Privacy Policy
How Oryn collects, uses, stores, and shares your information.
Who we are
Decoded Systems, LLC (“Decoded Systems”,
“we”, “us”) operates Oryn, the law
practice management platform at
oryn.decoded-systems.com.
What we collect
- Firm and user data. The names, contact information, role, and credentials that you provide when you sign up or invite users.
- Matter data. The information your firm enters into Oryn about its cases, parties, and workflows.
- Usage data. Logs of API requests, feature usage, and error reports, used to operate and improve the service.
- Billing data. If you pay Oryn directly, your billing address and the last four digits of your payment method. Card numbers are stored at our payment processor, not at Oryn.
How we use your data
- To provide the service to you and your clients.
- To meet legal and regulatory obligations (tax, audit, bar cooperation).
- To improve the product, using aggregated or de-identified data only. No model training on customer data.
What we don’t do
We do not sell, rent, or share personal information with advertisers. We do not use firm or matter data to train AI models. We do not share information across firms; every firm’s data is isolated at the database layer.
Data we share
- Subprocessors. Oryn relies on a limited set of subprocessors (hosting, storage, payments, email delivery, AI inference). The current list is maintained on the subprocessors page.
- Law enforcement. We respond to valid legal process. We notify affected firms before compliance whenever the law allows.
- Successors in interest. Customer data may transfer to a successor in the event of a merger or acquisition, subject to continuing obligations.
How we protect it
See our security page for the technical controls. In short: encryption at rest and in transit, per-firm isolation enforced at the database layer, audit logs for every artifact write, and MFA-enforced authentication.
Your rights
- Export. Firm administrators can request a complete export of tenant data at any time from Settings → Data.
- Deletion. Firm administrators can request deletion under our Data Processing Addendum. Some records are retained for legal compliance windows.
- GDPR / CCPA. Residents of the EU, UK, and California have additional rights; contact privacy@decoded-systems.com to exercise them.
SMS / Text Messaging
If you use a sign-in method that sends a verification code by text message, or you receive text messages from a law firm using Oryn, the following applies:
What we collect
The mobile number you provide (or that your law firm provides on your behalf with your knowledge), the timestamps of verification-code requests and deliveries, and inbound replies you send to our number (HELP, STOP, and related keywords). We do not store the verification codes themselves in plaintext once they have been used or expired.
What we use it for
Sending you one-time verification codes when you actively initiate a sign-in, and operational handling of HELP/STOP keywords. We do not use your mobile number for marketing, promotional messages, or any purpose other than authentication.
Sharing
Mobile numbers and message content are not shared with third parties for marketing. Our SMS carrier (Twilio) processes messages on our behalf solely to deliver them.
Frequency and cost
Message frequency depends on how often you sign in (typically one message per sign-in attempt). Message and data rates may apply per your wireless carrier’s plan.
Opt-out
Reply STOP (or CANCEL, END, QUIT, UNSUBSCRIBE, REVOKE, STOPALL, OPTOUT) to any message from us to opt out of receiving further messages. Reply HELP for assistance. Opting out of SMS will disable text-based sign-in for your account; you can still sign in via email magic link.
Retention
Mobile numbers are retained while your account is active. Opt-out records are retained indefinitely as required by carrier compliance.
Contact
Decoded Systems, LLC
[Street address TBD]
Seattle, WA, USA