You are uploading the most intimate record of your life — your music, your photos, your messages, your memories. We take that trust seriously. Your data never leaves Ori. Ever. Here is exactly how we protect it.
All data is encrypted at rest and in transit. Every connection to Ori uses HTTPS. Your data is unreadable to anyone who intercepts it.
Your data is locked to your account at the database level. It is technically impossible for another user to access your data — even if they tried.
We never store your password in plain text. Your password is hashed using industry standard cryptography before it ever touches our database.
Your session expires automatically after a period of inactivity. If you leave Ori open on a shared device you are protected.
Your photos and files are stored in a private bucket with your unique user ID. No one else can access your storage — not other users, not Ori staff.
Ori runs on Supabase and Vercel — both SOC 2 compliant infrastructure providers with independent security audits and certifications.
The promise that never changes: Your data never leaves Ori. We do not sell it. We do not share it. We do not use it to train AI models. The only thing your data does is power your personal experience inside Ori. That is it. That is everything.
We enforce strong passwords to protect your most personal data. Every Ori account requires a password that meets all of these standards:
Every Ori password must include all of the following:
We recommend using a password manager to generate and store a strong unique password for your Ori account. Never reuse a password from another service.
Two factor authentication adds a second layer of protection to your account. Even if someone has your password they cannot access your Ori account without also having your second factor.
Use Google Authenticator, Authy or 1Password to generate a time-based one-time code when you sign in. This is the most secure option.
On supported devices use Face ID or fingerprint to sign in quickly and securely. Your biometric data never leaves your device.
You can enable two factor authentication in your profile settings. We strongly recommend all Ori users enable 2FA given the sensitivity of the personal data stored in your account.
Ori uses Anthropic's Claude AI to generate your personal feed, search responses and insights. When you use Ori relevant portions of your data are sent to the Anthropic API to generate your content. We send only the minimum data required.
Anthropic does not use API data to train their models. Your data is processed and discarded — it is not stored by Anthropic beyond the immediate processing of your request.
No other AI service, analytics platform or third party ever receives your data.
When you upload messages from WhatsApp, Facebook, or Instagram, you are also uploading conversations that include other people. Ori processes this data only to generate insights about your own life — your communication patterns, your relationships, and how they changed over time. We never share this data with anyone and only you can access it.
However, we encourage all Ori users to be thoughtful about message uploads. The people you have messaged have not consented to their words being processed by an AI. Use your judgment about which conversations to include. Ori is designed to help you understand your own story — not to analyse or expose others.
If you discover a security vulnerability or believe your account has been compromised please contact us immediately at security@helloori.ai. We take all security reports seriously and will respond within 24 hours.
Please do not publicly disclose security vulnerabilities before contacting us. We are committed to working with anyone who reports issues responsibly.