Legal
Privacy Policy
Last updated: June 13, 2026
This Privacy Policy explains what personal data Orbit Intelligence ("we") collects, why, and what you can do about it. It applies to everything at orbitintelligence.com and the authenticated terminal at /dashboard.
1. What we collect
- Account data: email, name, hashed credentials (managed by Supabase Auth), OAuth identifier if you sign in with Google.
- Product data: watchlists, alert preferences, in-app notifications, company profile-view counts (used to enforce free-tier limits).
- Billing data: handled by Stripe. We see a Stripe customer ID and subscription state; we never store full card numbers.
- Technical data: IP address, browser, device, and request metadata captured by our hosting and rate-limiting layers, retained only as long as needed for operations and abuse prevention.
- Email events: delivery, open, and click events from transactional email — used to measure briefing engagement and honor unsubscribes.
2. How we use it
We process personal data to:
- Operate the Service (authentication, watchlists, alerts).
- Send transactional email — daily briefings, alert digests, billing notices — per your notification preferences.
- Enforce plan limits and prevent abuse.
- Measure product usage in aggregate to improve the Service.
- Comply with legal obligations and respond to legitimate requests from authorities.
We do not sell personal data. We do not share personal data with third parties for advertising.
3. AI processing
The daily briefing and funding-round extraction use Anthropic Claude operating over our own ingested public-data sources (launches, contracts, filings, news). We do not include customer personal data, watchlist contents, or behavioral data in prompts sent to AI providers.
4. Sub-processors
The vendors below process personal data on our behalf under contract. Material changes are notified in advance for plans covered by a DPA.
| Vendor | Purpose | Data |
|---|---|---|
| Supabase | Database & authentication | Account, profile, watchlists, alerts |
| Vercel | Hosting & edge runtime | Request logs, headers |
| Stripe | Payment processing | Billing email, card details (we never see card data) |
| Resend | Transactional email | Email address, message content |
| Anthropic | AI summary generation | Aggregated, de-personalized inputs only |
| Upstash | Rate limiting | IP / user identifier for throttling |
| Sentry | Error monitoring | Error context, may include user ID |
| PostHog | First-party product analytics | Anonymized event data |
5. Retention
- Account data: while your account is active and for up to 90 days after deletion for legal and audit purposes.
- Billing data: retained as required by tax and accounting law (typically 7 years), through Stripe.
- Notification and product-event data: 24 months.
- Request logs: typically 30 days at the hosting layer.
6. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, restrict, or delete your personal data, and to object to certain processing. To exercise any of these rights, email legal@orbitintelligence.com from the address on your account. We respond inside 30 days.
You can manage email notification preferences from account settings or via the unsubscribe link in any email. Account deletion removes your profile, watchlists, alerts, and notification history.
7. Cookies & tracking
We use essential cookies for authentication sessions and a first-party analytics cookie (PostHog) to measure aggregate product usage. We do not use third-party advertising cookies, session replay, or cross-site trackers. You can block non-essential cookies in your browser without affecting login.
8. International transfers
Our infrastructure and sub-processors operate primarily in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US under the appropriate contractual protections.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect personal data from them.
10. Security
See our security page for how we protect data — authentication, row-level access controls, secret handling, and responsible-disclosure contact.
11. Changes
We update this Policy as the Service evolves. Material changes are announced in-app or by email; the "Last updated" date at the top always reflects the current version.
12. Contact
Operator: Orbit Intelligence, [TODO: legal entity & registered address]. Email legal@orbitintelligence.com.