Privacy Policy
Orchera CARM Proxy AI - Professional Edition | Effective: March 27, 2026
1. Overview
Orchera CARM Proxy AI ("the Software") is a locally-hosted customs declaration preparation tool. This Privacy Policy explains how the Software handles data during operation.
The short version: All your data stays on your machine. We don't collect it, we don't see it, we don't store it. Orchera is 100% local.
2. Data Processing - Local Only
All data processing occurs on your local machine. The Software operates as a localhost web application (default: http://localhost:3000). No invoice data, Business Numbers, declarations, audit trails, or user credentials are transmitted to external servers.
| Data Type | Storage Location | Transmitted Externally? |
|---|---|---|
| Invoice files (PDF, TXT, CSV, XLSX) | Inbound_Invoices/ and storage/archives/ | No |
| Declarations database | mirror_portal/data/orchera.db | No |
| Audit trail | logs/audit_trail.json | No |
| User credentials | mirror_portal/.env + orchera.db | No |
| Session tokens | Browser sessionStorage (volatile) | No |
| HS code rulings | mirror_portal/resources/ | No |
3. Data We Do NOT Collect
Orchera does not:
- Collect personal information from end users;
- Transmit invoice or declaration data to any server;
- Use analytics, tracking pixels, or telemetry;
- Share data with advertisers, data brokers, or any third party;
- Store data in cloud storage or external databases;
- Access data outside the application directory.
4. AI Processing
The AI processing component uses locally-hosted models via Ollama (phi4-mini, llama3.2:1b, and qwen2.5-coder:1.5b). All AI inference runs entirely on your local machine - no invoice data, prompts, or responses are transmitted to any external API or cloud service.
5. External Connections
The Software makes limited external connections for non-sensitive operational data:
- Bank of Canada - Exchange rate sync (daily, no user data sent)
- CBSA RSS Feed - Customs notices (daily, no user data sent)
- orchera.ca - Regulatory data updates and version checks (daily, no user data sent)
- orchera.ca/licensing - License verification and trial tracking (machine fingerprint only - a hardware hash, not personal data)
All external connections are optional. The Software works fully offline with bundled data.
6. Credentials and Secrets
- Database user credentials are scrypt-hashed in SQLite. Environment file credentials are plain text - protect with file system permissions.
- Session tokens are HMAC-SHA256 signed and stored in sessionStorage. They do not persist after the browser tab is closed.
- The SECRET_KEY used for token signing is stored in .env and should be treated as a secret.
- No credentials are written to log files or the audit trail.
7. Data Retention
- Audit trail: Retained indefinitely by default. You are responsible for retention in compliance with section 40 of the Customs Act (minimum 6 years).
- Declarations database: Retained until manually reset or backed up.
- Processed invoices: Archived in storage/archives/. You manage archival and deletion.
8. Data Deletion
To delete all data processed by the Software:
- System Admin - Reset Database (clears declarations and approvals)
- Delete logs/audit_trail.json
- Delete storage/archives/ contents
- Clear browser sessionStorage
9. Your Rights
As all data resides on your local machine, you maintain full control over your data at all times. You may access, modify, export, or delete any data without restriction. No request to Orchera is necessary - you own your data completely.
10. Children's Privacy
The Software is designed for licensed customs brokers and trade professionals. It is not intended for use by individuals under the age of 18.
11. Changes to This Policy
Updates to this Privacy Policy will be included in new releases of the Software and posted at orchera.ca/privacy. The effective date at the top of this document indicates the most recent revision.
12. Contact
For questions about this Privacy Policy, contact: info@orchera.ca