Privacy Policy

OrbitKit ("we," "us," or "our") operates the OrbitKit website and service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Authentication credentials (passwords are hashed; we never store plaintext passwords)

Billing Information

When you subscribe, payment processing is handled by Stripe. We store:

• Your Stripe customer ID
• Subscription status and plan type

We do not store credit card numbers, CVVs, or full card details. Stripe handles all payment data per PCI DSS requirements.

Content You Provide

When you use the privacy policy wizard, we store:

• App name, description, and icon
• Privacy policy wizard responses
• Generated privacy policy content

Automatically Collected Information

• IP address (for rate limiting and abuse prevention; not stored long-term)
• Request logs (retained for 30 days for debugging purposes)

How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service
• Process your subscription payments
• Generate and host your privacy policy page
• Communicate with you about your account
• Prevent abuse and enforce our Terms of Service

Third-Party Services

We use the following third-party services:

• Firebase (Google) — Authentication, database, hosting. Google Privacy Policy
• Stripe — Payment processing. Stripe Privacy Policy
• Google Cloud Platform — Cloud infrastructure. Google Cloud Privacy

We do not sell your personal information to third parties.

Data Retention

• Active accounts — Data is retained as long as your account is active.
• After cancellation — Your data is retained for 30 days, then permanently deleted.
• Request logs — Automatically deleted after 30 days.

Data Security

We implement industry-standard security measures:

• All data transmitted over TLS 1.3
• Data encrypted at rest in Google Cloud
• Firebase Auth for secure authentication
• Access controls with least-privilege principles

Your Rights

You have the right to:

• Access your data (via the dashboard or by contacting us)
• Correct your data (via the dashboard)
• Delete your data (via account deletion or by contacting us)
• Export your data (contact us for a JSON export)

To exercise these rights, email us at privacy@orbitkit.io.

Children's Privacy

OrbitKit is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us.

International Users

OrbitKit is operated from the United States. If you are accessing the Service from outside the US, please be aware that your data may be transferred to and stored in the US.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Changes are effective when posted.

Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: privacy@orbitkit.io