Privacy Policy — Orra
Effective Date: 06-03-2026
Last Updated: 18-03-2026
Orra (“Orra”, “we”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect information when you use orra.design, the Orra dashboard, and related services (“Services”).
Orra is a brand operated by Finch Design Private Limited (“Company”, “we”, “us”).
Registered Office: E-206a, Ganesh Glory 11, Nr. BSNL Office, Jagatpur Rd, Ahmedabad – 382470, Gujarat, India.
Email: hello@orra.design | Website: orra.design
1. Information we collect
A. Information you provide
Account data: name, email, phone number, password (stored in hashed form), profile details
Workspace / Brand data: brand name, industry, timezone, brand kit details (logos, colors, fonts, references)
Request data: briefs, attachments/links, comments, approvals, request metadata, delivery notes
Support data: messages and support requests you submit
Billing data: billing name/email, subscription status, invoice history, transaction identifiers (we do not store full card numbers)
B. Information collected automatically
Device & usage data: IP address, browser type, device identifiers, pages viewed, timestamps, referring URLs
Cookies and similar technologies: session/login, preferences, analytics performance (see Section 6)
Google sign-in (optional): name, email (based on permissions you grant)
Payment processor (Stripe): payment status, subscription status, limited billing metadata (Stripe processes payment data)
C. Information from third parties
2. How we use your information
We use personal data to:
Provide the Platform and Services (account, login, dashboard, workflow)
Operate service delivery (request triage, assignment, collaboration, approvals, delivery)
Process subscriptions and billing (renewals, invoices, failed-payment holds, plan changes)
Provide customer support and account management
Improve and secure Orra (analytics, troubleshooting, monitoring, fraud prevention)
Send service communications (password reset, verification, system notices, notifications)
3. Legal basis (where applicable)
Depending on your location and applicable law, we process personal data under one or more of:
Contract (to provide Services you request)
Consent (for certain cookies/analytics where required)
Legitimate interests (security, fraud prevention, product improvement)
Legal obligation (tax, accounting, compliance)
4. How we share information
We do not sell your personal data.
We may share information with:
Service providers / processors (hosting, analytics, email, support, payments) who process data only to deliver services to us
Stripe to process payments and manage billing/subscriptions
Legal authorities if required by law or to protect our users, Company, or Platform
Business transfers (merger/acquisition/asset sale) with appropriate notice
5. Data retention
We keep personal data only as long as needed for:
providing Services,
operational continuity (requests/deliverables),
legal and accounting obligations,
dispute resolution and enforcement.
Typical retention logic:
Account data: while the account is active
Billing records: as required for accounting/tax
Requests/deliverables: retained for continuity unless deletion is requested and not legally restricted
6. Cookies, analytics, and session recording
Google Analytics 4 (GA4)
We use GA4 to understand website usage and improve performance. GA4 does not log or store IP addresses; it may derive coarse location from IP and (for EU traffic) discards IP before logging.
Microsoft Clarity
We use Microsoft Clarity for behavior analytics (e.g., heatmaps/session insights). For regions like the EEA/UK/CH, Clarity enforces consent signal requirements and supports Consent Mode so cookies are set only after valid consent.
Your control
You can control cookie consent via our cookie banner (where enabled) and browser settings. Disabling certain cookies may affect site functionality.
7. Security
We use reasonable technical and organizational safeguards to protect data (access controls, encryption in transit, secure storage, monitoring). No method is 100% secure, but we take security seriously.
8. Your rights and choices (DPDP and others)
Under India’s Digital Personal Data Protection Act, 2023, individuals have rights and the Company must provide notice, allow correction/erasure where applicable, and provide grievance redressal.
To exercise rights: email privacy@orra.design from your account email with:
We may verify identity before processing requests.
9. International data transfers
Orra is operated from India. Our service providers may process data in other countries depending on their infrastructure. We take steps to ensure appropriate safeguards and contractual protections.
10. Confidentiality & NDA
We will treat non-public Client Content and non-public project information as confidential and use it only to deliver Services. If you require a formal NDA, we may sign one upon request (subject to review and mutual agreement).
11. Children’s privacy
Orra is not intended for individuals under 18. If you believe a minor has provided personal data, contact us to request deletion.
12. Updates to this policy
We may update this Privacy Policy periodically. We will post the updated version and revise the “Last updated” date.
13. Contact & grievance
Privacy: privacy@orra.design
Support: hello@orra.design
Company: Finch Design Private Limited, Ahmedabad, Gujarat, India
