Orika

Privacy

Last updated April 18, 2026

Orika is a desktop workspace for AI coding agents. Most of your data stays on your machine. This page explains exactly what leaves your device, when, and why. We try to collect as little as possible.

What stays on your machine

Everything on the Hobby tier is local-first:

  • Your workspaces, worktrees, and agent sessions
  • Conversation history and file edits (stored in a local SQLite database)
  • Provider API keys you bring (Claude, Codex, OpenAI, etc.) — kept in your OS keychain
  • Generated code, diffs, and terminal output

Orika does not upload your codebase, your prompts, or your generated output to our servers. Source code is sent only to the agent provider you configured, according to the policies of that provider.

What we do collect

To run the account, subscription, and remote-workspace side of the product, we store:

  • Account data — email, name, and the authentication identifier issued by our identity provider (WorkOS AuthKit) when you sign in.
  • Billing data — subscription tier, renewal state, and the Stripe customer identifier. We never store card numbers; Stripe handles those.
  • Remote workspace metadata — if you subscribe to Pro or Max, we keep the IDs, sizes, and activity timestamps of sandboxes you create so we can meter usage and clean up idle environments. We do not read the contents of your sandboxes.
  • Operational logs — request timing, error types, and coarse feature usage, retained for up to 30 days, used only to debug and improve the product.

Third-party services

We rely on the following providers to run Orika. Each has its own privacy policy:

  • WorkOS AuthKit — authentication and session management.
  • Stripe — subscription billing and payment processing.
  • Daytona — remote sandbox execution for Pro and Max subscribers.
  • Railway — hosting infrastructure for our web and API services.
  • The agent provider you chose (Anthropic, OpenAI, etc.) — your prompts and files go directly from your machine to them under their policies; we are not in the middle.

How we use your information

  • To create and authenticate your account
  • To bill and service your subscription
  • To provision and meter remote sandboxes (Pro and Max)
  • To diagnose errors and measure reliability of the service
  • To send transactional email (account, billing, security notices)

We do not sell your data, and we do not use your data to train any model. The only data shared outside of Orika and the providers above is what is strictly required to deliver the service you paid for.

Data retention

Account and billing records are retained for the life of your account. Operational logs are retained for up to 30 days. Remote sandbox snapshots and activity records are retained for 90 days after the sandbox is deleted, then removed permanently. You can request earlier deletion at any time by contacting us.

Your rights

You can request a copy of the data we hold about you, have it corrected, or request that your account and all associated data be deleted. Email us at the address below and we will respond within 30 days.

Children

Orika is not directed at anyone under 16. We do not knowingly collect information from children. If you believe we have, contact us and we will remove it.

Changes

We will update the last-updated date at the top of this page when the policy changes, and we will notify you by email before any material change takes effect.

Contact

Privacy questions: privacy@rikalabs.sh.