropic does not use your conversations to train their AI models (per their API data policy)
Anthropic does not store your conversation content after generating the response
Our server (hosted on Cloudflare Workers) does not store your conversation content — it passes the request through and returns the response

When data is NOT sent: Browsing the home screen, viewing your progress, changing settings, receiving notifications, and all on-device AI features (notification text generation) happen without any data leaving your device.

Situation 2: Sending you a verification code

When you sign up or log in with email, we send a one-time verification code to your email address through Amazon Simple Email Service (SES). Your email address is shared with this service solely for the purpose of delivering the code. If you add a phone number, a verification SMS may be sent through Amazon Simple Notification Service (SNS). These services process your contact information only to deliver the message and are subject to Amazon Web Services' data processing terms.

5. Analytics

We use TelemetryDeck for anonymous usage analytics. TelemetryDeck is a privacy-first analytics service hosted in the European Union.

What TelemetryDeck collects:

Anonymous event signals (for example: "a user opened the Mind channel" or "a user completed an intention")
Device type and iOS version (for compatibility purposes)
App version

What TelemetryDeck does NOT collect:

No names, email addresses, or phone numbers
No conversation content
No advertising identifiers
No data that can identify you personally

TelemetryDeck generates a hashed, anonymous identifier that cannot be reversed to identify you. Because no personally identifiable information is collected, this analytics does not require tracking consent under GDPR or Apple's App Tracking Transparency framework. You will never see a tracking permission popup from Ora.

6. Subscriptions and Payments

Ora is a paid subscription app. All payments are handled entirely by Apple through the App Store. We do not collect, process, or store any payment information including credit card numbers, billing addresses, or Apple ID credentials. Your subscription status is managed by Apple's StoreKit framework. For details on how Apple handles payment data, see Apple's Privacy Policy.

7. Data Retention

Your conversations, intentions, and profile data remain in your iCloud account for as long as you use Ora. If you delete the app, your iCloud data remains in your Apple account (as with any iCloud-synced app). You can delete your data at any time:

Delete individual conversations: Within the app (feature coming in a future update)
Delete your entire account and all associated data: In Settings within the app, or by contacting us at privacy@ora-app.com
Delete iCloud data directly: Through your iPhone's Settings → [Your Name] → iCloud → Manage Storage

Anonymous analytics data in TelemetryDeck cannot be linked back to you and is retained in aggregate form.

8. Third-Party Services

Ora uses the following third-party services. Each has its own privacy policy:

Service	Purpose	Data shared	Privacy policy
Anthropic (Claude)	AI conversation generation	Conversation content during active chats	Link
Apple (iCloud / CloudKit)	Data storage and sync	All user data (encrypted, in your private account)	Link
Apple (StoreKit)	Subscription payments	None from us — Apple manages this directly	Link
TelemetryDeck	Anonymous analytics	Anonymous event signals only, no PII	Link
Cloudflare	Server hosting (API proxy)	Conversation requests pass through (not stored)	Link
Amazon SES	Email delivery (OTP codes)	Email address (for delivery only)	Link
Amazon SNS	SMS delivery (OTP codes, if phone added)	Phone number (for delivery only)	Link

We do not sell, rent, or share your personal data with any other third parties. We do not work with data brokers. We do not serve advertisements.

9. Security

We take the following measures to protect your data:

Encryption in transit: All data sent between your device and our servers uses HTTPS/TLS encryption
Encryption at rest: Your iCloud data is encrypted by Apple
Device attestation: We use Apple's App Attest to verify that requests come from a genuine copy of Ora running on a real Apple device
No stored API keys on device: AI service credentials are kept on our server and never included in the app
Rate limiting: Our server limits the number of requests per user to prevent abuse
Biometric protection: If you enable Face ID or Touch ID, the app is locked when not in use
Passkey support: You can sign in with a passkey stored in your device's secure enclave, replacing traditional passwords entirely

No system is perfectly secure. If we discover a data breach that affects your personal information, we will notify affected users as soon as reasonably possible and take steps to mitigate the impact.

10. Your Rights

Regardless of where you live, you have the following rights:

Access: You can view all your data within the app at any time. Your conversations, intentions, and progress are always visible to you.
Correction: You can update your name, email, and phone number in Settings.
Deletion: You can request deletion of your account and all associated data. Contact privacy@ora-app.com and we will process your request within 30 days.
Portability: You can request an export of your data. Contact us and we will provide your data in a standard format.
Objection: You can disable analytics by contacting us (though analytics are already anonymous and contain no personal data).

For users in the European Economic Area (EEA)

Under the General Data Protection Regulation (GDPR), our legal basis for processing your personal data is:

Contract performance (Article 6(1)(b)): Processing your email, name, and conversation data is necessary to provide the Ora coaching service you subscribed to.
Legitimate interest (Article 6(1)(f)): Anonymous analytics to improve the app, where no personal data is collected.

We do not rely on consent as a legal basis for core processing, because the data processing is necessary to deliver the service. You can withdraw from the service at any time by cancelling your subscription and deleting your account.

Our analytics provider (TelemetryDeck) is hosted in the European Union. Conversation data processed by Anthropic may be processed in the United States, under Anthropic's data processing terms.

For users in California

Under the California Consumer Privacy Act (CCPA), you have the right to know what data we collect, request its deletion, and opt out of any sale. We do not sell personal information. The categories of data we collect are detailed in Section 2 above.

11. Children's Privacy

Ora is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@ora-app.com and we will delete that data.

12. Ora Is Not a Healthcare Provider

Ora is an AI-powered personal coaching tool. It is not a medical device, therapy service, or healthcare provider. Ora does not diagnose conditions, prescribe treatments, or provide medical, psychological, or financial advice. If you are experiencing a mental health crisis, please contact a qualified professional or your local emergency services.

13. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you through the app or by email before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

We will not reduce your rights under this policy without your explicit consent.

14. Contact Us

If you have questions, concerns, or requests regarding your privacy or this policy:

Email: privacy@ora-app.com
Address: [YOUR COMPANY ADDRESS]

We aim to respond to all privacy-related enquiries within 14 days.