Effective June 25, 2026

Privacy Policy

Oris is a private beta personal finance application. This policy explains what data Oris processes when you use the service, including when you connect bank accounts through Enable Banking.

Controller and Contact

For data protection matters, contact the Oris application owner at kassai.kaym@gmail.com.

The public web application is available at https://oris-webapp.kaymkassai.com. The backend API is available at https://oris-api.kaymkassai.com.

Data We Process

• Account profile data such as email address, timezone, base currency, authentication sessions, and security logs.
• Banking data retrieved with your consent, including account information, balances, transactions, bank connection status, and consent metadata.
• Financial organization data you create in Oris, such as budgets, transaction notes, exclusions, categories, CSV imports, projects, simulations, and plans.
• Technical data needed to operate and secure the service, including request metadata, audit records, error traces, and rate-limit signals.

Why We Process Data

• To authenticate you and protect access to your account.
• To connect to supported banks after explicit consent and synchronize account information.
• To calculate balances, spending summaries, budgets, project simulations, and draft plans.
• To provide data export and deletion request workflows.
• To monitor reliability, prevent abuse, debug errors, and maintain auditability.

Bank Connections

Oris uses Enable Banking as an account information service provider. You are redirected to your bank or Enable Banking to authorize access. Oris stores connection records and encrypted identifiers needed to retrieve and refresh account data. You can disconnect a bank connection from the application.

Legal Basis

Banking data is processed based on your explicit consent and your request to use Oris financial features. Security, audit, and operational records may be processed for legitimate interests in protecting and operating the service.

Sharing

Oris does not sell personal data. Data may be processed by infrastructure, email, database, logging, or open banking providers only as needed to operate the service. Bank access is handled through Enable Banking and the relevant bank authorization flow.

Retention

Oris keeps data while your account or testing access is active, unless a shorter period is required for security, consent, or deletion workflows. You may request export or deletion from the application settings area.

Security

Oris uses access tokens, refresh-token rotation, OTP step-up checks for sensitive actions, encrypted storage for sensitive banking identifiers, and audit logs for security-relevant operations.

Your Rights

Depending on applicable law, you may request access, correction, export, deletion, restriction, or objection to processing of your personal data. Contact kassai.kaym@gmail.com for data protection requests.