Legal · the fine print

Privacy Policy

Last Updated: April 29, 2026 · Effective Date: April 29, 2026

This Privacy Policy describes how Orbyt Social, Inc. ("Orbyt," "we," "us," or "our") collects, uses, shares, and protects information when you use the Orbyt Social mobile application, our website at orbytsocial.com, and related services (collectively, the "Service"). It applies to all users of the Service worldwide unless a separate notice applies to your jurisdiction (see Regional Disclosures below).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

We collect information in three ways: information you provide, information collected automatically when you use the Service, and information we receive from third parties.

1.1 Information You Provide

  • Account information: when you create an account, we collect your name, email address, username, and authentication identifier from Sign in with Apple or Sign in with Google. You may also choose to provide a phone number, profile photo, biographical information, professional title, location, and links.
  • Content: posts, comments, direct messages, voice posts, columns, images, audio recordings, reactions, follows, blocks, reports, and any other content you create or interact with through the Service.
  • Subscription & payment information: if you subscribe to a paid feature (for example, a paid newsletter), purchases are processed through the Apple App Store or Google Play. We receive a confirmation of the transaction and the entitlement granted, but we do not collect or store your full payment card details. For payouts to creators, you may be required to provide tax and bank information through our payments partner.
  • Verification data: if you choose to apply for a verified badge, we collect a short video of a gesture-based liveness check and may match it against your profile photo. The verification artifact is stored only for the time required to complete the review.
  • Reports & correspondence: if you report content or contact support, we collect the report metadata, your message, and any attachments you choose to send.

1.2 Information Collected Automatically

  • Device & technical data: device model, operating system version, app version, build number, device language and region, mobile carrier, IP address, network type, and device identifiers (such as the Identifier for Vendors on iOS and the Android Advertising ID where available).
  • Usage data: the screens you view, features you use, search queries, content you interact with, error events, performance metrics, session duration, and timestamps.
  • Approximate location: derived from your IP address and used to serve regionally relevant content. We do not collect precise (GPS-level) location unless you explicitly grant permission to a feature that requires it.
  • Push notification tokens: issued by Apple Push Notification service or Firebase Cloud Messaging when you opt into notifications. We log only the last four characters of the token for support correlation.
  • Cookies & similar technologies: our website uses essential cookies to maintain sessions and load preferences. We do not use advertising cookies.

1.3 Information From Third Parties

  • Authentication providers: when you sign in with Apple or Google, we receive a verified email address (or relayed email), a stable user identifier, and the display name you authorize the provider to share.
  • Mentions and tags: when other users mention or tag you, that interaction is associated with your account.

The categories of personal information we collect map to the disclosures in our App Store privacy nutrition label.

2. How We Use Information

  • Operate and provide the Service: authenticate accounts, deliver content to feeds, route notifications, deliver media, process subscription entitlements, and operate the report and block flows.
  • Personalize your experience: recommend creators, columns, and topics; surface relevant content; remember your preferences.
  • Trust & safety: automatically classify content for objectionable material at upload time, investigate reports, enforce our community guidelines, prevent fraud and abuse, and verify accounts. Content classification is performed by automated systems including third-party content moderation services; the classification is logged but the underlying content is not retained by the classifier beyond the classification call.
  • Communicate with you: send service messages, security alerts, transactional emails, and (with your consent) product updates.
  • Measure and improve: understand which features are used, identify bugs and crashes, run experiments, and improve product quality. We use aggregated, non-identifying metrics for this purpose where possible.
  • Comply with legal obligations: respond to lawful requests, enforce our Terms of Service, and protect our rights and the safety of our users.

We do not use your content (posts, messages, images, audio) to train our own machine-learning models. We do not sell your personal information.

3. How We Share Information

3.1 With Other Users

Your username, profile photo, public profile fields, posts, comments, and reactions are visible to other users. Direct messages are visible only to participants in the conversation. Reports and blocks are confidential.

3.2 With Service Providers

We share information with vendors that perform functions on our behalf under written agreements that limit their use to what we authorize. Categories of service providers include:

  • Cloud hosting and database infrastructure providers
  • Content delivery network and media storage providers
  • Mobile push notification delivery services
  • Email delivery and transactional messaging services
  • Subscription management services
  • Payment processing and creator payout providers
  • Automated content classification and trust-and-safety services
  • Analytics and product-research services (event-level, no payload content)
  • Error monitoring and reliability services
  • Search infrastructure providers
  • Customer support tooling

3.3 With Authentication and Distribution Partners

  • Apple — for Sign in with Apple, App Store distribution, in-app purchase processing, and push notification delivery on iOS.
  • Google — for Sign in with Google, Google Play distribution, in-app purchase processing, and push notification delivery on Android.

These partners process data subject to their own privacy policies.

3.4 For Legal Reasons

We may disclose information when we have a good-faith belief it is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Orbyt, our users, or others.

3.5 In Connection With a Business Transfer

If Orbyt is involved in a merger, acquisition, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in writing or through a prominent notice in the Service.

3.6 With Your Consent

We may share information with other parties when you direct us to or with your consent.

3.7 Connected Services You Choose to Authorize

Some Orbyt features require connecting an external service to your account. These connections are entirely optional — you can use Orbyt without authorizing any of them, and you can disconnect at any time.

Google Calendar (experts and mentors only). If you offer bookable sessions on Orbyt and choose to connect Google Calendar, you grant Orbyt the https://www.googleapis.com/auth/calendar.events scope. We use this access for a single purpose: to create one calendar event on your primary Google Calendar each time a buyer books a session with you, add the buyer's email as an attendee on that event, and attach a Google Meet link so you and the buyer have a video room. Orbyt does not read your existing calendar events, your availability, or any other event you did not book through Orbyt — we only write events Orbyt itself created.

We store the OAuth access and refresh tokens issued by Google, your Google account email, and a flag indicating whether the connection is active. You can disconnect at any time in Settings → Connected Accounts. Disconnecting calls Google's token revocation endpoint and removes the stored tokens from our database. You may also revoke Orbyt's access directly at myaccount.google.com/permissions.

Orbyt's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, calendar data obtained through Google APIs is used only to provide the booking feature described above; is not used or transferred for serving advertisements (including retargeting or personalized advertising); is not sold; and is not read by humans except when (a) you give us explicit consent for a specific incident, (b) it is necessary for security purposes such as investigating abuse, or (c) it is necessary to comply with applicable law.

Stripe Connect (creators receiving payouts). If you accept paid bookings or paid newsletter subscriptions on Orbyt, payouts are processed by Stripe Connect. Stripe collects information directly from you (legal name, business details, government identification for KYC, and bank or card details) under Stripe's own privacy policy. Orbyt does not store your full bank or card details — we receive only the Stripe account identifier and payout status. See stripe.com/privacy.

4. Data Retention

  • Active accounts: we retain your account information and content for as long as your account is active.
  • Closed accounts: when you delete your account, your profile becomes invisible to other users within 24 hours, and the associated personal information is deleted within 30 days, except where retention is required by law, necessary to resolve disputes, or needed to enforce our agreements or prevent abuse.
  • Reported and removed content: retained in a moderation log for the time required to handle appeals, defend against legal claims, and detect repeat violations — typically up to 12 months.
  • Backups and audit logs: may persist for up to 90 days after deletion before being overwritten.
  • Aggregated, de-identified analytics: may be retained indefinitely.

5. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information — including encrypted transport (HTTPS/TLS), encrypted at-rest storage for sensitive fields, scoped access controls, secret rotation, and ongoing monitoring. No system is perfectly secure, however, and we cannot guarantee that unauthorized access, disclosure, or loss will never occur.

6. Your Choices and Rights

  • Access and update: you can view and edit your profile information, subscriptions, and preferences from within the app.
  • Delete your account: you can delete your account from Settings → Account. Deletion is processed as described in Data Retention above.
  • Export your data: you may request a copy of your personal information in a portable, machine-readable format by emailing support@orbytsocial.com.
  • Object or restrict processing: you may object to or request restriction of processing of your personal information in certain circumstances.
  • Push notifications: control delivery in Settings → Notifications or in your device's system settings.
  • Marketing communications: opt out using the unsubscribe link in any marketing email or by contacting us.

To exercise any right, contact us at support@orbytsocial.com from the email address associated with your account, or use the in-app Contact Support link. We respond within the timelines required by applicable law (typically 30–45 days).

7. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@orbytsocial.com and we will take steps to delete such information.

In jurisdictions where the digital age of consent is higher than 13 (such as 16 in parts of the European Union), we comply with the local age threshold and require verifiable parental consent or the appropriate alternative permitted by local law.

8. International Users and Data Transfers

Orbyt is operated from the United States and stores data primarily in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate. We rely on appropriate legal mechanisms (such as Standard Contractual Clauses) to safeguard cross-border transfers where required by law.

9. Regional Disclosures

9.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, disclose, and sell or share; (b) request deletion of your personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of personal information; and (e) limit the use and disclosure of sensitive personal information. We do not sell your personal information and do not share it for cross-context behavioral advertising. To exercise any right, contact support@orbytsocial.com. We will not discriminate against you for exercising a right.

9.2 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, the legal bases on which we rely to process your personal information include: (a) performance of our contract with you; (b) your consent (which you may withdraw at any time); (c) compliance with legal obligations; and (d) our legitimate interests in operating, improving, and securing the Service. You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority. To exercise any right, contact support@orbytsocial.com.

9.3 Other Jurisdictions

If your jurisdiction grants additional privacy rights, we honor them as required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top and, for material changes, provide additional notice (such as an in-app banner or email). Your continued use of the Service after the effective date of an update constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our practices, contact us at:

Orbyt Social, Inc.
Email: support@orbytsocial.com
In-app: Settings → Contact Support

Related: Terms of Service · Community Guidelines