Privacy Policy

Privacy policies aren't riveting reading; however, they are important. At Orienne, we work with very personal information — your developmental responses, your reports, your reflections. We take that responsibility seriously.

This Privacy Policy is written to be as clear and as easy to understand as possible. You should read the entire document, but here are the key points:

• Orienne is a clinical developmental assessment service operated by Christa Diaz Consulting, LLC. We are sustained by client engagements, not by advertising.
• We use the information you provide to deliver and score your assessment, generate your report, communicate with you, and run the day-to-day work of a small practice.
• We do not sell your data, and we do not share it for targeted advertising. Your assessment responses and reports are private clinical material.
• We honor requests to exercise your privacy rights — access, correction, deletion, portability. See Your Rights and Choices below for how to make a request.
• Orienne is a brand and DBA of Christa Diaz Consulting, LLC — not a separate legal entity. The service you experience as Orienne is built on Tessera, the underlying assessment platform also operated by the LLC. References to “Orienne” in this Policy include the Tessera infrastructure that powers it; all data-protection responsibilities sit with Christa Diaz Consulting, LLC.

The rest of this is a legal document. Section summaries should make it easier to follow, but we encourage you to read it in full.

Overview

This Privacy Policy (the “Policy”) describes the data protection practices of Orienne, operated by Christa Diaz Consulting, LLC (“we,” “us,” or “our”). Orienne and Tessera are brands of Christa Diaz Consulting, LLC; neither is a separate legal entity, and all data-protection obligations described in this Policy sit with the LLC. The Policy applies to the orienne.com website, the assessment platform you interact with after submitting an inquiry, the Tessera infrastructure that scores your assessment and generates your report, and any related online or offline engagement you have with us (collectively, the “Services”).

This Policy does not cover other activities of Christa Diaz Consulting, LLC that are conducted outside the Orienne brand and the Tessera platform. Those activities are operated separately and are governed by their own privacy practices.

Territorial scope. The Services are operated from the United States and are intended for users in the United States. We do not target, market to, or solicit users in the European Union, the European Economic Area, the United Kingdom, or Switzerland: we do not name those markets in our copy, do not designate prices in non-U.S. currency, do not use a country-code top-level domain for those territories, do not deliver or bill to addresses there, do not run paid advertising geo-targeted to those territories, and do not monitor the behaviour of users located there. If you are located outside the United States and choose to use the Services, you do so at your own initiative and on the same basis as a user in the United States; your information will be transferred to, processed, and stored in the United States. To the extent any non-U.S. data-protection law is determined to apply to your use of the Services, write to privacy@orienne.com.

We may change this Policy from time to time. We will make the revised Policy accessible through the Services, so you should review it periodically. You can tell whether the Policy has changed since you last reviewed it by checking the “Last Modified” date at the top. If we make a material change, we will provide notice in accordance with legal requirements. By continuing to use the Services, you confirm that you have read and understood the latest version of this Policy.

If you have any questions or concerns about this Policy, please contact us at privacy@orienne.com.

Table of Contents

1. Collection, Use, and Disclosure of Information
2. Data Retention
3. Third-Party Services and Integrations
4. Children’s Privacy
5. Your Rights and Choices
6. State-Specific Information
7. Transfers to the United States
8. Contact Us
9. Further Reading and Security Posture

1. Collection, Use, and Disclosure of Information

Summary: The information collected as you correspond with us or use the Services is used to contact you, fulfill our agreements with you, and perform routine business activities and operations, including marketing. The following sub-sections detail the types of information collected, how and why we collect, protect, use, and disclose it.

Categories of Information We Collect

The type of personal information we collect from you depends on how you interact with or use the Services. We collect information about you — including information that directly or indirectly identifies you — through your use of Orienne. We do so:

• When you provide the information by filling out forms or otherwise providing it through the Services (for example, the inquiry form on orienne.com or fields within the assessment platform);
• When you create, complete, or update your assessment, dashboard, components, or report — or when we connect to systems on your behalf to retrieve data, or you provide other data within the platform (collectively, “Orienne Data”);
• When you upload photos, audio, transcripts, or other artifacts to your account;
• Automatically (through cookies and similar tools) when you browse our website or interact with our marketing communications, including on social platforms;
• When you attend events, workshops, or participate in programs;
• Via security and bot-detection tools (such as Cloudflare Turnstile) to help protect your account and our systems from fraudulent or unauthorized access;
• When you correspond with us by email or chat to receive customer support;
• If you apply to and/or participate in an Orienne cohort, certification program, or community space; and
• If you apply to any open positions with us. Data you provide as part of your candidacy is governed by a separate Applicant Privacy Policy.

This includes:

• Information you provide by filling in forms on the Services, including information provided at the time of submitting an inquiry, registering for the assessment platform, requesting a consult, completing surveys, providing feedback, contacting or engaging with us on our social channels, or otherwise contacting us. When you use an identity provider (for example, Google or another OAuth login) to access the Services, we also receive the email address associated with that account. If you participate as part of an organization’s Plan (as defined below), we may collect information associated with your use of the Plan (e.g., work email address and the date you joined).
• Your IP address and the approximate geographic region (city/state level) derived from it.
• Your billing address (including postal code) when you make a purchase.
• Your assessment responses, the resulting developmental fingerprint, and the report we generate from it. These are private clinical materials.
• Photos, audio, transcripts, and their associated metadata that you choose to upload to your account or attach to assessment work. Where you participate in an audio or video session, recordings of that session and associated metadata. These features are optional. By choosing to upload such artifacts, you consent to our collection and processing of them; you can withdraw consent by deleting the artifacts. Photo-related data may include image files and their content; embedded metadata such as timestamps, device information, photo orientation, and camera settings; and any personal information visible in the photos, including likenesses or anything else captured.
• Your communications with us (including email addresses other than the one used to establish your account), if you contact us.
• Details of transactions you carry out through the Services, such as records of when you purchase an assessment, book a consult, enroll in a cohort, or subscribe to a Plan. You may be required to provide billing information before placing an order through the Services.
• To provide you with customer support or service offerings, including responding to and resolving your inquiries and requests via email or chat. We may use AI-assisted tools, including assistants provided by third-party service providers, to help with initial responses, perform specific actions on your behalf with your consent, and connect you with human support specialists. When you request assistance from our customer support team, you may permit a support representative to review data from your account, including private data, for the sole purpose of facilitating technical implementation of the Services. When asked to do so by you, our support representative may use that data on your behalf in interactions with third-party vendors.
• Technical and usage information when you use the Services or interact with our marketing communications and our website. This information includes IP address, approximate geographic region of the device, browser type, browser language, date and time of your request, time(s) of your visit(s), error logs and other system activity, online browsing-behavior data, other information that allows us to analyze how the Services are used, and other information that allows us to troubleshoot errors or bugs in our Services.
• If you apply to and/or participate in an Orienne cohort or certification program, we collect additional categories of information used to evaluate your application and determine eligibility, administer the program, facilitate interaction among participants, communicate with you, and improve the program’s content, structure, and delivery. This may include application information (your name, email address, mailing address, professional background and/or work history, responses to application questions, cohorts you have applied to previously, and the cohort you are selected for, if applicable), pre-assessment results (responses to and scores on Orienne assessments), invoice information via payment service providers, course-participation data (such as attendance data, course progress, community posts and interactions, practice-session completion records, and final results), and recordings from live cohort sessions (which may include your likeness and/or voice, if you come on camera and/or unmute to participate). We may record cohort sessions for other participants who are unable to attend live or want to watch again, and retain the recording for 21 days. If you do not wish to be recorded, you may disable your camera and microphone.
• If you participate in a live Orienne workshop, we collect registration data (including names and email addresses), session date and time, and the names of attendees. The workshop may be recorded and saved in our on-demand library for 21 days. We record our workshops so that participants can reference them later, and so those who register but miss the live session can still watch. During such workshops, if you participate by unmuting your microphone to speak or ask a question, or if you participate in chat, your voice and/or the display name you use will be part of the saved recording. If you prefer not to be recorded, you can watch the recording after the live session ends.

In some cases, we will tell you when we need to collect certain information to provide you with a particular service (for example, we may need certain information to access your Orienne account so our support team can help you troubleshoot an issue). If you choose not to provide such information, we may not be able to provide the services you have requested.

Sources of Information

We collect most of the information referred to above from you directly. However, we may also collect information about you from the following third-party sources:

• Data vendors, which provide access to certain information about the public. Orienne will obtain your consent before collecting information from these providers;
• Other users of the Services, for instance in relation to a referral program or shared cohort participation;
• Advertising networks and partners;
• Account security providers;
• Analytics providers; and
• Social media sites.

Cookies, Online Analytics, and Advertising

Analytics tools. We may use third-party analytics services as well as self-hosted data-collection services on our Services to collect and analyze usage information through cookies and similar tools (such as the pages most read, time spent, search terms, other engagement data, session recordings, heatmaps, and user interactions such as clicks, scrolls, and mouse movements); to improve and fix broken features; to engage in auditing, research, or reporting; to assist with fraud prevention; and to provide certain features to you. Sensitive information, such as form-field entries, is automatically masked in session recordings and cannot be traced back to you.

Orienne does not currently deploy any third-party product-analytics tool, behavioural-tracking pixel, or session-replay tool on the Services. We are deploying Plausible Community Edition, a privacy-respecting, self-hosted analytics platform, as our primary product-analytics tool. Plausible does not use cookies for measurement, does not collect personal data, does not produce a persistent identifier for any visitor, does not track individuals across sites, and does not share data with third parties. It produces aggregate usage metrics only. If we incorporate any additional analytics tool that does use cookies or that is operated by a third party, we will disclose it in our Cookie Policy and surface a notice before activating it.

Usage information of our Services is collected to compile statistical data in order to develop new and improved Services and marketing, identify popular features, and provide you content that is of interest to you.

If you receive email from us, we may use certain analytics tools, such as tracking pixels, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

Advertising. Orienne does not share device identifiers, hashed email addresses, or other personal identifiers with advertising networks for retargeting, audience matching, or cross-context behavioral advertising. We do not install third-party retargeting pixels on the Services. When we run brand advertising on platforms such as LinkedIn, Meta, or Google, we do so through audience targeting handled on the platform’s side — we do not export your personal information from the Services to those platforms, and we do not allow them to track you across our pages.

Cookies. Cookies and similar technologies may be set by us for essential functionality (such as session security, CSRF protection, and Cloudflare security verification). We do not install third-party advertising, retargeting, or audience-matching cookies on the Services. If you encounter cookies set by third-party websites you reach by following links from the Services, the use of those cookies is governed by those third parties’ privacy policies and is independent of Orienne. For details on the cookies we set, please read our Cookie Policy.

We may combine the information collected through cookies with other information we collect about you.

Purposes for Which We Process Information

We process personal information only for the purposes described above. The categorical justifications are:

• To deliver the Services you request — to honor the agreement formed when you create an account, submit an inquiry, purchase an assessment, or enroll in a program.
• To operate the business — to secure and improve the Services; to provide customer service; to perform internal analytics; to conduct lawful marketing; to protect against fraud and abuse; to support corporate transactions such as a merger or sale.
• To meet legal obligations — including obligations owed to tax, regulatory, and compliance authorities.
• With your consent — where we explicitly ask for your consent for a specific purpose. You may withdraw that consent at any time, without affecting the lawfulness of prior processing.

Disclosure of Information

We disclose data to fulfill the purposes for which you provide it; to enforce or apply our Terms of Service, including billing. We may disclose or transfer information that we collect or you provide with:

• Service Providers. These parties help us provide the Services or perform business functions on our behalf. They include:
  • Hosting, technology, and communication providers.
  • Security and fraud-prevention providers and consultants. These parties assist us with fraud detection, risk analysis, and account security services.
  • Support and customer-service vendors. These vendors help us provide timely support to our customers. Any AI assistant or chatbot vendor we use will process your data according to our instructions and will not train AI models on your personal or clinical data. You can always choose to work directly with our human support team instead.
• Analytics Partners. These parties provide analytics on web traffic or usage of the Services. Our primary analytics tool, Plausible Community Edition, is self-hosted and does not transmit your data to a third-party analytics partner. If we engage any additional analytics provider, we will disclose it and, where required, request your consent first.
• Our Payment Processors to process and manage your payment for the Services.
• Service Integrations, but only with your consent. By utilizing these integrations, you acknowledge that the terms of the respective privacy policies of these providers (for example, Stripe, identity providers used for “Login with Google” or other OAuth, and similar services) will apply to your use of their services.
• A buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about users of the Services is among the assets transferred.
• Other users you authorize. For example, when you use a shared workspace, group account, or cohort space within the Services, you authorize us to share data within that workspace or space — including any artifacts you upload (which may include images of personal documents, voice recordings, transcripts, or other materials) — with the other authorized members. Members of your workspace or cohort may view certain information about you, including the workspaces or spaces you own or have access to, your first name, and email address.
• Orienne Partner. If you elect to participate in the Services through a business or other organization (“Partner”) as part of a Partner’s plan (“Plan”) — for example, when an employer, clinic, or training institution provides Orienne as a benefit — then we will share certain information, such as name, email address, and the date you joined the Services, with that Partner. If a Plan has 10 or more users, we may also provide the Partner with aggregated, anonymized data about the number of Plan users who access Orienne each month and how users are interacting with the Services.
• Cohort and Certification Program Participants. If you elect to participate in an Orienne cohort or certification program, certain information about you (such as your name and contact information, any participation in the online community space, and your likeness and/or voice if you participate in live, recorded course sessions) will be shared with other participants in your cohort. You should not share sensitive personal information during live sessions or in the community space unless you are comfortable with other participants having access to it.

We may also disclose your information:

• To comply with valid court orders, laws, or legal processes that we are legally obligated to comply with, including to respond to any valid government or regulatory request.
• To enforce or apply our Terms of Service or terms of sale and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Orienne, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit-risk reduction.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

Deidentified and Aggregated Data

We may de-identify and aggregate information collected in such a way that the information cannot reasonably be linked to you or your device. We may use such de-identified or aggregated data for any purposes (including testing our IT systems, research, data analysis, improving the Services, and developing new offerings and features) and may disclose it to our service providers. When we de-identify and aggregate non-Orienne Data, we may disclose such data to any third parties, including advertisers, promotional partners, and others.

Automated Decision-Making, Profiling, and Artificial Intelligence

We do not use solely automated decision-making, including profiling, in a way that produces legal effects or similarly significant effects concerning you.

Orienne uses artificial intelligence and algorithmic logic as part of the assessment pipeline and to enhance your experience. We may use AI and algorithmic methods to:

• Process your assessment responses to produce your developmental fingerprint and report;
• Generate parts of the narrative content in your report;
• Categorize and route customer-support inquiries; and
• Improve our Services, identify patterns in aggregate usage, and develop new features.

For our consult-led services, a qualified clinician reviews the output and discusses the interpretation with you before any final clinical recommendation is delivered. We retain operational records sufficient to support clinical review and to respond to questions you may raise about your report.

These functions are designed to assist and enhance your experience but do not make automated decisions that affect your rights, legal status, or account standing without human involvement.

If this policy ever changes and we begin to use automated decision-making that has a significant effect on individuals, we will inform you and update this policy accordingly, including information about the logic involved and the consequences of such processing.

Where applicable law gives you the right to object to particular processing of your personal information, or to request human intervention in respect of automated processing, you may exercise that right by contacting us at privacy@orienne.com. We will evaluate any such request in good faith, balancing it against any compelling grounds we may have for the processing and any need to establish, exercise, or defend legal claims.

Certified Coaching Program

Coaching Directory. Upon certification, certified coaches may be listed in the publicly accessible Orienne Coaching Directory. Information displayed in the Directory may include the certified coach’s name, photograph, biography, geographic location, website, and contact information, as provided by that individual. Listing in the Directory is voluntary. Certified Coaches may request removal from the Directory at any time by contacting us at privacy@orienne.com. Please note that information published in the Directory while your listing was active may have been accessed or cached by third parties, and we cannot control third-party use of information that was publicly available.

Certified Coaches and Their Clients. Orienne Certified Coaches are independent professionals and are not employees, agents, or representatives of Orienne or Christa Diaz Consulting, LLC. When a Certified Coach provides coaching services to their own clients, Orienne does not collect, control, or process the personal information exchanged between the coach and their clients. Certified Coaches are solely responsible for their own data collection and privacy practices. If you receive coaching services from an Orienne Certified Coach, any questions about how that coach handles your personal information should be directed to the coach.

2. Data Retention

Generally speaking, we retain your information as necessary to provide the Services and to fulfill the transactions you have requested, and for other necessary purposes such as complying with our legal obligations, resolving disputes, enforcing our agreements, and for fraud prevention and related security purposes. In determining how long to retain information, we consider the nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, how long an account has been inactive, and applicable legal requirements.

More specifically:

• We retain the majority of your account data — including your assessment responses, fingerprint, and report — for the duration of your engagement with us plus an archival period of up to 24 months after your account becomes inactive, unless you delete your account as described below. Where an ongoing clinical relationship justifies longer retention (for example, longitudinal assessment over years), we retain the data for as long as that relationship continues.
• Inquiry records (forms submitted on orienne.com, contact correspondence) are retained for up to 3 years for business-correspondence purposes.
• We retain conversations with our support specialists for up to 3 years, or longer where required to comply with legal or regulatory obligations. We retain these conversations so our team can reference your support history and previous issues to provide faster, more effective, and personalized assistance.
• We may retain anonymized data (data that has been processed so it can no longer be linked to you, your account, or your device) for longer periods for internal business and research purposes.
• If you participate in any live training sessions, whether through our Certification Program or through our free workshops, those recordings are automatically deleted after 21 days.
• Cookie consent records are retained for 3 years to demonstrate the basis on which we processed your data during that period.
• After deletion, we may retain your email address to confirm deletion of associated data.
• Notwithstanding the above, we may retain information as long as necessary to comply with our legal and regulatory obligations or in connection with any legal proceedings.

Note that you can request deletion of your information at any time by following the steps in the Your Rights and Choices section of this Policy.

3. Third-Party Services and Integrations

Service Providers We Engage

We use a limited number of third-party service providers to operate the platform. Each processes data only as necessary to provide its services and under contract with us:

• Cloudflare — content-delivery network, DDoS protection, and Turnstile (bot detection). Privacy policy
• Resend — transactional email delivery. Privacy policy
• Supabase — database and authentication infrastructure. Privacy policy
• Railway — application hosting. Privacy policy
• Stripe — payment processing. Privacy policy

If we add, replace, or change a service provider, we will update this Policy.

Third-Party Apps that Integrate with Orienne

When you choose to use third-party apps (such as OAuth apps based on our API), plug-ins, or websites that integrate with the Services, they may receive your information and content, including your personal data, photos, transcripts, and activity data. Information collected by these third parties is subject to their terms and policies. Orienne is not responsible for the terms or policies of third parties, so we urge you to review their privacy and security policies prior to use.

Orienne Applications on Third-Party Platforms

We may make Orienne content and tools available through applications on third-party platforms, such as AI assistants or chatbots. You will only interact with these applications if you affirmatively choose to do so on the third-party platform (for example, by selecting or enabling an Orienne application within that platform). Some of these applications may require you to log into your Orienne account, while others may be used without authentication.

When you interact with an Orienne application on a third-party platform:

• Information we receive. We may receive the queries or prompts you submit to the application, along with technical information typically shared when you interact with an online service, such as your IP address, approximate location, device type, and usage data. If you log into your Orienne account through the application, we may also receive information associated with your account.
• How we use this information. We use this information to respond to your queries, provide relevant Orienne content and functionality, improve our applications and services, and for analytics purposes. If you click a link to visit Orienne’s website, we may use tracking parameters (such as UTM codes) to understand how you found us.
• Third-party platform policies. Your use of the third-party platform is governed by that platform’s terms and privacy policy. We encourage you to review those policies.

4. Children’s Privacy

The Services, when accessed directly by an individual, are not intended for anyone under 18. They are in no event intended for children under 13. We do not knowingly collect personal information from children under 13 through direct access to the Services; where the law of your residence sets a higher minimum age for the collection of a minor’s personal information, we will honor that higher age. If you are under the applicable age, do not use or provide any information on the Services or through any of its features, register for the Services, make any purchases through the Services, or provide any information about yourself to us. If we learn we have collected personal information from a child below the applicable threshold through direct access, we will delete that information. If you believe we might have any such information, please contact us at privacy@orienne.com.

Pediatric Clinical Assessments Through a Clinician

Tessera, the assessment platform that powers Orienne, supports pediatric clinical assessment when used by a qualified clinician with their patient. In that flow, the clinician is responsible for obtaining the parent’s or legal guardian’s consent before any minor’s data is entered into the platform, and the clinician is the data controller for that pediatric data. Orienne acts as a data processor on the clinician’s behalf and processes pediatric information only as instructed by the clinician under our Data Processing Agreement. This Policy describes Orienne’s direct relationship with you; it does not govern the clinical engagement between a minor’s family and the clinician using Tessera. Questions about how a clinician handles a minor’s data should be directed to that clinician.

5. Your Rights and Choices

Summary: All users have certain rights, for instance in relation to marketing communications and interactions on their mobile devices. Depending on your jurisdiction, you may also have the right to make certain requests regarding your personal information, including the ability to access, correct, or delete certain personal information and to opt out of certain uses of your personal information. Those rights are outlined below, including information about how to exercise them. If there is any conflict between this section and other areas of this Policy, the portion that protects your personal information the most will be followed. If you are a resident of a U.S. state that has state-specific privacy laws, please also see State-Specific Information for additional disclosures about our practices and more information about your rights.

Rights Regarding Your Information

Depending on your jurisdiction, you may have the right to make certain requests regarding your “personal information” or “personal data” (as such terms are defined under applicable law, and collectively referred to herein as “personal information”). Specifically, you may have the right to ask us to:

• Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we disclose personal information.
• Provide you access to and/or a copy of certain personal information we hold about you.
• Correct or update personal information we hold about you.
• Delete certain personal information we have about you.
• Provide you with information about the financial incentives that we offer to you, if any.
• Receive certain personal information you have provided to us in a structured, commonly used, machine-readable format, and request that we transmit such information to another controller where technically feasible (data portability).

As provided in applicable law, you also have the right not to be discriminated against for exercising your rights.

You may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising” as described below. If you are a resident of a state within the United States with a state-specific privacy law, please also see State-Specific Information for more information about our privacy practices and your rights.

Please note that certain information may be exempt from such requests under applicable law. For example, we need to retain certain information in order to provide our Services to you. We also need to take reasonable steps to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name and email address. Depending on your jurisdiction, you may be permitted to designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request. If you would like further information regarding your legal rights or would like to exercise any of them, please email us at privacy@orienne.com.

You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

Depending on applicable law, you may have the right to appeal our decision to deny your request, if applicable. If we deny your request, we will provide you with information on how to appeal the decision in our communications with you. To exercise such an appeal right, email us at privacy@orienne.com.

Marketing Communications

You can unsubscribe from our marketing emails via the unsubscribe link provided in the emails. Where applicable law provides you with the right to object to the processing of your personal data for direct marketing purposes, you may exercise that right at any time, and we will cease processing your personal data for such purposes promptly following your request. Please note that it may take us some time, consistent with our legal obligations, to process your request. Even if you opt out from receiving marketing messages from us, you will continue to receive administrative messages from us, such as order confirmations, updates to our policies and practices, or other communications regarding our relationship or transactions with you.

Mobile Devices

If and when Orienne offers mobile applications, we may send you push notifications through those applications. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. If you have granted us permission to collect your precise GPS location information through a mobile application and you no longer wish for us and our service providers to collect and use such information, you may disable the location features on your device through the device’s operating system settings. Please note that if you disable such features, you may not be able to access or receive some or all of the services, content, and/or features made available via the Services.

Notice Regarding Sales of Personal Information and Sharing for Targeted Advertising

Some state privacy laws define “selling” personal information broadly and define “sharing” or “processing” personal information for targeted advertising in ways that include common marketing activities such as installing third-party retargeting pixels or sharing hashed email addresses with ad networks for audience matching. We want to be clear:

• Orienne does not sell personal information for monetary or other valuable consideration.
• Orienne does not share or process personal information for cross-context behavioral advertising or targeted advertising.
• We do not install third-party retargeting pixels on the Services. We do not share device identifiers, hashed email addresses, or other personal identifiers with advertising networks for audience matching. Our analytics tool, Plausible Community Edition, is self-hosted and does not transmit your data to a third-party analytics partner.
• We do not knowingly sell or share the personal information of minors under 16 years of age without legally-required affirmative authorization (we are required by state privacy laws to provide this disclosure even where the activity does not occur).

If our practices change in the future and any activity we conduct could be considered a “sale” or “share” under applicable law, we will update this Policy and provide a clear, accessible opt-out mechanism. If you would like to submit a no-op opt-out request to have a record of your choice on file, you may do so by emailing privacy@orienne.com.

If you have a legally-recognized browser-based opt-out preference signal turned on via your device browser (such as Global Privacy Control), we will treat the signal as a confirmation of your preference even though we do not engage in the activities described above.

Notice of Financial Incentives

We may offer opportunities to receive certain services or benefits — including money, gifts, or “swag” — to participate in surveys, sign up for communications, or accept other similar incentives, which may require the provision of personal information, such as registering for an account and answering surveys or providing additional feedback or information. Such opportunities could be considered a financial incentive under applicable law (each, an “Incentive Program”). Your participation in Incentive Programs is purely voluntary. When you participate in an Incentive Program, you agree to the terms of that Incentive Program and may revoke your participation depending on the Incentive Program.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances. This means we can store your data but not use or process it further. You may exercise this right, for example, if:

• You contest the accuracy of your personal data and we are verifying its accuracy;
• The processing is unlawful, but you do not want the data erased;
• We no longer need the data for our purposes, but you require it to establish, exercise, or defend legal claims;
• You have objected to processing and we are considering whether our legitimate grounds override yours.

To request restriction of your personal data, please contact us at privacy@orienne.com.

Your Right to File a Complaint

If you believe we have not handled your personal information appropriately, please contact us first at privacy@orienne.com so that we can address your concern directly. Where applicable law gives you the right to lodge a complaint with a supervisory or regulatory authority that has jurisdiction over your matter, you retain that right.

6. State-Specific Information

In addition to the rights detailed in Your Rights and Choices, residents of U.S. states with comprehensive privacy laws — including California, Colorado, Connecticut, Virginia, Utah, Oregon, Texas, Montana, and others as enacted — may have additional rights regarding their personal information under those laws. To exercise any state-specific right, or for additional disclosures required by your state’s law, please contact us at privacy@orienne.com. We will provide the required disclosures and respond to your request in accordance with the timeframes set by your state’s law.

If we adopt practices that materially differ for residents of specific states, we will publish a separate U.S. State Privacy Notice and link it from this Policy.

7. Transfers to the United States

Summary: The Services are operated from the United States and are intended for users in the United States. We do not actively offer the Services in the EU, EEA, UK, or Switzerland and do not rely on Standard Contractual Clauses or any other Article 46 transfer mechanism, because the Services are not directed to data subjects there. If you are located outside the United States and choose to use the Services, your information will be transferred to and processed in the United States.

The Services are operated from Christa Diaz Consulting, LLC’s establishment in the United States and are intended for users in the United States (see the Overview section for the full territorial-scope statement). We do not actively offer the Services in the European Union, the European Economic Area, the United Kingdom, or Switzerland, and we do not rely on the European Commission’s Standard Contractual Clauses, the UK Addendum, an adequacy decision, or any other Article 46 transfer mechanism, because the Services are not directed to data subjects in those territories.

If you are located outside the United States and choose to use the Services, you do so at your own initiative; your information will be transferred to, processed, and stored in the United States. To the extent any non-U.S. data-protection law is determined to apply to your use of the Services, write to privacy@orienne.com and we will respond to lawful requests in good faith. The contemporaneous record of this scope assessment is held internally and is available to a competent supervisory authority on reasonable request.

8. Contact Us

Questions, comments, or requests regarding this Privacy Policy — including any request to exercise a privacy right, file a complaint, report a security issue, or raise a legal matter — must be sent to the appropriate email address below. The inquiry form on our website is not a channel for privacy, security, or legal requests.

• Privacy and data subject rights — privacy@orienne.com
• Security concerns and vulnerability reports — security@orienne.com
• Legal and contractual matters — legal@orienne.com

9. Further Reading and Security Posture

Our SOC 2 Type II audit has been completed with a clean opinion; the final report is expected shortly. We meet all requirements of the SOC 2 Trust Services Criteria for security, availability, confidentiality, processing integrity, and privacy, and have implemented the necessary controls — including encryption in transit and at rest, role-based access, multi-factor authentication for privileged access, immutable audit logging, vulnerability management, and ongoing monitoring. A separate Security Policy with additional technical and organizational detail will be published alongside the final report.

For more legal reading, see our Terms of Service. If you need further assistance, email privacy@orienne.com.