Oryx

Last updated 9 May 2026

Privacy Policy

1. Introduction

Oryx (“Oryx”, “we”, “us”) is a personal life-organization service operated by an independent developer based in Spain. This Privacy Policy explains what information we collect when you use Oryx at oryx.vitalstack.dev, why we collect it, who we share it with, and how you can exercise your rights.

This policy is effective from 9 May 2026.

2. Information we collect

Account information

When you create an account, we store:

  • Your email address
  • Your full name (optional)
  • A bcrypt-hashed password if you sign up with email and password — we never store your password in clear text
  • If you sign in with Google: your Google account identifier (sub), email-verified flag, and the name returned by Google

Profile information

To personalise your daily briefing we may store, all of these optional:

  • Timezone, country code, city, region, latitude, longitude
  • Locale (e.g. en-GB)

You can either provide these yourself in Settings, or use the “Detect my location” button which calls a third-party IP-geolocation service (see section 4).

Categories

The life-area categories you select from our presets, and any custom categories you create (name, icon, colour).

Integration tokens

If you connect Google Calendar or Google Tasks, we store the OAuth access and refresh tokens issued by Google. These tokens are encrypted at rest using Fernet symmetric encryption with a key held in Google Cloud Secret Manager.

Authentication tokens

When you are signed in, your browser holds two JSON Web Tokens (JWTs) in localStorage: an access token (valid 30 minutes) and a refresh token (valid 365 days). These are stateless and contain only your user ID and expiry; they are signed by us with HS256 and are not readable by third parties.

Briefing context

To produce your daily AI briefing we assemble — for the current day only — your weather, public holidays in your country, your Google calendar event titles and times, the labels of the life-area categories you have selected, your name, locale, city and country.

3. How we use your information

  • To create and authenticate your account
  • To deliver the service: render your dashboard, sync events, run reminders
  • To generate your daily AI briefing (see section 4 on what we send to Anthropic)
  • To respond when you contact us
  • To protect the service against abuse and to comply with legal obligations

Lawful basis (GDPR Art. 6). Performance of contract for providing the service to you; legitimate interest for security, fraud prevention and minimal operational analytics; and your consent where you explicitly opt in (e.g. when connecting Google Calendar).

4. Third parties we share with

Google (OAuth, Calendar API, Tasks API)

If you connect Google we exchange OAuth tokens with Google, read your calendar events, and — when you create an event in Oryx — write events back on your behalf. We comply with the Google API Services User Data Policy, including the Limited Use requirements. Google data is never sold and is never used to serve advertising.

AI model providers (Anthropic, Google, OpenAI, Groq)

We call leading AI APIs to generate your daily briefing and other AI features. Depending on your tier and which feature is running, your request may be processed by Anthropic, Google (Gemini), OpenAI, or Groq. The specific model we route to may change over time as providers release improvements; we don't commit to any one provider. The per-request prompt contains: weather summary, today's calendar event titles and start/end times, upcoming public holidays, the labels of the life-area categories you have selected, your name, locale, city and country.

We do not send any AI provider:

  • Raw OAuth access or refresh tokens
  • Your password or any credential
  • The full descriptions, notes or attendee lists of your calendar events
  • Documents or other private content you have not asked Oryx to brief on

Each provider's data-handling terms apply to that processing. None of these providers trains its models on inputs sent through their API by default, and Oryx never opts in to training on your data.

Open-Meteo (weather)

We send latitude, longitude and timezone to Open-Meteo's free weather API. No account, no API key, no personal identifier is sent.

ipapi.co (IP geolocation)

Used only when you click the “Detect my location” button. Your public IP address is sent to ipapi.co; we receive timezone, country, city, latitude, and longitude in return.

python-holidays (offline)

This is an offline Python library. No data leaves Oryx.

We do not use third-party analytics, advertising networks, or social-media trackers.

5. International data transfers

Oryx's application server (Cloud Run) and database (Cloud SQL, PostgreSQL 16) are hosted on Google Cloud Platform in the us-central1 region (Iowa, USA). Secrets are held in Google Cloud Secret Manager.

If you are in the European Economic Area or the United Kingdom, your personal data is transferred to the United States. The transfer relies on Google Cloud's contractual commitments under the EU Standard Contractual Clauses and Google's certification under the EU-US Data Privacy Framework.

6. Data retention

  • Account data: kept until you ask us to delete it.
  • OAuth tokens: kept until you disconnect the integration in Oryx Settings, or revoke the OAuth grant from your Google account.
  • Briefings: cached server-side in memory for 30 minutes per user, then evicted; also cleared whenever the Cloud Run instance restarts.
  • Weather: cached server-side for 1 hour per location.
  • Database backups: Cloud SQL automated daily backups with 7-day retention.

7. Security measures

  • Passwords are hashed with bcrypt before being written to the database.
  • OAuth tokens are encrypted at rest using Fernet symmetric encryption.
  • All traffic between your browser and Oryx uses HTTPS (TLS 1.2 or higher).
  • JWT tokens are signed with HS256 using a key held in Google Cloud Secret Manager.
  • Production secrets (encryption key, OAuth client secret, JWT signing key) are stored in Google Cloud Secret Manager, not in source code or environment variables.

No system can be made perfectly secure. We do our best, and we will notify affected users without undue delay if we learn of a personal-data breach that is likely to result in a risk to your rights and freedoms.

8. Your rights

If you are in the EEA or the UK, the GDPR (and its UK equivalent) gives you the following rights. We honour the same rights for users elsewhere as a matter of policy.

  • Access — ask for a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data. Most fields can be edited directly in Settings.
  • Erasure — ask us to delete your account. Email us with the subject “Delete my Oryx account”. We action requests within 30 days. We do not yet offer a self-serve delete button; this is on our roadmap.
  • Portability — receive your data in a machine-readable format. Email us.
  • Object / restrict — object to a particular processing activity or ask us to restrict it.
  • Withdraw consent — where we rely on your consent (e.g. Google Calendar), disconnect the integration in Settings or revoke the OAuth grant directly in your Google account.
  • Lodge a complaint — if you are in Spain, you may complain to the Agencia Española de Protección de Datos (AEPD); if you are elsewhere in the EU/UK, your local supervisory authority.

To exercise any of these rights, email gnstudenko.apps@gmail.com.

9. Children

Oryx is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has signed up, please contact us and we will delete the account.

10. Changes to this policy

We may update this policy when the service changes or when we are required to. The “Last updated” date at the top of the page reflects the latest revision. For material changes we will give notice in-app or by email before they take effect.

11. Contact

You can reach us at gnstudenko.apps@gmail.com. Oryx is operated from Spain.