Privacy Policy

1. Who We Are

AiOrch is a product of Reisnova Limited, a company registered in England. When this policy refers to "we", "us", or "our", it means Reisnova Limited trading as AiOrch.

2. Self-Hosted Software

AiOrch is a self-hosted application. You install and run it on your own infrastructure (servers, virtual machines, or containers). This has important privacy implications:

• We do not host your data. Your code, session data, agent outputs, API keys, and all other content remain entirely on your infrastructure.
• We do not have access to your servers. We cannot see, read, copy, or process any data generated by your use of the software.
• Your data never leaves your infrastructure unless you configure external integrations (e.g., API calls to OpenAI, GitHub) — those are governed by the respective third-party providers' privacy policies.

3. What Data We Collect

Because AiOrch is self-hosted, the data we collect is limited to what is necessary for licensing and support:

• License activation: When you activate a license key, our license server receives your license key, a hashed machine identifier (SHA-256 of hostname and MAC address — not the raw values), your server's IP address, and the software version. This is used solely to enforce license terms (e.g., concurrent instance limits).
• Heartbeat pings: The software periodically sends a heartbeat to our license server containing only the license key and hashed machine identifier. No code, session data, or user content is included.
• Trial activation: If you use the free trial, we record a hashed machine identifier, IP address, software version, and the trial start date.
• Support requests: If you contact us at [email protected], we retain the correspondence and any diagnostic data you voluntarily share. Diagnostic exports from the software are designed to redact secrets (API keys, tokens) before export.

4. What Data We Do Not Collect

• Your source code or repository contents
• Task descriptions or session configurations
• Agent outputs, logs, or reports
• API keys for third-party providers (OpenAI, GitHub, etc.)
• Passwords or session cookies
• User analytics, telemetry, or usage tracking
• Personal information beyond what is listed in Section 3

5. How We Use Your Data

• License enforcement: To validate your license and enforce concurrent instance limits.
• Support: To investigate and resolve issues you report to us.
• Fraud prevention: To detect and prevent license abuse.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes.

6. Data Retention

• License activation records: Retained for the duration of your licence plus 12 months after expiry.
• Heartbeat data: Overwritten on each heartbeat; only the most recent record is retained per activation.
• Trial records: Retained for 24 months after trial start.
• Support correspondence: Retained for 24 months after resolution, or longer if required by law.

7. Data Security

Our license server uses parameterised database queries, rate limiting, file-level access controls, and encrypted connections. Machine identifiers are stored as SHA-256 hashes, not raw values.

Your self-hosted installation's security is your responsibility. We provide security documentation, secure defaults (auto-generated API keys, authentication enforcement, rate limiting), and guidance for production deployment in our SECURITY.md and commands.md files.

8. Third-Party Services

AiOrch integrates with third-party providers that you configure (e.g., OpenAI, Anthropic, GitHub, Ollama). When you use these integrations, your data is sent directly from your server to those providers. Their privacy policies govern that data, not ours. We have no visibility into those communications.

9. Your Rights

Under applicable data protection laws (including UK GDPR), you have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Object to processing of your data
• Request data portability

To exercise any of these rights, contact us at [email protected].

10. Cookies

The AiOrch self-hosted application uses a single authentication cookie (orch_session) on your own server. This is a strictly necessary functional cookie — it is not used for tracking, analytics, or advertising. See our Cookie Policy for details.

This landing page (aiorch.ai) does not set any cookies.

11. Children

AiOrch is a professional software development tool. It is not intended for use by individuals under the age of 18.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via our changelog or documentation. The "Last updated" date at the top of this page indicates the most recent revision.