Privacy policy

ÖRUS is operated by Eight Hours Ltd, a company registered in England and Wales. The data controller responsible for your personal data is Eight Hours Ltd. Contact us at hello@orus.uk.

• Account data — email address, password (stored as a salted hash by our authentication provider, Supabase), display name.
• Wellness profile — age range, sleep window, primary disruptors, exercise frequency, caffeine cutoff, and any free-text notes you provide. This is voluntary; the advisor uses it to tailor recommendations.
• Purchase history — orders are processed and stored by Shopify on our behalf. We hold the order ids that earned ÖRUS Credit cashback and referral attribution.
• Advisor conversations — message history with the AI advisor, stored in Supabase so the next conversation continues from where you left off.
• Memory facts — durable preferences derived from your conversations (visible at /me/insights). You can edit or delete any of them.
• Cookies — authentication, cart state, consent preference, and referral tracking. See section 5.
• Reorder reminders — the products and frequency you have asked us to remind you about.
• Reviews — the rating, body, and any photo URLs you submit, along with the display name attributed to the review.

Our lawful basis for processing is a combination of (a) performance of contract — fulfilling your orders, providing the loyalty programme, and running the advisor — and (b) legitimate interest in operating a useful, well-run marketplace. Specifically, we use your data to:

• Provide the AI advisor and personalised recommendations.
• Process orders, returns, and refunds via Shopify.
• Manage your ÖRUS Credits and loyalty rewards.
• Send transactional emails (order confirmations, password resets, restock alerts that you have explicitly asked for).
• Improve our product curation and the brands we stock.

We never sell your data. We do not share data with advertisers. We do not run targeted advertising on the site. We do not load any analytics that tracks individual visitors.

Conversations with the ÖRUS Advisor are stored so the next conversation can pick up where you left off. The advisor builds a small set of durable memory facts from the things you tell it; you can review, edit, and delete every one at /me/insights, and you can wipe every conversation from /me.

The advisor is a recommendation tool, not a clinician. Its responses are not medical advice and should not be used to diagnose or treat any condition. Always consult a qualified healthcare professional for medical decisions.

• Essential — Supabase authentication tokens and Shopify cart cookies. Without these the site cannot function.
• Functional — your consent preference (orus_consent), region selection, and referral attribution (orus_ref).
• We do not use advertising cookies.
• We do not use third-party tracking pixels.

You have the following rights over your personal data:

• Right of access — ask for a copy of the data we hold.
• Right to rectification — correct anything that is wrong.
• Right to erasure (“right to be forgotten”) — ask us to delete your account and the data attached to it.
• Right to data portability — request your data in a portable format.
• Right to object to or restrict processing.
• Right to withdraw consent at any time.

To exercise any of these, email hello@orus.uk. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

• Account data: until you delete your account.
• Advisor conversations and memory: until you delete them from /me.
• Purchase history: as required by UK tax law (six years from the end of the financial year in which the sale was made).
• Reviews: indefinitely while your account is active. You can ask us to remove a specific review at any time.
• Credits ledger: indefinitely. Individual credits expire after 12 months of account inactivity.

• Supabase (authentication + database, EU-hosted).
• Shopify (checkout, payments, fulfilment, gift cards).
• Vercel (website hosting).
• Anthropic (Claude API — your messages to the advisor are processed here to generate responses; Anthropic does not retain them beyond the request lifecycle under our enterprise agreement).
• Unsplash (stock images on editorial pages — no personal data shared).

ÖRUS is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have, please contact us so we can remove it.

We may update this policy occasionally. The latest version is always at this URL with the “Last updated” date in the header. Material changes will be highlighted by email to all active accounts.

Email: hello@orus.uk
For account deletions: same address, subject “Account deletion request”.

See also our terms of service.