Privacy Policy

Last updated: May 20, 2026

Privacy is a core product feature of Orgn. As an overview:

  • Orgn is a confidential, private agentic software development environment built for teams that care deeply about privacy and controlled handling of source code, prompts, files, and outputs
  • We do not use customer content Orgn processes for its customers to train large language models, foundation models, or other shared AI systems
  • We do not sell, rent, broker, monetize, or resell customer content or personal information Orgn processes for its customers
  • Our service is designed around zero data retention for customer content, with only momentary processing required to complete the live request
  • We maintain a defense-in-depth security posture for high-confidentiality engineering work, with strict access controls and least-privilege operational practices

What This Policy Covers

This Privacy Policy applies to information we process when you use Orgn's websites, hosted applications, APIs, enterprise AI coding agent infrastructure, support channels, and related services (collectively, the “Services”).

This policy describes how Orgn handles customer data for its customers. It distinguishes between customer content processed through the Services and the limited account, billing-access, security, and support information needed for a user to access and use the platform. Customer content receives the highest confidentiality treatment.

Zero Data Retention and Confidential Handling

For customer content processed through Orgn, our default posture is zero data retention. “Customer content” includes prompts, source code, repositories, files, agent task context, tool inputs, generated outputs, and related development artifacts Orgn processes for customer accounts and workspaces through the Services.

  • We do not retain customer content after processing is complete, apart from the momentary in-memory handling strictly required to serve the live operation
  • We do not build customer profiles from prompts, code, repositories, or agent usage history for advertising, resale, or cross-customer analytics
  • We do not review customer content for product research or model improvement except where you explicitly ask us to do so in a support or incident context
  • We do not retain customer content for government reporting, regulatory reporting, or disclosure preparation under any jurisdiction

Orgn is intended to be a private software development environment for organizations that require confidential, high-trust handling of sensitive engineering workflows.

Information We Collect

Information You Provide to Us

  • Account and organization information, such as names, work email addresses, company names, team membership, and administrative roles
  • Billing and transaction information needed to manage subscriptions, invoices, and payment records
  • Configuration and integration settings you intentionally enable for your workspace or organization
  • Communications you send to us, including support requests, sales inquiries, security questionnaires, and feedback

Limited Operational and Security Data

  • Authentication, session, and access-control events needed to secure accounts and enforce workspace permissions
  • Minimal technical metadata such as IP address, browser or client type, timestamps, and error records needed for fraud prevention, abuse detection, reliability, and incident response
  • Minimal service health, billing-access, and security records needed for the user to authenticate, access, and use the platform

What We Do Not Collect as a Matter of Product Policy

  • We do not intentionally retain prompts, source code, files, agent outputs, or repository content processed by Orgn for its customers as part of normal service operation
  • We do not collect customer content in order to build advertising audiences, sell data products, or train general-purpose AI models

How and Why We Use Information

We use limited information only to the extent necessary to operate a secure, privacy-first service. Specifically, we use information to:

  • Authenticate users, manage workspaces, and enforce permissions
  • Provide the requested AI coding agent functionality and related infrastructure
  • Prevent fraud, abuse, unauthorized access, and security incidents
  • Process billing, invoices, procurement, and enterprise contracting workflows
  • Respond to support requests and maintain service reliability
  • Maintain the minimal account, billing-access, and security records needed for platform access

We do not use customer content Orgn processes for its customers for advertising, profiling, model training, or product analytics unrelated to providing the Service.

No Model Training and No Data Resale

  • We do not use prompts, code, repositories, files, outputs, or agent traces from customer content processed by Orgn for its customers to train Orgn models, third-party models, or shared machine learning systems
  • We do not sell, license, trade, rent, disclose for value, or otherwise resell customer content or personal information processed by Orgn for its customers
  • We do not permit third-party model or infrastructure providers to use customer content processed by Orgn for its customers for their own model training, product improvement, or marketing purposes when processing data on our behalf

Sharing Information

We share information only in narrow circumstances consistent with a confidential enterprise service:

  • With subprocessors and infrastructure providers that need limited access to provide hosting, authentication, billing, support, or model inference on our behalf, and only under binding confidentiality and data protection obligations
  • With your administrators or organization when they manage your account, billing, access, or enterprise workspace
  • We do not retain customer content for legal, regulatory, or government reporting under any jurisdiction
  • To investigate, prevent, or address fraud, abuse, security issues, or threats to the rights and safety of Orgn, our customers, or the public
  • In connection with a merger, financing, acquisition, or reorganization, subject to appropriate confidentiality and continued protection of data rights

Retention

Customer content is handled under Orgn's zero data retention model and is not retained after processing. Orgn does not retain customer content for legal reporting, regulatory reporting, or government agency reporting under any jurisdiction.

Orgn keeps only the minimal account, authentication, session, billing-access, and security information required for the user to access and use the platform.

Security

We design Orgn for teams that expect strong confidentiality. Our safeguards include layered administrative, technical, and organizational controls intended for high-sensitivity software development environments.

  • Least-privilege access controls and restricted internal access paths
  • Encryption in transit and, where applicable, encryption at rest
  • Segmentation, monitoring, auditing, and incident-response procedures
  • Vendor and subprocessor controls designed to preserve confidentiality

Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port personal information we hold about you. You may also have the right to appeal a denial of a privacy request.

  • We do not sell personal information, so there is no sale of customer data to opt out of
  • You may request deletion of account-level personal information we control when it is no longer needed for platform access
  • You may ask us to describe the limited categories of data we process about you
  • We will verify identity before processing a privacy request when required

Third-Party Integrations

If you connect third-party repositories, developer tools, identity providers, or other integrations to Orgn, those services may process data under their own terms and privacy policies. We encourage you to review those policies separately and enable only the integrations your organization approves.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to the Services, legal requirements, or security practices. If we make a material change, we will post the updated policy here and update the “Last updated” date above.

How to Reach Us

If you have questions about this Privacy Policy or want to exercise privacy rights, please contact us at: privacy@orgn.com

© 2026 orgn.dev, inc. All rights reserved.