Privacy Policy

1. Who we are

This Privacy Policy describes how OrbFlow AI LLC("OrbFlow," "we," "us") collects, uses, discloses, and otherwise processes personal information in connection with our websites, waitlist, and software services (collectively, the "Services").

2. Information we collect

• Account and profile: name, email address, password hash (stored by our authentication provider), and similar identifiers you provide when you register or update your profile.
• Usage and content: information you submit to the Services (for example source text for repurposing), settings, feature usage, and technical logs (such as IP address, device/browser type, and timestamps) needed to operate and secure the Services.
• Waitlist: email address and related metadata when you join a mailing list through our landing pages or APIs.
• Payments: when you purchase a paid plan, our payment processor receives and processes billing details; we generally receive limited billing metadata (for example customer and subscription identifiers), not full card numbers.
• Support and communications: information you send when you contact us.

3. How we use information

We use personal information to:

• Provide, maintain, secure, and improve the Services;
• Authenticate users, process transactions, and send service-related notices;
• Communicate about beta updates, product changes, and marketing where permitted;
• Detect, investigate, and prevent fraud, abuse, and security incidents;
• Comply with law and enforce our terms.

4. Legal bases (EEA/UK/Switzerland)

Where GDPR or similar laws apply, we rely on appropriate legal bases such as contract (providing the Services you request), legitimate interests (security, analytics, product improvement balanced against your rights), consent where required (for example certain marketing cookies or emails), and legal obligations.

5. How we share information

We share information with service providers who process data on our behalf under contracts, including for example hosting, database and authentication, payments, email delivery, analytics, AI inference, and research enrichment. We may also disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale (with notice where appropriate).

Categories of subprocessors commonly involved in delivering the Services include infrastructure and application hosting, identity and database providers, payment processors, customer email platforms, and AI or search API vendors. The specific vendors may change as we improve the product.

6. Cookies and similar technologies

We and our partners may use cookies and similar technologies for session management, preferences, security, and understanding usage patterns. You can control cookies through browser settings; blocking certain cookies may impact functionality.

7. Retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on the data type and context.

8. Security

We implement technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure.

9. Your choices

Depending on your location, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us at the email below. You may opt out of marketing emails by using the unsubscribe link where provided.

10. U.S. state privacy rights

If you are a resident of a U.S. state with a consumer privacy law, you may have additional rights (for example access, deletion, and opt-out of certain sharing). Contact us to submit a request; we will verify and respond in accordance with applicable law.

11. International transfers

We may process information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.

12. Children

The Services are not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect personal information from children.

13. Changes

We may update this Privacy Policy from time to time. We will post the updated policy and revise the "Last updated" date. Where required, we will provide additional notice.

14. Contact

Privacy inquiries: privacy@orbflowai.com