Orva Website: Privacy Policy

Effective Date: April 30, 2025
Last Updated: May 20, 2025

At orvahealth.com (the “Site”), operated by RAIN Technology, Inc. (U.S.) and RAIN Technology ME LTD (UAE) (collectively “Orva,” “we,” “us”), we are committed to protecting the privacy and security of our users and visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), UAE Personal Data Protection Law (PDPL), and the California Consumer Privacy Act (CCPA/CPRA).

1. Information We Collect

We collect personal and non-personal information through the following channels:

a. Information You Provide

  • Contact Forms: When you submit inquiries or requests through our forms, we collect your name, email address, company name (if provided), and the content of your message.

  • Newsletter Signup: Your name and email address if you opt into communications.

b. Automatically Collected Information

  • Device & Browser Data: Including IP address, browser type, operating system, screen resolution, and language settings.

  • Usage Data: Pages visited, time spent on pages, clicks, scrolls, referring/exit URLs, and interaction heatmaps.

  • Performance Metrics: Session duration, load times, error logs, and technical diagnostics.

c. Cookies and Similar Technologies

  • See Section 4 below for detailed information on cookies and tracking.

d. Third-Party Data

  • We may receive anonymized or pseudonymized data from analytics and ad partners such as Google Analytics, Hotjar, Meta (Facebook), LinkedIn, and others, which may include demographic insights or ad interaction metrics.

2. How We Use Your Information

Your data may be used for the following lawful purposes:

  • To Provide Services: Responding to your inquiries or support requests, fulfilling newsletter subscriptions, and delivering content.

  • To Improve the Site: Analyzing user behavior to optimize performance, layout, and usability.

  • To Personalize Experiences: Showing relevant content or offers based on interactions or preferences.

  • For Marketing and Retargeting: Displaying targeted ads through platforms like Google Ads and Facebook Pixel, subject to your consent.

  • To Ensure Security: Detecting and preventing security incidents, fraud, or misuse.

  • To Comply with Legal Requirements: Responding to lawful requests by public authorities, and meeting regulatory obligations.

3. Legal Basis for Processing (GDPR, UAE PDPL)

We process personal data under the following legal bases:

  • Consent: For optional cookies, marketing emails, and third-party analytics. Consent for marketing emails is obtained separately from consent to tracking cookies. You can opt out of either independently.

  • Legitimate Interest: For essential website functionality, security, and aggregated performance metrics.

  • Legal Obligation: When processing is necessary to comply with applicable laws.

  • Contractual Necessity: If you engage with us for a service or inquiry, processing may be necessary to fulfill our obligations.

4. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies to enhance your browsing experience:

a. Types of Cookies

  • Essential Cookies: Enable core functionality such as form submissions, session management, and navigation. These cannot be disabled.

  • Analytics Cookies: Collect anonymized data on site usage and interactions (e.g., Google Analytics, Hotjar). Used only with your consent.

  • Marketing Cookies: Track visits and interactions for advertising purposes (e.g., Meta Pixel, Google Ads, LinkedIn Insight Tag). Activated only with your consent.

b. Managing Preferences

You can manage your cookie preferences or withdraw consent at any time by visiting our [Cookie Settings Page] or adjusting your browser settings.

5. Data Sharing and Third-Party Access

We do not sell your personal data. We may share your data with the following categories of third parties, under appropriate data processing agreements:

  • Service Providers: Cloud hosting (e.g., AWS, Vercel), email and CRM platforms, analytics and monitoring services.

  • Marketing Partners: Ad networks or social media platforms with which we run campaigns.

  • Legal Authorities: When required by law or in response to valid legal process.

All third parties are bound by confidentiality and data protection obligations aligned with relevant privacy laws.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

  • Form Submissions: Retained for up to one year unless deletion is requested earlier.

  • Analytics & Marketing Data: Retained according to vendor-specific defaults (e.g., 14–26 months for Google Analytics).

  • Email Subscriptions: Retained until you unsubscribe or request deletion.

7. International Data Transfers

We may store and process your data in jurisdictions including the United States and the United Arab Emirates. When data is transferred across borders, we ensure:

  • Use of Standard Contractual Clauses (SCCs) or equivalent safeguards.

  • Data hosting in jurisdictions with adequate data protection standards.

  • Vendor due diligence to ensure compliance with applicable laws.

8. Your Rights

Depending on your jurisdiction, you have the following rights:

Under GDPR (EU/EEA) & UAE PDPL:

  • Right to access, correct, or delete your personal data.

  • Right to object to processing or request data portability.

  • Right to withdraw consent at any time.

  • Right to lodge a complaint with a supervisory authority.

Under CCPA/CPRA (California):

  • Right to know what data is collected and how it is used.

  • Right to request deletion or correction of your data.

  • Right to opt out of the sale or sharing of personal information.

  • Right to non-discrimination for exercising your rights.

To exercise your rights, contact us at hello@orvahealth.com with the subject line “Privacy Request.”

9. Data Security

We implement administrative, technical, and physical security measures to protect your personal data from unauthorized access, loss, misuse, or alteration. These include:

  • TLS/SSL encryption

  • Role-based access controls

  • Data minimization

  • Periodic security reviews

However, no method of transmission over the Internet is 100% secure. We encourage you to take appropriate precautions when using our Site.

10. Children’s Privacy

Our Site is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately to request deletion.

11. Changes to This Policy

We may update this Privacy Policy from time to time. All changes will be posted on this page with a new “Last Updated” date. We encourage users to review this page periodically.

12. Contact Us

If you have questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact:

Email: hello@orvahealth.com

U.S. Office:
RAIN Technology, Inc.
5526 W 13400 S #60
Herriman, UT 84096

UAE Office:
RAIN Technology ME LTD
Level 14, Al Sarab Tower
ADGM Square, Al Maryah Island
Abu Dhabi, UAE

© 2025 RAIN Technology ME LTD. All rights reserved.
Website: Terms of UsePrivacy PolicyCookie Policy
Orva (Product): Terms of Service | Privacy Policy | EULA