OriginKey

Privacy Policy

Last Updated: April 5, 2026

OriginKey ("we," "us," or "our") operates the OriginKey web application, Chrome extension, iOS app, and Android app (collectively, the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights.

1. What We Collect

Data You Provide

Account information: Name, email address, and profile photo from your Google or Microsoft sign-in.
Onboarding preferences: Your role, communication tone, output format preferences, and tools you use.
User corrections: When you edit or remove a learned preference.

Data We Observe (with your permission)

Writing style signals: Sentence length, formality level, structure preference, greeting and sign-off patterns. We analyze text locally and extract only aggregate style metrics — we never store your actual written content on our servers.
Communication patterns: Email length averages, document structure, reply frequency. Derived from Google Workspace APIs with your OAuth consent.
Calendar context: Meeting density, focus block patterns, work hours. Read-only access via Google Calendar API.
Browsing patterns: Time spent on categories of sites, writing activity on supported web applications. Collected by the Chrome extension.
Location context: Whether you are at home, office, a coffee shop, traveling, etc. We store context labels only — we never store your GPS coordinates on our servers.
Messaging style (Android): Message length, formality, emoji frequency per messaging app. Analyzed from notification content in memory and immediately discarded. Raw message content is never stored.
Messaging style (Mac/iOS): Same style signals derived from iMessage history, analyzed locally on your device. Raw message content never leaves your device.

Data We Never Collect

Passwords or sensitive form field content
Raw message text or email bodies on our servers
Contact names or phone numbers
Photos, videos, or media files
Banking or financial information
GPS coordinates (only context labels like "home" or "office")

2. How We Use Your Data

We use the collected style signals to build and maintain your personal AI twin profile, provide personalized AI responses across supported tools, and improve the accuracy of your twin's understanding over time.

We do not sell your personal data to third parties, use your data for advertising, share your individual data with other users, or train AI models on your personal content.

3. Data Storage and Security

Your twin profile and preferences are stored in a secured PostgreSQL database hosted on Google Cloud Platform (Cloud SQL), encrypted at rest and in transit. Authentication uses industry-standard JWT tokens and OAuth 2.0. All API communication uses HTTPS/TLS encryption. We follow NIST AI 100-1 guidelines for AI system security.

4. Third-Party Services

We use Google Cloud Platform for hosting and infrastructure, Google OAuth for authentication, and Anthropic Claude API for AI processing. These services have their own privacy policies.

5. Your Rights

You have the right to view all data your twin has learned, edit any preference, delete any or all of your data at any time, export a complete copy of your data in machine-readable format, revoke access to any connected service, and opt out of anonymized data sharing.

To exercise any of these rights, use the Settings page in the app or contact us at privacy@originkey.ai.

6. Data Retention

Your twin profile and preferences are retained as long as your account is active. If you delete your account, all associated data is permanently deleted within 30 days.

7. Children's Privacy

OriginKey is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights including access, rectification, erasure, data portability, restriction of processing, and the right to withdraw consent at any time. Our legal basis for processing is your consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date.

11. Contact Us

Email: privacy@originkey.ai
Web: https://originkey.ai

OriginKey — Arcola, Virginia, United States

← Back to OriginKey