Privacy Policy

Last updated: May 2026

1. Our Commitment

Oreeti is built on consent. Everything about how we handle data reflects our core belief: connection should be intentional, not extracted. We collect only what we need, share only what you choose, and protect everything in between.

2. What We Collect

From organizers: name, email address, and M-Pesa phone number for payouts. From guests: name, email, and optionally phone number at registration. Guests also create a profile with display name, role, organisation, bio, and one link. We collect event interaction data: networking activity, connections, handshakes, QR scans, and check-in status.

3. What We Do Not Collect

We do not collect M-Pesa PINs or payment card details. We do not collect location data. We do not collect device contacts. We do not run advertising trackers. We do not build behavioral profiles for third-party use.

4. How Your Profile Works

Your guest profile has three visibility states. Invisible: networking is off, nobody sees you. Visible: networking is on, other active guests see your first name and initial only. Unlocked: you have mutually connected and completed a QR scan — full profile visible only to that person. You control your visibility at all times.

5. Who Can See What

Other guests see your first name and initial only when you are networking. Full profile details are only visible to guests you have mutually unlocked. Organizers can see your registration details: name, email, phone, ticket type, and check-in status. Organizers cannot see your networking activity or who you connected with.

6. Payments and Financial Data

Ticket payments are processed via M-Pesa through Safaricom Daraja. We store payment status and M-Pesa receipt numbers for reconciliation only. We do not store full M-Pesa account details. Organizer payout details are stored securely and used only for transferring ticket revenue.

7. Data Storage and Security

Your data is stored on Supabase infrastructure with row-level security — each user can only access data they are permitted to see. API routes are rate-limited and inputs are sanitized. All data is transmitted over HTTPS. Authentication is handled via secure magic links — no passwords stored.

8. Data Sharing

We do not sell your data. We do not share your data with advertisers. We share data with infrastructure providers (Supabase, Vercel, Safaricom) solely to operate the platform. We may share anonymized aggregated data for product research.

9. Your Rights

You have the right to access, correct, or delete the data we hold about you. You have the right to withdraw consent for data processing. To exercise these rights email hello.oreeti@gmail.com with subject 'Data Request'.

10. Cookies

Oreeti uses minimal cookies for authentication only. No tracking cookies. No advertising cookies. No third-party analytics that follow you across other websites.

11. Children

Oreeti is not intended for users under 18 years of age. We do not knowingly collect data from minors.

12. Changes

We may update this policy as Oreeti evolves. We will notify you of significant changes via email.

13. Contact

For privacy questions or data requests email hello.oreeti@gmail.com. We aim to respond within 48 hours.