Privacy Policy

Effective Date: April 27, 2026

This Privacy Policy explains how Origin Social LLC ("Origin Social," the "Company," "we," "us," or "our") collects, uses, and shares information collected from or about you when you use, access, or interact with Juno, Astra, and Numa, and any application, website, feature, product, or other service that links to this Privacy Policy (collectively, the "Services").

1. Information We Collect and How We Collect It

As Origin Social LLC is headquartered in the United States, we process data globally. If you are located in the EEA, UK, or Switzerland:

  • Controller: Origin Social LLC is the controller of your personal data for the processing described in this Privacy Policy.
  • EU and UK Representation (GDPR Art. 27): We are currently finalizing the appointment of our formal designated representatives within the European Union and the United Kingdom, pursuant to Article 27 of the General Data Protection Regulation (GDPR) and the UK GDPR. In the interim, you may contact our central privacy team directly on all issues related to our processing of personal data of individuals in the EEA and the UK.
  • Contact: You can reach us for all privacy-related inquiries or data subject rights requests at privacy@originsocial.ai. We are fully equipped to honor your rights and address your concerns through this channel.

1a. Data We Collect From You

  • Account Data: Phone number, email address, and date of birth.
  • Profile & Demographic Data: Name, age, gender, sexual orientation, location, occupation, and matchmaking preferences.
  • Conversational & Voice Data (Recording/Interception Notice): We collect the full text of your conversational inputs to our artificial intelligence ("AI") and the AI-generated responses. When you interact via voice calls, we process your voice audio. By using the Services, you explicitly consent to the recording, interception, routing, transcription, and processing of your voice and text inputs by us and our service providers for the purposes described in this Policy.
  • Sensitive Personal Information: You may voluntarily disclose sensitive personal information, such as sexual orientation or religious beliefs, in your profile or conversations.
  • Content: Photos, videos, and other content you post. If you upload screenshots of third-party profiles or text threads, we process this solely to provide coaching services to you.
  • Customer Support Data: Information you provide when contacting us, including reports involving other members.
  • Payment Information: Origin Social does not collect, process, or store your full credit card number, bank account details, or raw financial data.

1b. Data Generated or Automatically Collected

  • Usage Data: Activity on the Services (logins, features used, matches).
  • Technical & Location Data: IP address, device ID, browser type, and approximate location.
  • Meeting Data: Time, location, and logistics of meetings coordinated through the Services.
  • Cookies and Local Storage: We use cookies and similar technologies to keep the Services secure, study traffic, and personalize your experience. Most web browsers provide you with the ability to disable, decline, or clear cookies and local storage. Please check your browser's settings for further information. Note that if you disable cookies, it may affect your ability to use certain parts of the Services.
    • In the EEA/UK, we place or read non-essential cookies and similar technologies (including analytics and advertising) only after you give prior consent. Consent must be an affirmative, freely given choice and non-essential cookies are not set before consent. We provide clear information about each technology, and allow you to accept or reject with equal prominence and to change your choice at any time. "Legitimate interests" is not relied on for advertising or analytics cookies under PECR or ePrivacy.
    • For Quebec residents, we deploy non-essential cookies and similar technologies only after your explicit opt-in, and apply confidentiality-by-default settings for features that process personal information, consistent with Quebec Law 25.
  • Pixel Tags & Embedded Scripts: Small graphic images and programming code used to collect data about your interactions with the Services.
  • Mobile Devices and SDKs: We use Software Development Kits (SDKs) to collect data through mobile devices, such as hardware models and Advertising IDs.
  • Session Replay Technology: We may record your interactions with the Services (pages visited, links clicked) using session replay technology for internal analytics, troubleshooting, and improving functionality.

1c. Data Collected from Third-Party Platforms

Our Services integrate with third-party artificial intelligence providers and voice infrastructure services, and we may receive limited data from them in order to provide the Services. If you interact with or log in through third-party platforms (like social media), we will receive data about you from that platform. When you choose to link or log in via third-party accounts, you are directing that platform to share data with us. The data collected and stored by the third party remains subject to their respective privacy policies and practices, including what data they share with us and your choices regarding data visibility on their platform. We are not responsible for these third parties' privacy practices. Note, our list of approved third-party service providers which we share data with, that perform core AI and voice processing on our behalf, may be updated periodically.

2. Why and How We Use Your Data

We process your data to provide core services, facilitate AI matchmaking and coaching, improve our algorithms, ensure safety, and for marketing.

  • Voice Recording & Transcript Storage: We store the audio recordings of your voice and the resulting text transcripts on our cloud infrastructure (e.g., AWS) to provide continuity for your coaching and matchmaking sessions. We may also use de-identified data derived from such recordings to develop, test, and improve our AI models. Where applicable law provides an opt-out of "sale," "sharing," or "targeted advertising," we will honor your choices and any valid opt-out preference signal you or your browser sends us.
  • De-Identified and Aggregated Data: We may de-identify or aggregate personal data so that it can no longer reasonably be used to identify you. We treat de-identified or aggregated data as non-personal to the fullest extent allowed by applicable law and may use and share such data for any lawful purpose, including to develop, test, and improve our AI models. We maintain and use de-identified data without attempting to re-identify it. Rights of access, deletion, or correction generally do not apply to de-identified or aggregated data.
  • Automated Decision-Making & AI Matchmaking: Our Services heavily utilize AI and algorithms to analyze your Profile Data, preferences, and AI Interactions to generate personalized matches, coaching outputs, and profile critiques. While these automated processes are core to providing the Services, they do not produce legal or similarly significant effects (such as determining creditworthiness or employment). We also do not make decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects about you. If you have questions about how our AI systems generated a particular output or match, please contact our support team. Upon request, we will provide a plain-language explanation of the principal factors that most influenced that AI output or match, consistent with applicable law.
  • For Canada only: If we experience a breach that creates a real risk of significant harm, we will report to the Office of the Privacy Commissioner of Canada and/or the Commission d'accès à l'information du Québec, notify affected individuals, and keep records of all breaches of security safeguards, as required.

3. How We Share Data

  • 3a. Other Members: Your public Profile Data is shared with other members to facilitate connections.
  • 3b. Third-Party AI & Partners: Your Profile Data, Content, and AI Interactions are shared with various third-party voice infrastructure providers, large language models (LLMs), and AI processing partners to provide core functionality. Because we continually test and upgrade our AI capabilities, our list of active subprocessors is dynamic and may change over time.
    • Please Note: When transmitting your conversational data to third-party LLM providers, we utilize enterprise-grade API agreements. Under these agreements, our AI partners act as our processors and are contractually prohibited from using your personal data or conversational inputs to train, retrain, or improve their public-facing consumer AI models. Our list of approved third-party vendors and partners we share data with, that perform core AI and voice processing on our behalf, may be updated periodically from time-to-time.
  • 3c. Affiliated Brands: We may share your information within our family of brands (including Juno, Astra, & Numa) for business and direct marketing purposes.
  • 3d. Service Providers: We disclose data to service providers for data hosting, analytics, and security operations.
  • 3e. Administrative and Legal Reasons: We may disclose information to satisfy laws, protect the integrity of the Services, cooperate in law enforcement investigations, or protect health and safety.
  • 3f. Business Transactions: In the event of a merger, acquisition, or sale of assets, we may transfer your personal information to the successor organization.
  • 3g. SMS/Text Messaging Data (Carrier Compliance): Notwithstanding any other provision in this Privacy Policy, text messaging originator opt-in data and consent will not be sold, shared, or disclosed to any third parties for their own marketing purposes. This information is only shared with our immediate aggregators and telecom service providers strictly to facilitate the delivery of our text messages to you.

4. Third-Party Advertising

We work with third-party advertising companies that may set tracking technologies to provide targeted advertising. You can manage your online behavioral advertising preferences through the Digital Advertising Alliance (DAA) at optout.aboutads.info or the Network Advertising Initiative (NAI) at optout.networkadvertising.org. We treat user-enabled global privacy controls, such as the Global Privacy Control (GPC), as a valid request to opt-out of sale/sharing for the browser or device and, if known, the associated consumer profile, and we process such requests in a frictionless manner. Where our systems detect a valid opt-out preference signal (e.g., GPC), we will apply it to that browser or device and to any consumer profile we associate with that browser or device. If you are logged in, we will also apply the signal to your account. We display whether your opt-out preference signal has been honored within our privacy settings. Information on how to implement opt-out preference signals (e.g., GPC) is available at globalprivacycontrol.org.

In the EEA/UK, we send electronic marketing communications and place/read non-essential cookies or similar tracking technologies only with your prior consent, which you may withdraw at any time through our preference tools or the unsubscribe link.

5. Data Security

We implement commercially reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, or disclosure. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your highly sensitive conversational and profile data, we cannot guarantee its absolute security, and you provide your data to the Services at your own risk.

6. How Long We Retain Your Data

We retain your personal data for as long as reasonably necessary to provide the Services, comply with obligations, and enforce our Terms. Because retention periods vary depending on the type of data, the criteria used to determine our retention schedules include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal or accounting obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as applicable statutes of limitations, litigation, or regulatory investigations). Furthermore, we retain your conversational data, including transcripts, for as long as necessary to provide and improve the AI companion experience. This includes short-term processing by voice infrastructure providers (retained up to 14 days) and long-term secure cloud storage to maintain your continuous AI profile. Meeting metadata (time, general location) is retained for up to 24 months for safety and fraud prevention. We retain deletion request logs and suppression records as required by law. If we learn we have collected personal information from an individual under 18, we will promptly delete that information and terminate the account.

7. General Audience Services & COPPA

Our Services are restricted to individuals who are 18 years of age or older. We also do not knowingly collect personal information from children under the age of 18. If we become aware that we have inadvertently collected personal information from a child under an applicable legal minor age, we will take immediate steps to delete such information from our systems.

8. Privacy Policy Changes

We reserve the right to change this Privacy Policy at any time. We will inform you by posting a notice on the Services. Your continued use constitutes consent to those changes.

9. Consent to International Transfer of Data

We are a US-based company. By using our Services, you unambiguously consent to the transfer, processing, and storage of your information in the United States and other jurisdictions, which may have different privacy laws than your country. As a result, your information may be subject to access requests from governments, courts, or law enforcement in the United States according to its laws.

  • If you are a resident of Quebec and we communicate your personal information outside Quebec (including to the United States), we assess the legal protections of the destination jurisdiction, implement appropriate safeguards, and inform you about the cross-border communication, consistent with Quebec Law 25. We will document such assessments and ensure appropriate contractual safeguards are in place with recipients.
  • When we transfer personal data outside the EEA/UK (including to the United States), we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and, for the UK, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs. Where required, we perform transfer risk/impact assessments and implement supplementary measures.

10. User Rights & Data Deletion (CCPA & PIPEDA)

Depending on your jurisdiction (including Canadian residents under PIPEDA), you have the right to request access to, correction of, deletion of, and a portable copy of your personal data.

  • How to Submit a Request: You may request the deletion of your account and data by emailing us at privacy@originsocial.ai. We currently process all deletion requests manually via our support team. We will respond to your request within the timeframes required by applicable law (e.g., within 45 days under CCPA, or 30 days under PIPEDA). For instance, we will respond to Canadian access or correction rights within PIPEDA timelines, and provide the OPC complaint route. To help us process your request efficiently, please email us from the email address associated with your account and include your full name and phone number. We may require additional information to verify your identity prior to fulfilling your request. This may include requiring you to verify your own identity directly with us before processing the request. Please note that we may have a legal reason to deny your deletion request.
  • Authorized Agents: California residents may use an authorized agent to submit a request to know, delete, or opt-out on their behalf. If you use an agent, we require the agent to provide proof of your signed permission, and we may require you to verify your own identity directly with us before processing the request.
  • Verification & Right to Deny: We may require additional information to verify your identity prior to fulfilling your request. Please note that we may have a legal reason to deny your deletion request or delete data in a more limited way than you anticipated (e.g., to comply with a legal obligation, resolve disputes, or enforce our agreements).
  • Right to Appeal: If we decline to take action regarding your privacy request, we will notify you of our justification. Depending on your state of residence, you may have the right to appeal our decision by replying directly to our denial email. If your appeal is denied, we will provide you with information on how to contact your state's Attorney General to submit a complaint.
  • We will not discriminate against you for exercising your privacy rights.

Additional Notice for California Residents (CCPA/CPRA) and Residents of other States such as Virginia, Colorado, Connecticut, and Texas

Under the California and other US state Consumer Privacy Acts, as amended, such residents have specific rights.

  • Categories of Data Collected & Disclosed: In the preceding 12 months, we have collected the categories of personal information described in Section 1 (including identifiers, commercial information, internet activity, geolocation data, audio/electronic data, and sensitive personal information). We have disclosed these categories for a business purpose to our service providers, and we may have "shared" internet activity data (via cookies/pixels) with third-party advertising partners.
  • Right to Opt-Out of Sale, Sharing, Targeted Advertising, and Profiling: We use third-party analytics and advertising trackers that may constitute a "sale," "sharing," or "targeted advertising" of your technical and usage data for cross-context behavioral advertising. Furthermore, depending on your state, you may have the right to opt-out of automated "profiling" in furtherance of decisions that produce legal or similarly significant effects. You have the right to opt out of these activities by clicking the "Do Not Sell or Share My Personal Information" link in settings or footer of our website.
  • Universal Opt-Out Mechanisms (UOOMs), Global Privacy Controls (GPC), & Do Not Track: We recognize and process qualifying opt-out preference signals (e.g., GPC) as described in Section 4. We do not currently respond to Do Not Track (DNT) signals. If our systems detect a valid GPC signal from your browser, we will automatically process it as a request to opt out of the sale, sharing, and targeted advertising of your personal information, for cross-context behavioral advertising, on that browser or device (and, if you are logged in, to your account) in accordance with applicable state laws. However, because there is no widely accepted standard for traditional "Do Not Track" (DNT) browser signals, we do not currently respond to DNT signals.
  • Right to Limit Use of Sensitive Personal Information: You have the right to direct us to limit the use of your sensitive personal information (such as sexual orientation) strictly to the purposes necessary to perform the Services. Where applicable under state law, you may direct us to limit our use and disclosure of your sensitive personal information to those purposes necessary to provide the Services.
  • California "Shine the Light" Law (Cal. Civil Code Sec. 1798.83): California residents may request a list of the categories of personal information (if any) we disclosed to third parties or affiliates for their direct marketing purposes in the preceding calendar year. To make such a request, please email privacy@originsocial.ai with "California Shine the Light Request" in the subject line.

Notice to Nevada Residents

Under Nevada law, certain Nevada consumers may opt out of the sale of "personally identifiable information" for monetary consideration. While Origin Social does not currently sell your data in a way that triggers this statute, Nevada residents may submit a contingent opt-out request by emailing privacy@originsocial.ai with "Nevada Opt-Out Request" in the subject line.

Notice to Canada Residents (Commercial Electronic Messages)

For Canadian residents, our commercial electronic messages identify Origin Social LLC (or the applicable brand), include our mailing address and either a telephone number, email address, or web address, and include a functional unsubscribe mechanism. We honor unsubscribe requests within 10 business days. Our unsubscribe mechanism remains functional for at least 60 days after the message is sent.

Notice to EEA/UK Residents

Subject to legal limits, you have the right to request access, rectification, erasure, restriction, and portability, and to object to processing based on our legitimate interests at any time. You may also object at any time to processing for direct marketing (including related profiling). Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK; in the EEA see https://edpb.europa.eu/about-edpb/board/members_en).

11. Additional Notice to European Economic Area (EEA), Swiss, and United Kingdom (UK) Residents

If you are a resident of the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), this section applies to you and supplements our general Privacy Policy. Origin Social LLC acts as the "Data Controller" of your Personal Data under the General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Data Protection Act.

A. Lawful Bases for Processing

We only process your Personal Data when we have a valid legal basis, which includes:

  • Performance of a Contract: To provide the Origin Social Services to you according to our Terms of Service (e.g., account creation, delivering AI companion interactions).
  • Consent: When you have provided explicit, affirmative consent for specific processing activities (e.g., marketing communications or specific voice AI data processing). You may withdraw this consent at any time.
  • Legitimate Interests: Provided these interests are not overridden by your data protection rights, to operate, secure, and improve and develop our Services, ensure network and I.T. security, prevent fraud, and maintain the integrity of our AI systems, supporting internal administration, and conducting data analytics analyses to review and better understand consumer interaction and direct marketing and advertising purposes.
  • Legal Obligation: To comply with applicable laws and regulatory requirements.

B. Your Data Subject Rights

Subject to applicable law, you possess the following rights regarding your Personal Data:

  • Right of Access & Portability: You may request a copy of the Personal Data we hold about you in a structured, commonly used, and machine-readable format.
  • Right to Rectification: You may request that we correct any inaccurate or incomplete Personal Data.
  • Right to Erasure ("Right to be Forgotten"): You may request the deletion of your Personal Data, subject to certain legal exceptions.
  • Right to Restrict or Object to Processing: You may object to our processing of your Personal Data for direct marketing purposes or when based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. Where we process special categories of data (e.g., such as sensitive information you voluntarily choose to provide in your profile or conversations), we do so only with your explicit consent, which you may withdraw at any time.

To exercise any of these rights, please contact us at privacy@originsocial.ai. We will respond to your request within 30 days.

C. International Data Transfers

Origin Social is based in the United States. If you access our Services from the EEA, UK, or Switzerland, your Personal Data will be transferred to, stored, and processed in the US. When we transfer your data across borders, we rely on legally recognized transfer mechanisms, including the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, ensuring your data receives an adequate level of protection.

D. Right to Lodge a Complaint

If you believe our processing of your Personal Data violates applicable data protection laws, you have the right to lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority in the EEA, the Information Commissioner's Office (ICO) in the UK, or the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland).

12. Contact Us & Privacy Officer

To submit a privacy request or contact our designated Privacy Officer (person in charge of personal information) regarding our compliance with applicable privacy laws, please contact us at:

Origin Social LLC
268 Post Rd, Ste 200
PMB 103432
Fairfield, Connecticut 06824-6220, US

privacy@originsocial.ai (Please include "ATTN: Privacy Officer" in the subject line).