Privacy Policy
// Key points
- We collect financial, email, and usage data to power the Service
- We share with trusted partners only as needed to operate
- We do NOT sell your personal data — ever
- All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- You can delete your data at any time from Settings
- Questions? privacy@orbit.guide
1. Introduction
Orbit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial intelligence platform.
Please read this policy carefully. By using Orbit, you consent to the practices described herein.
2. Information We Collect
2.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address | Account creation and authentication via Google or Microsoft OAuth |
| Payment Information | Credit card (via Stripe) | Subscription billing |
| Preferences | Notification settings, display preferences | Personalization |
2.2 Financial Information (via Plaid)
When you connect your bank accounts, we receive:
- Account names and balances
- Transaction history (merchant, amount, date, category)
- Account and routing numbers (masked)
2.3 Email & Calendar Data (via Google / Microsoft)
When you connect Gmail or Outlook, we may access email metadata, email content (for subscription detection, travel confirmation parsing), and calendar events. You control which permissions you grant and can disconnect at any time.
2.4 Travel Information
- Search queries (destinations, dates, preferences)
- Saved trips, flights, hotels, restaurants, activities
- Booking confirmations (if email access granted)
2.5 Automatically Collected Information
| Data Type | Purpose |
|---|---|
| Device Information | Browser type, OS, device ID |
| Usage Data | Features used, pages visited, time spent |
| Log Data | IP address, timestamps, error logs |
| Cookies | Session management, preferences, analytics |
3. How We Use Your Information
We use your information to provide and improve the Service, detect subscriptions, analyze spending patterns, enable travel search, sync email and calendar data, process voice and text commands, process payments, communicate with you, and ensure security.
4. How We Share Your Information
4.1 Third-Party Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Plaid | Bank connections | Financial credentials (securely) |
| Stripe | Payment processing | Payment information |
| Gmail / Calendar integration | OAuth tokens | |
| Microsoft | Outlook / Calendar integration | OAuth tokens |
| Amadeus | Flight / hotel search | Search queries |
| OpenAI | AI / voice features | Anonymized queries |
| Deepgram | Speech-to-text | Audio data |
| ElevenLabs | Text-to-speech | Text responses |
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Financial transactions | 24 months rolling |
| Search history | 12 months |
| Voice / chat logs | 90 days |
| Analytics data | 24 months (aggregated) |
6. Data Security
- Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access, principle of least privilege
- Infrastructure: Secure cloud hosting on SOC 2-compliant infrastructure
- Authentication: Secure OAuth-based login, optional 2FA
- Monitoring: 24/7 security monitoring and alerting
7. Your Privacy Rights
You can view, export, correct, and delete your data at any time. California residents have additional CCPA rights. EU/EEA residents have GDPR rights including access, rectification, erasure, portability, and the right to lodge complaints with supervisory authorities.
To exercise your rights, contact privacy@orbit.guide.
8. Cookies and Tracking
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security | Session |
| Functional | Preferences, settings | 1 year |
| Analytics | Usage statistics | 2 years |
9. Children's Privacy
Orbit is not intended for users under 18 years old. We do not knowingly collect data from children.
10. International Data Transfers
Your data may be transferred to and processed in the United States and other countries. We ensure appropriate safeguards are in place for international transfers.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.