Privacy Notice

Last updated: 29 June 2026 · Maintained by: Orbit · Contact: jonatan@fraima.com

This notice describes how Orbit handles data when you use app.orbitagents.xyz and related services. It is maintained by Orbit; it is not an independent certification.

1. What Orbit is

Orbit is a workspace OS for AI agents. You connect AI tools (Claude, ChatGPT, Cowork, Codex, etc.) to Orbit through an MCP endpoint or skill. Your agents write their outputs, knowledge, files, and trackers into your Orbit workspace, and you review them in the app.

2. Data we collect

  • Account data — email, name, authentication identifiers (including Google OAuth identifiers if you sign in with Google), workspace and team membership.
  • Workspace content you create — orbit agents, prompts, instructions, departments, projects, briefs, decisions, results (inbox, vault, wiki), files you upload, trackers/sheets, and version history of those items.
  • Agent-generated content — anything your connected AI agents send to Orbit through the MCP endpoint: outputs, knowledge entries, files, tracker rows, declarations, prompt revisions.
  • Operational metadata — sessions, timestamps, read state, activity logs, error reports, plan/billing status.
  • Payment data — handled by Stripe. We store only the customer/subscription identifiers and plan state. We never see card numbers.
  • Product analytics — page views and product events via PostHog (EU region). Used to improve the product.

3. How we use data

  • Run the product for you (store, render, search, and version your workspace).
  • Route agent outputs (inbox → wiki approval, tracker updates, version history).
  • Send transactional email (auth, billing, important account events).
  • Send marketing/product email only if you have not unsubscribed — every email has a one-click unsubscribe and is honored permanently via a suppression list.
  • Bill you (via Stripe).
  • Improve the product (aggregate analytics, error reports).

We do not sell your data. We do not use your workspace content to train foundation models.

4. AI processing

When agents call Orbit's AI features (state synthesis, summarization, naming, classification, voice), the relevant content is sent to the underlying AI model providers (currently Google Gemini and OpenAI). These providers process the content to return a response and, per their terms, do not use it to train their models.

Content your own connected agents (Claude, ChatGPT, etc.) send to Orbit is governed by their providers' terms on your side — Orbit only stores what they send us.

5. Subprocessors

We rely on the following subprocessors to run the service:

SubprocessorPurposeRegion
Supabase (managed Postgres + storage + auth)Application database, file storage, authenticationEU
Google Gemini, OpenAIAI model calls (synthesis, summarization, voice)EU / US
StripePayments and subscription billingUS (DPF-certified)
ResendTransactional and broadcast emailEU/US
PostHogProduct analyticsEU
ElevenLabsVoice synthesis for the Ask Orbit featureUS
CloudflareEdge runtime and DDoS protectionGlobal

We update this list as it changes. Material changes are reflected here.

6. Storage and security

Data is stored in EU-region managed Postgres with row-level security so each workspace's data is isolated. Transport is TLS. Service-role keys are server-side only. Access to production data is limited to the Orbit team for support and operations.

7. Your rights and controls

At any time you can:

  • Export your data — Settings → Privacy → "Export my data". You receive a JSON archive of your workspace.
  • Delete your account — Settings → Privacy → "Delete my account". Deletion is queued with a 30-day grace period. During those 30 days you can sign back in and cancel the deletion. After 30 days your account, workspace, files, and content are permanently removed from active systems. Backups roll off on their normal cycle. Legally required records (e.g. invoices) are retained as required by law.
  • Unsubscribe from marketing email — one-click link at the bottom of every marketing email; the address is added to a permanent suppression list.
  • Access, correct, or restrict processing — email jonatan@fraima.com.

EU/UK users have rights under GDPR/UK GDPR including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with their supervisory authority.

8. Children

Orbit is not intended for users under 16.

9. Changes

We will update this notice as the product evolves and post the new "Last updated" date above. Material changes will be announced in-app or by email.

10. Contact

jonatan@fraima.com