Privacy Policy

Last updated: September 30, 2025

Overview

At Orbot AI, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI assistant services. We are committed to transparency and giving you control over your data.

By using Orbot's services, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

  • • Email address (when you sign up for early access)
  • • Contact information you provide for customer support
  • • Account preferences and settings
  • • Communication history and interactions with Orbot

Technical Information

  • • IP address and location data
  • • Device information and browser type
  • • Usage analytics and performance metrics
  • • Log files and error reports

Connected Services Data

When you connect third-party services (with your explicit consent), we may access:

  • • Email and calendar data (to help with scheduling and reminders)
  • • Task and project management information
  • • Only the minimum data necessary to provide our services

How We Use Your Information

  • Service Delivery: To provide, maintain, and improve Orbot's AI assistant features
  • Communication: To send you service updates, notifications, and respond to your inquiries
  • Personalization: To customize your experience and provide relevant recommendations
  • Analytics: To understand usage patterns and improve our services
  • Security: To protect against fraud, abuse, and security threats
  • Legal Compliance: To comply with applicable laws and regulations

Data Protection & Security

Encryption & Storage

  • • All data is encrypted in transit using TLS 1.3
  • • Data at rest is encrypted using AES-256 encryption
  • • We use secure cloud infrastructure with industry-standard protections
  • • Regular security audits and penetration testing

Access Controls

  • • Strict employee access controls with principle of least privilege
  • • Multi-factor authentication for all team accounts
  • • Regular access reviews and audit trails
  • • Data processing agreements with all third-party vendors

Data Sharing & Disclosure

We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing Scenarios

  • Service Providers: Trusted vendors who help us operate our services (with strict data processing agreements)
  • Legal Requirements: When required by law, court order, or government request
  • Security: To protect against fraud, abuse, or security threats
  • Business Transfer: In case of merger, acquisition, or sale (with user notification)

Your Rights & Choices

Access & Control

  • • View your personal data
  • • Update or correct information
  • • Download your data
  • • Delete your account

Communication

  • • Opt out of marketing emails
  • • Control notification preferences
  • • Manage connected services
  • • Set data retention preferences

To exercise your rights: Contact us at privacy@orbot.co or use the settings in your Orbot account.

Data Retention

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Communication History: Retained for service improvement, with options to delete
  • Analytics Data: Aggregated and anonymized data may be retained for business analytics
  • Legal Requirements: Some data may be retained longer if required by law

International Data Transfers

Orbot operates globally and may transfer your data to countries outside your residence. We ensure appropriate safeguards are in place:

  • • Standard contractual clauses for international transfers
  • • Adequacy decisions where applicable
  • • Strict security measures regardless of location

Children's Privacy & Age Requirements

Age Requirements by Region

European Union (GDPR Article 8 Compliance)

For users in the European Union, the minimum digital consent age is 16 years old as defined by GDPR Article 8. Some EU Member States have lowered this age to no less than 13 years old for their jurisdiction.

  • Default EU age: 16 years old
  • Some Member States: 13-15 years old (where legally permitted)
  • Parental consent: Required for users below digital consent age

Reference: GDPR Article 8 - Conditions applicable to child's consent

Other Regions

For users outside the EU, the minimum age is 13 years old in compliance with COPPA (Children's Online Privacy Protection Act) and similar international standards.

Our Commitment

  • • We do not knowingly collect personal information from children below the applicable digital consent age
  • • We implement age verification measures during account creation
  • • We regularly review accounts for compliance with age requirements
  • • We provide clear age-appropriate information and obtain verifiable parental consent when required

Underage Account Detection & Handling

If we become aware that we have collected personal information from a child below the applicable digital consent age without proper parental consent, we will:

  1. 1. Immediate Suspension: Temporarily suspend the account within 24 hours
  2. 2. Parental Notification: Contact parents/guardians if contact information is available
  3. 3. Consent Verification: Request verifiable parental consent within 30 days
  4. 4. Account Deletion: Permanently delete all personal data if consent is not obtained
  5. 5. Access Blocking: Prevent future account creation from the same device/IP for minors

Report underage users: Contact us immediately at privacy@orbot.co with subject "Underage User Report"

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • • Posting the new policy on this page
  • • Updating the "Last updated" date
  • • Sending an email notification for significant changes
  • • Providing in-app notifications when appropriate

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

General Privacy Questions

Email: privacy@orbot.co
Response time: Within 48 hours

Data Protection Officer

Email: dpo@orbot.co
For EU/GDPR related inquiries

Data Controller's Registered Office

GDPR Article 13 Contact Information

Orbot AI, Inc.
Data Controller & Privacy Department
123 Innovation Drive, Suite 400
San Francisco, CA 94105
United States

Registration: Delaware Corporation
EU Representative: Available upon request

GDPR Data Subject Rights

EU residents can exercise their rights under GDPR (access, rectification, erasure, portability, restriction, objection) by contacting our registered office above or emailing dpo@orbot.co. Please include "GDPR Request" in your correspondence.