Privacy Policy
Last Updated: June 26, 2026
IMPORTANT NOTICES
PLEASE READ THIS PRIVACY POLICY CAREFULLY.It explains how Orion Financial Intelligence Inc. ("Orion," "we," "us," or "our") collects, uses, stores, and shares information when you use our website at orionfinance.ai, our application at app.orionfinance.ai, and related services (collectively, the "Services").
WALLET-BASED IDENTITY: We use Sign-In With Ethereum (SIWE). We do not require an email address or password to create an account. A wallet address alone may be pseudonymous, but it can become personal data if linked to an identifiable individual.
BLOCKCHAIN IMMUTABILITY: Transactions you sign on public blockchains are visible to anyone worldwide and cannot be deleted by Orion.
PRIVACY REQUESTS: We do not offer an automated data-export or account-deletion portal. To exercise your privacy rights, contact us manually at legal@orionfinance.ai.
1. INTRODUCTION
Orion Financial Intelligence Inc. operates the Orion platform, an onchain vault and portfolio management product. This Privacy Policy applies to both our marketing website and our decentralized application (dApp).
Authentication is wallet-based (SIWE). We do not collect traditional account fields such as email, password, phone number, or legal name in our core user records.
2. INFORMATION WE COLLECT
2.1. Information you provide.
- Wallet address and blockchain network when you connect and authenticate via SIWE.
- Cryptographic signature to prove wallet ownership. We verify the signature; we never receive or store your private keys.
- Terms of Service acceptance, including the version accepted and timestamp. We may record your IP address and browser user agent for compliance records.
2.2. Information collected automatically.
- Session data while you are logged in: internal user ID, linked wallet(s), IP address, user agent, and session timestamps.
- Security logs for authentication events, fraud prevention, and service reliability. We limit sensitive identifiers in security logging where feasible.
- API usage necessary to display vaults, portfolio balances, transaction history, and performance analytics.
- Error monitoring data on the dApp (e.g., error reports, browser type, hashed wallet identifier, chain ID, and wallet connector type).
- Website analytics on our marketing site when Google Analytics is enabled (see Section 4).
2.3. Information from public blockchains. If you interact with Orion smart contracts, your transactions (including wallet address, amounts, and transaction hashes) are public on the blockchain. We index this public data through third-party indexing services to power the application. We cannot delete onchain records.
2.4. Pre-login indexing. We may create internal user records when indexing public onchain activity associated with a wallet address, including before you log in or accept our Terms of Service. This allows us to display portfolio and vault data derived from public chain events.
2.5. Optional profile information. Vault managers may have a display name, description, or icon URL associated with their wallet address. Administrators may set vault display labels.
2.6. Derived analytics. We compute and store portfolio performance metrics (such as daily equity, profit and loss, and returns) derived from indexed onchain activity.
2.7. What we do not intentionally collect. Through the Orion platform described in this policy, we do not intentionally collect email addresses, postal addresses, government identification, payment card data, biometrics, or social media profiles.
3. HOW WE USE INFORMATION
We use the information described above to:
- Authenticate you and maintain secure sessions
- Provide portfolio, vault, and protocol features
- Enforce our Terms of Service and role-based access controls
- Compute and display performance analytics in the application
- Protect against fraud, abuse, and security incidents
- Operate and improve our website and application
- Comply with legal obligations
4. COOKIES, LOCAL STORAGE, AND SIMILAR TECHNOLOGIES
4.1. Marketing website (orionfinance.ai).
- Google Analytics: When enabled, we use Google Analytics 4 with IP anonymization and without persistent client-side storage cookies for analytics.
- Session storage: We use browser session storage for UI preferences (such as dismissing site banners).
- We do not use cookies for wallet authentication on the marketing site.
4.2. Application (app.orionfinance.ai).
- Local storage:After SIWE login, access and refresh tokens and your authenticated wallet address are stored in your browser's local storage. Our backend does not use httpOnly cookies for session management.
- Session storage: We use session storage for UI state (such as whether you have seen the loading intro).
- Session lifetimes: Access tokens expire after approximately 15 minutes; refresh tokens expire after up to 7 days (server-side).
4.3. Wallet extensions. Wallet providers (such as MetaMask) operate independently and may use their own cookies, local storage, or telemetry. Their practices are governed by their own privacy policies.
4.4. Security note. Because session tokens are stored in browser local storage rather than httpOnly cookies, a compromise of your browser (for example, through cross-site scripting) could allow unauthorized access to your session. We use short-lived access tokens and other safeguards to reduce this risk, but no method is completely secure.
5. WHERE WE STORE INFORMATION
Data is processed on servers operated by us and our infrastructure providers, primarily in the United States.
- Short-lived authentication data (such as login sessions and one-time verification values)
- Application databases for accounts, wallets, terms acceptance records, indexed onchain activity, and derived analytics
- Operational logs for security monitoring, troubleshooting, and service operation
6. SHARING AND SUBPROCESSORS
We do not sell your personal information. We share data only in the following circumstances:
- Service providers that host or operate our infrastructure, under contractual safeguards — including Amazon Web Services
- Google Analytics (marketing site analytics, when enabled)
- Sentry (error monitoring on the dApp)
- Reown / WalletConnect (wallet connection infrastructure and related analytics)
- The Graph and blockchain RPC providers (reading and indexing public blockchain data)
- Fontshare (web font delivery on our marketing site)
- Public blockchains, when you choose to transact onchain
- When required by law or to protect rights, safety, and security
Wallet providers are controlled by you, not by Orion. Our Services may link to third-party sites; we are not responsible for their privacy practices.
7. PUBLIC BLOCKCHAINS
Blockchain transactions are publicly visible and permanent. Deposits, withdrawals, wallet activity, and transaction hashes recorded onchain exist outside Orion's control. We index this public data to provide the Services, but we cannot erase, modify, or restrict access to data that exists on a public blockchain.
8. INTERNATIONAL TRANSFERS
Your information may be processed and stored in the United States. If you access the Services from outside the United States, you acknowledge that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
9. RETENTION
- Authentication and session data: typically from a few minutes up to 7 days, depending on the data type
- Account and indexed activity data: retained while you use the Services and as needed for legal, security, and operational purposes
- Security and operational logs: retained for a limited period consistent with our operational and legal needs
- Onchain data: permanent
10. YOUR RIGHTS AND CHOICES
Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, or to object to certain processing. Because blockchain transactions are public and immutable, we cannot erase data that exists onchain.
10.1. Manual privacy requests (DSAR). We do not currently offer a self-service data-export or account deletion portal. To exercise your privacy rights relating to data we control in our databases, email legal@orionfinance.ai with a subject line indicating a privacy or data request. Please describe the right you wish to exercise (for example, access, correction, deletion, portability, restriction, or objection).
- Verification: We may require proof of wallet ownership (such as a signed message from the wallet associated with your account) before fulfilling a request.
- Response: We will acknowledge your request promptly and respond within the timeframe required by applicable law, where a statutory deadline applies.
- Deletion: Where feasible, we can delete or anonymize data in our databases upon verified request. Public blockchain data and data we are required to retain for legal or security purposes may be excluded.
10.2. What we can provide today.
- Access: Much of your portfolio and account information is available in the App while you are logged in. A full export of all data we hold may require a manual request.
- Correction: Wallet addresses are cryptographic identifiers and generally cannot be changed. Manager and vault display names are controlled by administrators, not self-service editing.
- Portability: onchain transaction history is already public. App-derived metrics stored in our databases may be provided on request where technically feasible.
10.3. Self-service options. You may log out to invalidate your current server session. You can disconnect your wallet at any time in your wallet extension.
11. SECURITY
We use industry-standard measures including encryption in transit, access controls, rate limiting, and security monitoring. No method of transmission or electronic storage is 100% secure. We cannot guarantee absolute security.
12. CHILDREN
Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will post the revised policy with an updated "Last Updated" date. Where required by law, we may notify you or request renewed acceptance of updated terms. Your continued use of the Services after changes constitutes acceptance of the updated policy where permitted by law.
14. CONTACT INFORMATION
For questions about this Privacy Policy, or to submit a privacy or data-access request, contact:
Orion Financial Intelligence Inc.
Email: legal@orionfinance.ai