Privacy Policy

Last updated: May 7, 2026

This Privacy Policy describes how Orbis ("Orbis", "we", "us") collects, uses, and protects information when you use our AI assistant service (the "Service"). By using the Service you agree to the practices described here.

Plain-English summary. Orbis is an AI assistant that helps run your operations. We collect the minimum information needed to make the Service work: who you are, what you say to Orbis, and which third-party tools you connect (Slack, Notion, Stripe, etc.). We do not sell your data. We do not train AI models on your content. You can export or delete your data anytime.

1. Who we are

Orbis is operated by Orbis, Inc., a Delaware corporation. Contact us at [email protected] for any privacy-related question or request.

2. Information we collect

Account information

Identity: name, email address, and Google profile picture (when you sign in with Google)
Phone number: when you bind WhatsApp to your Orbis account
Workspace metadata: Slack workspace ID, team name, channel list (when you install our Slack app)

Content you send to Orbis

Messages you send via WhatsApp, Slack, email, or our web interfaces
Files you attach (PDFs, images, documents) that you ask Orbis to process
Calendar events, contacts, and notes Orbis creates on your behalf

Connected-tool data

When you connect a third-party tool (Notion, HubSpot, Google Drive, etc.) via Pipedream Connect, Orbis can read and write data in those tools at your direction. We store only what's necessary to operate the integration — typically a reference token managed by Pipedream, plus cached query results to avoid redundant API calls. We do not bulk-export or store mirror copies of your tool data.

Usage data

Action logs: which tools were called, when, and the credit cost
Error logs: failures, exceptions, and stack traces (with user content redacted where possible)
Diagnostic data: IP address, browser/device type, timestamps

Billing information

When you subscribe to a paid plan, payment processing is handled by Stripe. Orbis stores only the metadata (plan, subscription ID, period, last 4 digits of card) — Stripe holds the full payment instrument.

3. How we use your information

Provide the Service: route messages, run AI queries, call connected tools, send notifications
Bill you: meter credit usage, charge subscriptions, send receipts
Support you: respond to questions, debug issues, recover from failures
Improve the Service: aggregate, anonymized analytics on which features work and which don't
Detect abuse: identify and block automated abuse, fraud, or violations of our Terms
Comply with law: respond to lawful subpoenas, court orders, and regulatory requests

4. AI training and your data

We do not use your content to train AI models. Orbis sends your messages to Anthropic's Claude API to generate responses. Anthropic's API terms commit to not training their models on customer-routed traffic. Your content stays in the Orbis–Anthropic API boundary; it's used only to generate the response you asked for.

Aggregate, non-identifying patterns (e.g., "average response length grew 12% this month") may inform product decisions. Individual messages do not.

5. Google API services and user data (Limited Use)

When you sign in to Orbis with Google, we request access to a limited set of Google API scopes. Our use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we request and why

OpenID, email, profile — to identify your account and display your name and avatar in the Orbis app.
Calendar (read-only): https://www.googleapis.com/auth/calendar.readonly — so Orbis can show upcoming meetings in your daily brief, surface conflicts when scheduling, and answer questions like "what's on my calendar tomorrow?". We never write to your calendar with this scope.

How we handle Google user data

We use Google user data only to provide and improve the user-facing features described above. We do not use it for any other purpose.
We do not transfer Google user data to third parties for advertising, marketing, or any purpose unrelated to providing the Service.
We do not use Google user data to develop, improve, or train generalized AI or machine-learning models. AI inference runs Anthropic's Claude on a transient, non-retained basis.
Humans do not read your Google data except (a) with your explicit consent for a specific support request, (b) where required by law, or (c) where strictly necessary to detect, prevent, or address security issues, abuse, or technical problems.
Calendar events are processed in-memory at request time to generate user-facing answers. We do not maintain a persistent mirror of your calendar in our database.
Identity tokens (OAuth refresh tokens) are encrypted at rest in our database and used only to refresh API access on your behalf.

Revoking access

You can revoke Orbis's access to your Google account at any time at myaccount.google.com/permissions. You can also delete your Orbis account (which removes all stored Google data) by emailing [email protected] — see Section 8 for full deletion procedures.

6. Subprocessors and third parties

Orbis uses these third-party services to operate. Each is bound by their own privacy commitments and applicable data-protection terms.

Vendor	Purpose	Data shared
Anthropic	AI model inference (Claude)	Your messages and tool context, transient — not retained for training
Cloudflare	Hosting, databases (D1), object storage (R2), embeddings (Vectorize)	All Orbis-stored data lives on Cloudflare infrastructure
Stripe	Payment processing, subscriptions, webhooks	Billing email, name, payment instrument (held by Stripe), invoice metadata
Pipedream	Third-party tool OAuth + action execution	OAuth tokens for tools you connect, action invocation payloads
Google	OAuth sign-in, Calendar (read-only)	Profile (name, email, picture), calendar events when granted
Meta (WhatsApp Cloud API)	WhatsApp messaging	Phone number, message content sent via WhatsApp
Slack	Slack messaging integration	Workspace metadata, channels Orbis is added to, message content
Resend	Transactional email (receipts, alerts)	Email address, message body for emails Orbis sends on your behalf

7. Where your data lives

Orbis hosts data on Cloudflare's global network. By default, primary storage is in regions closest to your origin (typically United States or Europe). For tenants with data-residency requirements, we can pin storage to a specific region — contact us at [email protected].

If you are located in the European Economic Area, the United Kingdom, or Switzerland, your data may be transferred to and processed in the United States. Such transfers are made under appropriate safeguards including Standard Contractual Clauses where applicable.

8. How long we keep data

Account data: retained while your account is active, plus up to 90 days after cancellation for billing reconciliation
Conversation history: retained for the life of your account so Orbis has context. You can delete individual conversations or your full history anytime from settings.
Action logs: 12 months for security and audit purposes, then aggregated and anonymized
Billing records: 7 years (US tax/financial reporting requirements)
Backups: rolling 30-day retention; encrypted and access-controlled

9. Your rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you
Correct data that is inaccurate
Delete your data (subject to legal retention requirements)
Export your data in a portable format
Restrict or object to certain processing
Withdraw consent for processing based on consent
Lodge a complaint with a data protection authority

To exercise any of these rights, email [email protected]. We respond within 30 days.

10. California residents (CCPA / CPRA)

If you are a California resident: we do not sell your personal information and do not share it for cross-context behavioral advertising. The categories of personal information we collect are described in Section 2 above. You have the right to know, delete, correct, and opt out of certain processing as outlined in Section 9.

11. Children's privacy

Orbis is intended for business use by adults. We do not knowingly collect data from anyone under 16. If we learn we have collected such data, we will delete it.

12. Cookies and similar technologies

Our web interfaces use only essential cookies — session tokens for authentication and security. We do not use third-party advertising cookies, behavioral tracking, or cross-site identifiers.

13. Security

Orbis applies industry-standard security practices: encryption in transit (TLS 1.2+) and at rest, scoped access tokens, audit logging of every action, and per-tenant data isolation enforced at the database layer. No system is perfectly secure — if you believe your account has been compromised, contact us immediately at [email protected].

14. Data breach notification

If a breach affecting your personal data occurs, we will notify affected users without undue delay and consistent with applicable law.

15. Changes to this policy

We may update this Privacy Policy as the Service evolves or as laws change. Material changes will be communicated by email and through the Service at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

16. Contact

Privacy questions, requests, or concerns: [email protected]
Security issues: [email protected]