How Oria handles sensitive intake data.

Oria BioStack collects contact details, date of birth, body metrics, health disclosures, lifestyle inputs, and protocol-selection events when you use the intake or results flow.

We use this information internally to generate your research preview, save secure session access, deliver results emails, improve the product, and if you opt in, send reminder emails, research updates, and promotional offers.

We do not sell your health data. We use it internally for protocol generation, analytics, product improvement, and, if you have opted in, targeted updates or offers related to the Oria service.

Your data may be processed by infrastructure and service providers that help us host the app, store session records, send email, and run analytical model workflows on our behalf.

We retain saved assessment sessions, verification logs, and communication-preference records only as long as reasonably necessary to deliver results, secure access, honor opt-outs, investigate misuse, and meet legal obligations.

Inactive saved-session records are targeted for deletion or de-identification after 24 months of inactivity. Limited security and suppression records may be kept longer to honor opt-out requests or defend against abuse.

We store session and event history in Supabase so your results can be reopened later with a secure results ID and email verification code.

Access to saved results is gated by your secure results ID plus a short-lived email verification code. We treat the results ID as a secret and recommend that you do the same.

You can turn off future reminder emails, research updates, and promotional offers from any Oria email by using the email-preferences link in the footer. Transactional emails needed to deliver a result tier you actively requested may still be sent.

If you need access, correction, deletion, or privacy help, use the reply-to address shown in your Oria emails or the contact details your team publishes for privacy requests.

Oria should target WCAG 2.2 AA accessibility across the intake, results, and email experiences, including keyboard access, visible labels, clear error messaging, sufficient contrast, meaningful alt text, and mobile-friendly layouts.

Publishing an accessibility statement helps users request support, but it does not replace actual accessibility testing with screen readers, keyboard-only navigation, mobile zoom checks, and periodic audits.

This privacy policy applies to the Oria BioStack intake and results experience. Because the intake collects sensitive health-related information, this policy has been prepared with attention to applicable data-protection requirements in the jurisdictions where Oria operates.

If the intake is accessed through an embedded version on another website, this privacy policy and the research disclaimer are still available directly from within the experience itself.