Oryvia Privacy Policy

This Privacy Policy is binding upon all individuals and entities who interact with Oryvia across any digital or electronic medium. It delineates the framework within which we collect, process, and manage information, and it applies unilaterally to all forms of engagement, whether direct or indirect, intentional or incidental. This policy extends to, but is not limited to, the following environments and interactions: • Official Website: All user activity, data input, and browsing behavior occurring on or through our principal digital domain, www.oryvia.com, including any subdomains, landing pages, or affiliated web assets under our control. • Digital Correspondence & Communication: All modes of electronic engagement initiated via contact forms, lead capture interfaces, project inquiry submissions, consultation request modules, or through direct communication conducted via email, instant messaging platforms, or scheduling tools used by Oryvia for professional correspondence. • Operational and Project-Based Exchanges: Any personal or organizational information voluntarily or involuntarily disclosed during the lifecycle of a project — from initial interaction and scoping through onboarding, active development, delivery, and post-deployment support. This includes files, assets, credentials, project briefs, design preferences, and any intellectual or proprietary information entrusted to us in the context of service execution. This Privacy Policy remains applicable regardless of the nature of the device, geographic location of the user, or technological platform through which the interaction occurs, provided such engagement involves the exchange or exposure of personal, technical, or behavioral data within Oryvia’s digital ecosystem.

A. Personally Identifiable Information (PII) We collects, stores, and processes certain categories of data that are capable of directly or indirectly identifying an individual or representing a specific business entity. This class of data, herein referred to as Personally Identifiable Information (PII), is obtained exclusively through voluntary user action or professional engagement. The types of PII we may collect include, but are not limited to: • Full legal name • Email address (business or personal) • Contact number (mobile or landline) • Company name and professional designation, where applicable • Project-related inputs, including business goals, technical briefs, brand content, functional requirements, or any materials voluntarily provided during the initial consultation, inquiry, or onboarding process Such data is acquired through the following means: • When you submit a contact form, project inquiry, or consultation request via our website or any associated digital portals • When you initiate or respond to direct communications via email, telephone, messaging applications, or calendaring tools used by Us • When you enter into a formal service agreement, proposal acceptance, or contractual relationship with Oryvia, thereby establishing a professional engagement All collected PII is handled with the strictest confidentiality, governed by industry-standard security protocols, and used solely for the purposes explicitly defined within this policy and the scope of services rendered. B. Non-Personally Identifiable Information In addition to personal data, We also collects and processes a range of technical and behavioral information that, in isolation, does not permit direct identification of any specific individual or entity. Such data, herein referred to as Non-Personally Identifiable Information (Non-PII), is typically aggregated, anonymized, and utilized to optimize digital performance, assess user behavior, and inform strategic improvements. The categories of Non-PII we collect may include, but are not limited to: • Internet Protocol (IP) address, used for network diagnostics and geographic segmentation • Browser type and version, to ensure compatibility and performance across platforms • Device classification (e.g., desktop, mobile, tablet) and operating system metadata, for responsive design refinement • Approximate geographic location, derived through IP geolocation tools to analyze regional trends and access patterns • Referring URLs, landing pages, and the duration of user sessions, to evaluate navigation flow and content effectiveness • Interactional behavior within our website environment, including clicks, scrolls, bounce rates, and heatmap analytics This data may be collected automatically through cookies, server logs, or third-party analytics tools. All Non-PII is processed in accordance with applicable data protection regulations and is exclusively employed to enhance the usability, accessibility, and operational intelligence of our digital infrastructure. Where possible, such data is de-identified to preclude any unintentional association with personally identifiable records.

We processes personal and non-personal data in strict adherence to applicable data protection laws and regulatory standards, including, but not limited to, the General Data Protection Regulation (GDPR), the Information Technology Act, 2000 (India), and other relevant international and jurisdiction-specific privacy frameworks. Our data processing activities are lawfully grounded in one or more of the following legal bases: •⁠ ⁠Consent Processing is undertaken only after you have provided explicit, informed, and unambiguous consent for specific purposes, such as subscribing to updates, submitting personal details through our website, or participating in consultations. Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal. •⁠ ⁠Contractual Necessity In circumstances where you engage Us for the provision of services, data processing is required for the execution and performance of a contractual agreement. This includes the processing of contact details, business data, and project-related inputs necessary for service fulfillment, delivery, and ongoing client communication. •⁠ ⁠Legitimate Interest We may process certain categories of personal or behavioral data under the lawful doctrine of legitimate business interest, provided such interests are not overridden by your fundamental rights and freedoms. This includes, but is not limited to: • Monitoring and enhancing the performance, stability, and usability of our website • Improving service delivery and operational efficiency • Conducting internal analytics, business intelligence, and strategic evaluations • Communicating with clients or prospective clients for relationship management Oryvia undertakes a balancing test to ensure that our legitimate interests are pursued in a fair, proportionate, and privacy-respecting manner.•⁠ ⁠Legal Obligation We may process and disclose your data where such action is necessary for compliance with applicable legal mandates, judicial orders, regulatory inquiries, tax or audit requirements, or other statutory obligations imposed under the law. Each instance of data collection and processing is assessed on a case-by-case basis to ensure compliance with prevailing legal standards, and no data is processed beyond the scope required for the fulfillment of lawful and clearly defined objectives.

Our Team collects and processes both personally identifiable and non-identifiable data for explicit, legitimate, and contractually or operationally relevant purposes. All processing activities are confined to specific objectives necessary for the effective delivery of our services and the protection of our digital infrastructure, as well as for compliance and client engagement. Outlined below are the principal purposes for which your data may be processed: •⁠ ⁠Communication & Support To facilitate responsive and informed communication, including acknowledgment of service inquiries, provision of consultations, clarification of requirements, project scoping, and both pre-engagement and post-engagement correspondence. This also encompasses technical or client support activities aimed at ensuring satisfaction and resolution of issues encountered during or after project delivery. •⁠ ⁠Service Fulfillment To enable the planning, execution, and completion of professional services, including UI/UX design, website development, system integration, content deployment, and performance optimization. This involves managing your information throughout the project lifecycle, from initial proposal to final delivery and beyond, as per the mutually agreed scope of work. •⁠ ⁠User Experience Enhancement To assess and interpret aggregate user behavior and technical interaction patterns on our digital platforms, with the objective of optimizing user interface (UI) design, user experience (UX) flow, feature relevance, and performance metrics. This is conducted through legitimate analytic methods and tools under appropriate confidentiality conditions. •⁠ ⁠Marketing and Outreach (subject to prior consent) To deliver curated communications, such as service announcements, value-driven updates, industry insights, newsletters, event invitations, or promotional campaigns that may be of professional interest to you. Such communications are disseminated only upon obtaining your affirmative consent, which may be withdrawn at any time via the opt-out mechanism provided. •⁠ ⁠Security and Risk Mitigation To proactively detect, monitor, and neutralize potential threats, fraudulent activities, unauthorized access attempts, and other forms of digital misuse that may compromise the integrity of our systems, client data, or brand credibility. This includes IP logging, behavioral pattern analysis, and cross-referencing technical events for anomaly detection.

We employs cookies and related tracking technologies to: • Preserve session continuity and user login states • Tailor website interactions and personalize content delivery • Perform statistical analysis and evaluate behavioral patterns for performance enhancement You may manage or disable cookies through your browser settings at your discretion. Please note, however, that restricting cookies may limit the functionality or responsiveness of certain features on our website.

we do not sell, rent, trade, or otherwise disseminate your personal information to unaffiliated third parties for marketing or commercial exploitation. However, under specific and tightly controlled circumstances, we may disclose your data to third parties as follows: • Service Providers: Information may be shared with carefully vetted third-party vendors—such as cloud infrastructure providers, analytics platforms, customer relationship management (CRM) tools, or email service providers—strictly for the purpose of facilitating our service operations. All such disclosures are governed by enforceable confidentiality agreements and data processing contracts. • Legal Compliance: We may be legally compelled to disclose information where required by applicable law, court order, legal proceeding, or government or regulatory authority. • Business Transfers: In the event of a corporate transaction—such as a merger, acquisition, consolidation, or restructuring—client and user data may be transferred as part of the associated business assets, subject to appropriate safeguards and notification.

We adheres to a structured and purpose-driven data retention framework, ensuring that all personal, technical, and project-related data is retained only for the duration necessary to fulfill its legitimate and operational functions. Our retention practices are aligned with applicable legal standards, industry norms, and business obligations. We retain personal data and associated project content for the following purposes: • To fulfill the contractual and service-related obligations for which the data was originally collected • To comply with statutory and regulatory requirements, including financial recordkeeping, audit trails, and tax reporting • To preserve accurate historical documentation of the services rendered, including assets developed, deliverables submitted, and communications exchanged In addition to these core purposes, We may retain select non-sensitive project-related data (e.g., design assets, wireframes, development screenshots, UI layouts, and user flows) for inclusion in our internal project archive, as well as for external demonstration purposes such as case studies, presentations, or portfolio showcases. This practice is conducted under the following strict conditions: • No personally identifiable or confidential client data will be publicly disclosed without explicit written consent • Any identifiable branding, proprietary code, or sensitive business content will be excluded or redacted unless expressly permitted by the client • Materials used for showcasing will be curated to reflect creative or technical capabilities only, and not internal client processes or data All retained data—whether used for archival or display purposes—is stored exclusively on our secure, access-controlled servers. Access is restricted to authorized personnel only, and data is never transferred to external storage environments or third parties without a lawful basis. At the conclusion of the retention lifecycle—or upon receipt of a verifiable deletion request from the data subject—Oryvia will undertake irreversible erasure or anonymization of the data, using encryption-based overwriting and industry-validated sanitization protocols. Our data retention timelines may vary depending on the nature of the data, contractual duration, and applicable legal requirements, but all efforts are made to ensure data is not held longer than necessary for its intended and lawful use.

At Oryvia, we recognize the importance of protecting the integrity, confidentiality, and availability of the data entrusted to us. We apply a series of reasonable and industry-aligned safeguards designed to minimize risks related to unauthorized access, misuse, or loss of personal and project-related information. While we have not formalized an advanced cybersecurity framework, we do implement practical, essential protections across our internal processes. These include: • Encrypted communication protocols to secure data shared through our website and digital forms • Controlled access to internal systems, where only authorized personnel involved in relevant projects may view or handle client data • Secure digital storage environments with layered permission protocols, ensuring access is limited and traceable • Regular maintenance and updates to the tools and platforms we rely on, helping reduce exposure to known security vulnerabilities • Use of trusted third-party services, selected based on their adherence to industry-standard security and compliance measures Data you share with us—whether project briefs, assets, or communications—is stored in protected environments with access restrictions tailored to ensure responsible handling. We avoid unnecessary data duplication and follow structured internal protocols for managing sensitive client material. It is important to acknowledge that while our protective measures significantly reduce risk, no digital system is immune to threats. As such, we do not guarantee absolute security. However, Oryvia is committed to acting with transparency, urgency, and accountability in the event of any suspected data incident. This includes promptly investigating the issue, mitigating its impact, and notifying affected parties in accordance with applicable laws and best practices.

In accordance with applicable data protection laws, individuals may exercise the following rights concerning their personal data:• Access: Request access to the personal data held by Oryvia. • Rectification: Correct inaccurate, incomplete, or outdated personal data. • Erasure: Request the deletion of personal data, subject to contractual, legal, or regulatory retention requirements. • Restriction of Processing: Limit the processing of data under specific circumstances. • Objection to Processing: Object to processing activities based on legitimate interests. • Withdrawal of Consent: Withdraw previously granted consent for data processing where applicable. • Data Portability: Request transmission of personal data in a structured, machine-readable format to another controller, where technically feasible. To initiate any of the above rights, a formal request must be submitted to: 📧 info@oryvia.in Identity verification may be required prior to processing any request. All submissions are subject to internal assessment. We reserves the right to evaluate the validity, scope, and necessity of each request and will act upon such requests only where permitted and appropriate under applicable laws and contractual obligations.

Oryvia does not knowingly collect or process personal data from individuals under the age of 13. Our website and services are not directed toward children, and we do not intend for them to engage with our platform. If it is discovered that data has been submitted by a user under 13 without verified parental consent, such data will be promptly deleted. Parents or guardians who believe that their child may have submitted personal information to Oryvia may contact us at info@oryvia.com for immediate review and removal

The Oryvia website may contain hyperlinks or references to external websites, tools, or digital platforms that operate independently and are not governed by this Privacy Policy. These third-party sites may have their own privacy policies, data collection practices, and security standards. We does not assume responsibility or liability for the content, practices, or data handling procedures of any external websites. Users are encouraged to review the privacy policies of such third-party platforms prior to providing any personal information or engaging with their services.

For any inquiries, concerns, or requests related to this Privacy Policy or the processing of your personal data, contact Oryvia through the following channels: • 📧 Email: info@oryvia.in • 🌐 Website: www.oryvia.in Last Updated: October 2025

Oryvia reserves the right to amend, update, or revise this Privacy Policy at its sole discretion, without prior notice, in order to reflect changes in applicable laws, regulatory guidance, technological developments, or modifications to our service offerings. All updates will be published on this page with a corresponding revision to the stated "Effective Date."Your continued use of our website or services post-modification signifies your acceptance of the updated terms.