Ask AI
Help Center
How can we help? 👋
All Categories
Security & Legal Fine Print
Terms & Conditions - ORCA Sonar: Automated Data Extraction from Files Addendum

Terms & Conditions - ORCA Sonar: Automated Data Extraction from Files Addendum

💡
Last updated: Dec 3rd, 2025

Introduction

ORCA Sonar automatically extracts data from Files using AI models and enables this data to be added into a Vault.

AI processing requires temporary handling of unencrypted data during analysis. This document explains how  data is processed, what third parties are involved, and to whom the data is visible at which stage(s) of the process.

By activating ORCA Sonar, you agree that this document is an extension of ORCA’s Privacy Policy and Terms and Conditions.

Key Messages

  • ORCA Sonar automatically extracts data from Files using AI models and enables this data to be added into a Vault.
  • Confidentiality: The files processed by Sonar, the data automatically extracted from them, and the prompt used to extract the data are never used to train AI models.
  • Zero Retention: Files, prompts, and outputs are deleted immediately after processing.
  • Encryption in Transit: Files uploaded via Sonar are encrypted in transit (via TLS).
  • Temporary Access: ORCA has theoretically the means to access the contents of your files and prompts during processing (but not after).
  • European Compliance: All data processing occurs within Europe, in compliance with EU data protection laws (including GDPR).
  • AI Model: As per the date of this document, ORCA uses OpenAI's GPT 5.1. model (subject to change).
  • Output accuracy: The data extracted and presented to you is not deterministic and may be inaccurate or incomplete. ORCA is not responsible for incorrect data storage as a result of an AI analysis, and the User is required to review and validate the information at all times.

AI Model

Which provider and model is used?

ORCA utilizes OpenAI models for its AI services. As of the last update of this T&C, ORCA is specifically operating on the GPT 5.1. mini model. Please note that this may change in the future, and this document may not be updated to reflect such changes.

What is the agreement with the Model Provider?

ORCA has a dedicated agreement with the model provider to achieve zero data retention, ensuring that client data is handled in accordance with our privacy commitments. Furthermore, the agreement limits how the model provider can use data from these anonymous requests, including not using prompts and outputs to develop or improve their models, as well as deleting all information received once it is no longer necessary to provide outputs.

As noted above, ORCA interacts with the model provider(s) on your behalf, meaning your personal information (for example, IP address) is not exposed to them.

Output Reliability

AI outputs may be inaccurate, incomplete, or otherwise unreliable. Always review and validate all AI-extracted information before relying on it. ORCA and its model providers are not responsible for errors in data extraction or storage.

Data Visibility

During the processing of your data, ORCA theoretically has the means to access the contents of the files and prompts submitted.

How your data is processed:

  1. You upload a file to the ORCA front-end (code that runs in the browser).
  1. The ORCA front-end transfers the file to the ORCA Server in two ways:
    1. For storage: It encrypts the file using ORCA’s encryption and then via TLS and sends it to the ORCA Server to be stored. The file is encrypted during transit from the ORCA front-end to the ORCA Server and at rest on the ORCA Server, as outlined in our Security White Paper, and
    2. For AI processing: All communication is encrypted via TLS. The ORCA front-end encrypts the file via TLS and sends it to the ORCA Server to be forwarded to the AI Model on your behalf. This version of the file is encrypted in transit to the ORCA Server, but is then unencrypted on the ORCA Server so that the ORCA Server can send readable information to the AI Model:
      1. The ORCA Server encrypts the file and the prompt(s) and sends the file to the AI Model. Your file is readable via the AI model at this moment of time.
      2. The AI model returns its output(s) to the ORCA Server (encrypted via TLS).
      3. The output is sent to the ORCA front-end (encrypted via TLS).
      4. Data (file, file contents and AI output) is deleted from both the memory of the ORCA Server and the AI Model.

All of the actions on the ORCA Server take place in temporary memory and are not stored. Accessing the ORCA Server follows strict processes (where multiple people’s approvals are required), guidelines and the access is monitored.

Summarising, during the processing above, the AI-relevant data, which includes:

  • prompt input,
  • prompt output, and
  • file contents,

is NOT encrypted at all times. Afterwards, all of the AI-relevant data is erased both from the ORCA Server and the AI Model memory whilst the file content is stored encrypted following the strategy described in the Security White Paper. Therefore, this access is strictly limited to the processing phase and does not imply any retention or further use of the data.

Data Usage

  • Client Data is Never Used for Training: ORCA does not use any client data, including files and prompts, for the purpose of training AI models. Your data remains confidential and is not utilized to improve or develop any AI models.
  • Zero-Data Retention: All client data which is unencrypted in this process, including files and prompts, are immediately deleted after processing (the File is nevertheless stored encrypted, following the strategy described in the Security White Paper). ORCA adheres to a strict zero-data retention policy, ensuring that no information is stored or retained beyond the necessary processing time.
  • Data Location: All client data is processed and stored within Europe. ORCA ensures compliance with European data protection regulations, providing a secure environment for your information.

Conclusion

By using ORCA Sonar functionality, you acknowledge and accept these Terms & Conditions.

Our general Terms of Service and Privacy Policy also apply here. If there is a conflict with our general Terms of Service, these Terms of Service apply. Your data privacy is of utmost importance to us, and we are committed to maintaining the confidentiality and security of your information.

Contacting ORCA

If you have questions about our data security, please contact us any time privacy@withorca.com.

Audit Log

Date
Change
2025-12-04
Clarification and added more information about Data Visibility
Did this answer your question?
😞
😐
🤩
Contact Us | support@withorca.com