Get started

Legal

Privacy Policy

Effective24 April 2026Version1.0Read10 min

This Privacy Policy explains how OREE Technologies Ltd collects, uses, shares, stores and otherwise processes personal data in connection with oreeai.com and the OREE platform. It covers both situations where OREE acts as an independent controller and situations where OREE acts as a processor for customers.

Who we are

Controller contact: OREE Technologies Ltd, 24 Ferrars Way, Cambridge, CB4 3RE, privacy@oreeai.com.

Company number: 16801077. ICO registration number: ZC130611.

If OREE processes personal data on behalf of a customer as a processor, that customer remains primarily responsible for its own privacy notices and lawful basis for the relevant processing.

Scope

This Privacy Policy applies to website visitors, trial users, customers, users, prospects whose data appears in the Services, recipients of communications sent using the Services, and other individuals whose data OREE processes in connection with operating and improving the Services.

A separate Cookie Notice and cookie consent mechanism will apply where cookies or similar technologies are used on the website or platform.

Categories of personal data

OREE may process the following categories of personal data, depending on how the Services are used:

  • Account and profile data, such as names, work email addresses, business phone numbers, job titles, employer names, account credentials and permissions.
  • Billing and transaction data, such as plan details, invoices, payment status and related records.
  • Prospect and contact data, such as business contact details, employer information, job titles, business social profile information, post/activity data, company website data, enrichment data and other B2B intelligence.
  • Campaign and content data, such as prompts, generated sequences, message drafts, sent messages, replies, objections, suppression events, notes, call scripts, CRM synchronisation data and performance metrics.
  • Mailbox and messaging metadata, such as send logs, open and reply events, bounce data, unsubscribe events and account connection status.
  • Video and media data, such as recorded or uploaded business video messages and related metadata.
  • Technical and usage data, such as IP addresses, device and browser details, log files, feature usage, error data, session analytics and security telemetry.

How we collect personal data

OREE may collect personal data directly, indirectly and automatically, including from:

  • the customer or its users when accounts are created, settings are configured, content is generated, or integrations are connected;
  • publicly available business sources such as company websites and business social profiles where permitted by law;
  • third-party data providers, enrichment providers, CRM systems, email systems, analytics systems, payment providers and service providers;
  • communications with OREE, support requests, demos and marketing interactions;
  • automatic collection through the website, platform, cookies, logs and security tools.

Controller and processor role map

OREE processes personal data in different roles depending on the purpose of the processing.

OREE is not both controller and processor for the same processing activity. The same item of personal data may nonetheless be processed for different purposes in different roles.

Where OREE acts as a processor, OREE processes personal data on the customer's documented instructions as reflected in the Services configuration, these terms and any additional written instructions accepted by OREE.

Where OREE acts as a controller, OREE determines the purposes and means of the relevant processing itself and is responsible for that processing under applicable data protection law.

Purposes of processing and legal bases

OREE processes personal data for the purposes set out in this Privacy Policy, including providing and operating the Services, securing the Services, billing, customer support, legal compliance, product analytics, improvement and maintaining B2B prospect intelligence.

Where OREE or a customer relies on legitimate interests, those interests may include operating a B2B software platform, protecting the business, improving products, preventing abuse, supporting business development, and maintaining prospect intelligence. This does not override any rights or legal restrictions that apply in a specific jurisdiction.

Direct marketing rules vary by recipient type and territory. In the UK, rules under PECR differ between corporate subscribers and individual subscribers such as sole traders and some partnerships. Customers are responsible for assessing those rules for their campaigns.

Where consent is required by law, OREE or the relevant customer will seek it before the relevant processing.

Data sharing

OREE may share personal data with:

  • service providers and subprocessors that help deliver hosting, authentication, email connectivity, messaging, analytics, payments, support, logging, transcription, media processing and other operational services;
  • customers and their authorised users;
  • professional advisers, auditors, insurers and acquirers;
  • regulators, law enforcement and courts where required by law or where necessary to protect rights, safety or the Services;
  • other parties where the individual has asked us to or consented to it.

OREE does not treat this Privacy Policy as permission to sell consumer personal data in the consumer-advertising sense. However, some US laws define "sale" or "sharing" broadly. To the extent those laws apply, the California and US state section below describes those rights and disclosures.

International transfers

OREE primarily intends to host core data in the UK, but some processing, support functions, backups or service providers may be located in or accessible from the UK, the EEA, the US or other countries.

Where required, OREE will use appropriate safeguards for restricted transfers, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, adequacy regulations, or another lawful transfer mechanism.

Retention

OREE keeps personal data only for as long as needed for the purposes described above, unless a longer period is required by law, necessary to resolve disputes, or necessary to protect the Services.

Data subject rights

Depending on location and the applicable law, individuals may have rights to access, correct, delete, restrict, object, port or otherwise control personal data. Individuals may also have the right to complain to a supervisory authority.

Objections to direct marketing should be honoured promptly. OREE may keep minimal suppression information to ensure those objections are respected in the future.

Requests may be sent to privacy@oreeai.com. If OREE acts only as a processor for the relevant processing, OREE may direct the requester to the relevant customer controller.

California and US state privacy disclosures

If US state privacy laws apply, OREE may collect categories of personal information broadly corresponding to identifiers, internet or electronic network information, professional or employment-related information, commercial information, audio or visual information, and inferences drawn from those categories.

OREE uses those categories for the purposes described in this Privacy Policy, including providing the Services, securing the Services, analytics, product improvement, customer support, billing, legal compliance and maintaining B2B prospect intelligence.

Certain US laws define "sale", "share" or "targeted advertising" broadly. Where those laws apply, individuals may have rights to know, delete, correct, opt out of sale or sharing, appeal certain decisions and limit certain processing. Requests may be sent to privacy@oreeai.com.

OREE does not knowingly process personal information of children under 16 for sale or targeted advertising. The Services are intended for business use.

Cookies and similar technologies

OREE uses or may use cookies, pixels, SDKs, local storage, analytics tools, session replay tools and similar technologies on the website and platform.

A separate Cookie Notice and cookie settings mechanism should be implemented before non-essential cookies or similar technologies are deployed. Non-essential cookies should not be placed until the required consent has been obtained where applicable.

Categories may include strictly necessary cookies, analytics cookies, advertising or remarketing cookies, product analytics, session replay or heatmap tools, and embedded media technologies.

Security

OREE uses technical and organisational measures appropriate to the nature of the processing and the risks involved. Measures may include role-based access controls, audit logging, encrypted transmission, restricted administrative access, backups and incident management procedures.

At launch, OREE represents encrypted transmission in transit. Additional measures, including encryption at rest, multi-site resilience and enhanced identity controls, may be introduced as the Services mature.

Automated processing and profiling

OREE may use automated analysis, scoring, ranking, profiling or pattern recognition in relation to prospecting, message generation, lead prioritisation, product analytics and abuse detection. These outputs are intended to support business users and are not guaranteed to be accurate.

Where legally required, OREE will provide additional information about significant automated decision-making.

Changes to this Privacy Policy

OREE may update this Privacy Policy from time to time. If a change is material, OREE will post an updated version on oreeai.com and may provide additional notice through the platform or by email.