Privacy Policy

1. Scope

This policy applies to Orbit website and app features, including account authentication, subscription billing, and AI-powered document workflows.

2. Information We Collect

We may collect the following categories of information:

• Account data (email address, user ID, authentication identifiers, basic profile fields).
• Billing/subscription data (plan status, Paddle customer/subscription identifiers, transaction metadata).
• Usage and technical data (feature usage, request timestamps, device/app metadata, error logs).
• AI workflow data (uploaded PDFs, prompts, selected text, image inputs, and model outputs).

We do not intentionally store full payment card details in Orbit systems; payment details are handled by Paddle as our payment processor.

3. How We Use Information

• To provide and maintain the service.
• To authenticate users and secure accounts.
• To process payments and manage subscriptions.
• To improve performance, reliability, and product quality.
• To comply with legal obligations and enforce our Terms of Service.

4. AI Processing and Data Transfer

To provide AI features, Orbit transmits relevant content to external AI providers. Depending on feature and configuration, this may include Google Gemini and/or OpenRouter-connected model providers.

• PDF files may be sent to Google Gemini Files API for document-based Q&A workflows.
• Prompts and conversation context may be sent to model APIs for response generation.
• When Gemini Files API is used, provider-side file storage may be temporary and governed by provider policy.

Orbit may store temporary file-reference metadata (for example, hashed document IDs, file references, and expiration metadata) to avoid redundant re-uploads and improve reliability.

In our current Gemini flow, Orbit stores file-reference metadata in Firestore and marks it with an expiration timestamp (approximately 47 hours). This metadata is ignored after expiration; actual record deletion timing may vary based on cleanup operations.

5. Cookies and Similar Technologies

Orbit may use browser storage technologies such as Local Storage and IndexedDB for sign-in/session support and core app behavior. Third-party providers may also use their own cookies or storage mechanisms when their services are invoked.

6. Third-Party Processors

We use third-party services to operate Orbit. Examples include:

• Firebase (authentication and data infrastructure)
• Paddle (subscription and billing processing)
• Google Gemini API and Files API (AI document processing)
• OpenRouter and connected model providers (certain AI features)
• Vercel/infrastructure providers (hosting and delivery)

These providers process data under their own terms and privacy policies.

7. Data Retention

Retention periods vary by data type and operational need. In general:

• Account and subscription records are retained while your account is active and as required by law.
• Operational logs are retained for security, debugging, and fraud prevention for a limited period.
• AI workflow artifacts may be handled temporarily by Orbit and/or third-party providers.
• For Gemini Files API workflows, provider-side temporary file retention may be up to approximately 48 hours (subject to provider policy and change).

If you request account deletion, we delete core account records from active systems unless retention is required for legal compliance, accounting, fraud prevention, or dispute resolution. Some residual technical records may remain temporarily until expiration or backup lifecycle completion.

8. International Data Transfers

Your data may be processed in countries other than your own where Orbit or its providers operate. We rely on applicable legal mechanisms for cross-border data transfers where required.

9. Security

We apply reasonable technical and organizational safeguards to protect personal information. No system can be guaranteed to be 100% secure.

10. Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict use of your personal data. You may also have rights to object to certain processing.

You can request these actions by contacting us at orbit.lab.service@gmail.com.

11. Children's Privacy

Orbit is not intended for children under 13 (or the minimum legal age in your jurisdiction), and we do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When material changes are made, we will update the "Last updated" date.

This Privacy Policy may be translated for convenience. In the event of any inconsistency between language versions, the English version will prevail to the extent permitted by applicable law.

13. Contact

If you have questions about this Privacy Policy, contact us at orbit.lab.service@gmail.com.

Operator (legal name): Baek Doojin, Republic of Korea. Trading name: dlab.