Privacy Policy

This Policy applies to data we process about visitors to our website, account holders, and end users who interact with our API directly. It does not apply to data our customers process about their own end users through the Service — for that relationship, our customer is the data controller and we are the data processor; see our Data Processing Agreement.

2.1 Data you give us

• Account data — email address, password hash, organization name if provided.
• Billing data — payment is handled by Polar, which acts as merchant of record. We receive a customer ID, the last four digits of the payment method, country, and invoice metadata. We do not see or store full card numbers.
• Support data — anything you send to support@orchardrun.com or share with us in a conversation.

2.2 Data we collect automatically

• Usage data — API request metadata (timestamp, route, status code, byte counts, model name, latency, error codes), dashboard page views, and feature interactions.
• Device & network — IP address, user agent, approximate city-level geolocation derived from IP, referrer.
• Logs — server logs that include request IDs, error stack traces, and rate-limit decisions.

2.3 Data we do not collect

We do not buy personal data from data brokers. We do not run third-party advertising trackers on orchardrun.com. We do not fingerprint visitors across other websites.

Audio is the most sensitive data category Orchard handles, so this section overrides anything more general elsewhere in this Policy if there is a conflict.

3.1 Transcription audio (STT)

Audio you submit to the speech-to-text API is processed in memory, transcribed, and the transcript is returned in the API response. The original audio is deleted from compute nodes within minutes after the response is returned. We do not retain transcripts on disk past the request lifecycle unless you explicitly opt into a feature that requires retention (for example, batch jobs that store output to your account).

3.2 Synthesized audio (TTS)

Audio we generate for you is delivered in the API response and not stored on our servers. Transient cache nodes may hold generated audio for under five minutes for retry safety; they purge automatically.

3.3 Voice cloning reference audio

Reference audio you submit to create a cloned voice is processed to derive a speaker embedding. The embedding is stored on our servers and bound to your account so you can synthesize with that voice on demand. The original reference audio is retained only as long as needed to re-derive the embedding if our inference stack changes, and may be deleted at any time at your request. Deleting a cloned voice deletes both the reference audio and the embedding within thirty (30) days.

3.4 No training on customer audio

We do not use audio or transcripts you submit to train, fine-tune, or evaluate any foundation model. We do not share customer audio with model providers for the purpose of model improvement. The only audio used to train any model we ship is audio for which we hold a separate license and consent.

• Provide, maintain and operate the Service.
• Authenticate you and enforce rate limits, quotas and abuse protection.
• Bill you, calculate usage, and provide invoices.
• Communicate with you about your account — billing, security alerts, breaking changes, and incident reports. You cannot opt out of these because they are necessary to the Service.
• Send optional product updates and announcements, which you can opt out of at any time.
• Debug, monitor performance, and improve reliability of the Service.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and respond to lawful requests.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under GDPR:

• Performance of a contract — to provide the Service you signed up for.
• Legitimate interests — to secure the Service, prevent abuse, improve reliability, and communicate about your account. We have balanced these interests against your rights.
• Legal obligation — to comply with tax, accounting and law-enforcement requirements.
• Consent — for optional marketing emails and for any voice-cloning reference audio you submit (see Section 3.3).

We use a small number of first-party cookies that are strictly necessary for the Service to work — for example, your session cookie after you log in, and a CSRF token. We do not use advertising or cross-site tracking cookies. We use a privacy- preserving analytics product that aggregates page views without setting persistent identifiers.

You can block or delete cookies in your browser; if you block the session cookie, the dashboard will not work.

We do not sell personal data. We share data only with the sub-processors listed below, with your consent, or when required by law. Each sub-processor is bound by a written contract that requires confidentiality, security, and use limited to the stated purpose.

We update this list when sub-processors change. Customers on annual plans can subscribe to receive thirty (30) days advance notice of new sub-processors at privacy@orchardrun.com.

• Audio submitted to STT/TTS APIs — deleted within minutes after the response is returned (see Section 3).
• Voice cloning reference audio + embeddings — kept while the voice exists in your account, deleted within thirty (30) days after you delete the voice or close your account.
• API request logs — thirty (30) days for the request body; sixty (60) days for metadata used for billing reconciliation and abuse detection.
• Account data — retained while your account is active, deleted within ninety (90) days of account closure, subject to legal retention obligations (e.g., tax records, which we retain for seven years).
• Billing records — retained for seven (7) years to comply with U.S. tax and accounting law.
• Support tickets — twenty-four (24) months after the last message.

We encrypt data in transit using TLS 1.2 or higher, and we encrypt at-rest data using AES-256 or stronger. API keys are hashed before storage. Access to production systems is restricted to a small number of named engineers via short-lived credentials with hardware-key MFA enforced.

No system is impenetrable. If we discover a personal-data breach that affects you, we will notify you without undue delay and, where required by law, within 72 hours of becoming aware.

Depending on where you live, you have some or all of the following rights over your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — ask us to delete your data, subject to legal retention obligations.
• Restriction — ask us to pause processing.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — at any time, for any processing based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@orchardrun.com. We will respond within thirty (30) days. We may need to verify your identity before acting on a request.

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

• Right to know what categories of personal information we collect and how we use them.
• Right to delete personal information we collect from you, subject to exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA.
• Right to limit use of sensitive personal information. The voice prints we derive may qualify as sensitive personal information; we use them only to provide the voice cloning service you requested.
• Right to non-discrimination for exercising these rights.

To exercise your California rights, email privacy@orchardrun.com with subject line "California Privacy Request." Authorized agents may submit requests on your behalf with proof of authorization.

Orchard is based in the United States. Personal data we process may be transferred to and stored in the United States or other countries where our sub-processors operate. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs), including the UK Addendum and Swiss equivalents, and we conduct a transfer impact assessment for each sub-processor.

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact privacy@orchardrun.com and we will delete it.

We use automated systems for rate-limit enforcement, abuse detection, and quota tracking. None of these have legal or similarly significant effects on you — at worst they slow down your requests or pause your account pending a human review. A human is always available for review by emailing support@orchardrun.com.

We may update this Policy from time to time. When we make a material change, we will update the effective date at the top and, for changes that affect your rights, give notice by email or in the dashboard. Continued use of the Service after the effective date means you accept the updated Policy.

The data controller for processing described in this Policy is Orchard AI LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, United States.

For all privacy questions, requests, or to reach our Data Protection Officer: privacy@orchardrun.com.