Privacy Policy

1. Introduction

OrbitRoute Inc. ("OrbitRoute," "we," "us," or "our") operates the orbitroute.ai platform, a software-as-a-service solution that routes AI workloads to orbital compute infrastructure. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, platform, APIs, and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your data with transparency. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account or interact with the Service, we may collect:

Name and email address
Company or organization name
Account credentials (passwords are stored in hashed form only)
Profile information you choose to provide

2.2 Usage Data

We automatically collect certain data about how you use the Service, including:

API call logs (endpoints called, timestamps, response codes)
Routing decisions and job metadata (job type, compute requirements, target infrastructure)
Feature usage patterns within the dashboard
Error logs and diagnostic information

2.3 Payment Information

Payment processing is handled entirely by our payment processor, Stripe. When you provide billing information, that data is transmitted directly to and stored by Stripe in accordance with their security standards (PCI DSS Level 1). OrbitRoute does not store, process, or have access to your full credit card numbers, debit card numbers, or bank account details. We retain only a payment reference ID, billing address, and the last four digits of your card for transaction records.

2.4 Analytics Data

To improve the Service, we collect aggregated and anonymized analytics data including:

Page views and navigation patterns within the dashboard
Feature adoption and usage frequency
Performance metrics and service reliability data

This analytics data is used solely for improving the Service and is not linked to your identity for advertising purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: To operate and maintain the platform, route your AI workloads, process API requests, and deliver the functionality you expect.
Improving the Service: To analyze usage patterns, identify issues, optimize performance, and develop new features based on aggregate usage data.
Communicating with you: To send transactional messages (account confirmations, security alerts, job status notifications), respond to support requests, and deliver service-related announcements.
Billing and administration: To process payments, manage subscriptions, generate invoices, and maintain accurate billing records.
Security and compliance: To detect and prevent fraud, abuse, and unauthorized access, and to comply with our legal obligations.

We do not use your personal information for targeted advertising or sell it to third-party advertisers.

4. Data Retention

We retain your information in accordance with the following practices:

Active accounts: Your account data, usage history, and associated records are retained for the duration of your active account.
Account closure: Upon account closure (whether initiated by you or by us), your personal data is scheduled for deletion. All personal data, API logs, and account records are permanently deleted within 90 days of account closure.
Billing records: Certain billing and transaction records may be retained beyond the 90-day period as required by applicable tax and financial reporting laws.
Anonymized data: Aggregated, de-identified data that cannot reasonably be linked back to you may be retained indefinitely for analytics and service improvement.

You may request earlier deletion of your data by contacting us at privacy@orbitroute.ai.

We do not sell your personal information. We have never sold personal data and have no plans to do so. We share data only as described below, strictly as necessary to operate the Service.

We may share your information with the following categories of third parties:

Stripe (payment processing): We share billing-related information with Stripe to process payments, manage subscriptions, and prevent payment fraud. Stripe's handling of your data is governed by their privacy policy.
Resend (transactional email): We share your email address with Resend to deliver account notifications, security alerts, and other transactional communications. We do not share your email for marketing through Resend.
Infrastructure providers: To route your AI workloads, we share necessary job metadata (such as compute requirements and routing parameters) with our orbital and terrestrial compute infrastructure partners. This sharing is limited to the minimum information required to execute the job.

We may also disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of OrbitRoute, our users, or the public.

6. Customer Workload Data

We recognize that your AI models, inference data, and computational workloads represent valuable intellectual property. We treat this data with the highest level of care and confidentiality.

Transient processing only: AI models and inference data submitted to the Service are processed transiently for the sole purpose of routing and executing your workload. Data is held in memory or temporary storage only for the duration of the job.
No persistent storage: Customer workload data (including model weights, input data, and inference outputs) is never stored beyond job completion. Once a job is finished and results are delivered, workload data is purged from all processing infrastructure.
No training use: We never use your workload data, models, inputs, or outputs to train, fine-tune, or improve any machine learning models, whether our own or those of any third party.
No sharing: Customer workload data is never shared with, disclosed to, or made accessible to any third party beyond the infrastructure provider processing the specific job, and only for the duration of that job.

7. Cookies and Tracking

We use a minimal set of cookies and similar technologies:

Session cookies: Essential cookies required to maintain your authenticated session and ensure the Service functions correctly. These expire when you close your browser or after a period of inactivity.
Preference cookies: Optional cookies that store your dashboard preferences and settings for a better user experience.
Analytics: We use privacy-respecting analytics to understand aggregate usage patterns and improve the Service. Analytics data is collected for service improvement purposes only and is not shared with third-party advertising networks.

We do not use third-party advertising trackers, retargeting pixels, or cross-site tracking technologies. We do not participate in ad networks or sell data derived from cookies.

8. Security Measures

We implement comprehensive security measures to protect your data:

Encryption in transit: All data transmitted between your systems and the Service is encrypted using TLS 1.2 or higher.
Encryption at rest: All stored data, including account information and logs, is encrypted at rest using AES-256 encryption.
Access controls: Internal access to customer data is restricted on a need-to-know basis, protected by multi-factor authentication, and subject to audit logging.
Infrastructure security: Our systems are hosted in secure, audited environments with continuous monitoring, intrusion detection, and automated threat response.
Compliance target: OrbitRoute is pursuing SOC 2 Type II compliance to provide independently verified assurance of our security controls and practices.

While we strive to protect your data with industry-leading measures, no method of electronic transmission or storage is completely secure. If you discover a security vulnerability, please report it to security@orbitroute.ai.

9. Your Rights

Regardless of your location, you have the following rights with respect to your personal data:

Access: You may request a copy of the personal data we hold about you.
Correction: You may request that we correct inaccurate or incomplete personal data.
Deletion: You may request that we delete your personal data, subject to legal retention requirements.
Data export: You may request a machine-readable export of your personal data in a commonly used format (JSON or CSV).
Opt-out of marketing: You may opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting us. Note that transactional emails (such as security alerts and billing notifications) are not marketing and cannot be opted out of while you maintain an active account.

To exercise any of these rights, please contact us at privacy@orbitroute.ai. We will respond to your request within 30 days.

10. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it is shared.
Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to correct: You have the right to request correction of inaccurate personal information.
Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out, but we honor such requests regardless.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality, or service levels for making a privacy request.

To submit a CCPA request, contact us at privacy@orbitroute.ai with the subject line "CCPA Request." We will verify your identity before processing the request and respond within 45 days.

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) provides you with specific data protection rights. OrbitRoute processes your personal data on the following legal bases: performance of a contract (to provide the Service), legitimate interest (to improve and secure the Service), and consent (where applicable).

Under the GDPR, you have the right to:

Access: Obtain confirmation as to whether your personal data is being processed and request a copy of that data.
Rectification: Request correction of inaccurate personal data or completion of incomplete data.
Erasure: Request deletion of your personal data when it is no longer necessary for the purpose for which it was collected, or when you withdraw consent.
Data portability: Receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
Restriction of processing: Request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
Objection: Object to the processing of your personal data based on our legitimate interests, including for direct marketing purposes.
Withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any GDPR right, contact our privacy team at privacy@orbitroute.ai. You also have the right to lodge a complaint with your local data protection supervisory authority.

12. International Data Transfers

OrbitRoute operates globally and may transfer your personal data to countries outside your country of residence, including the United States, for processing. When we transfer personal data internationally, we implement appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable law.

For transfers of personal data from the EU/EEA, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with all third-party processors
Adequacy decisions where applicable

By using the Service, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your own. We take all reasonable steps to ensure your data remains protected regardless of where it is processed.

13. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@orbitroute.ai and we will take steps to delete such information promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will:

Provide at least 30 days' advance notice before the changes take effect
Notify you via email to the address associated with your account
Post a prominent notice on the Service
Update the "Last updated" date at the top of this page

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this page periodically.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

OrbitRoute Inc.

Privacy Team

Email: privacy@orbitroute.ai

We aim to respond to all privacy-related inquiries within 30 days. For urgent security matters, please contact security@orbitroute.ai.