This Privacy Policy describes how Orbyt Social, Inc. ("Orbyt," "we," "us," or "our") collects, uses, shares, and protects information when you use the Orbyt Social mobile application, our website at orbytsocial.com, and related services (collectively, the "Service"). Orbyt is a professional network, and it is adults-only — you must be 18 or older to use it. This Policy applies to all users of the Service worldwide unless a separate notice applies to your jurisdiction (see Regional Disclosures below).
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
The short version
This summary is for orientation only. The full sections below control, and you should read them.
- Orbyt is a professional network, and much of it is public. Your profile, posts, comments, and reactions are visible to others. Direct messages are private to the people in the conversation.
- We collect what we need to run the Service: the account and profile details you provide, the content you create, technical and usage data from your device, and limited information from sign-in providers.
- We do not sell your personal information and we do not share it for cross-context behavioral advertising.
- We do not use your content to train AI models. We don't train our own models on it, and the AI providers we use are contractually prohibited from training their models on it.
- You can access, export, correct, and delete your data, and you can withdraw consent for optional features at any time.
- The Service is adults-only (18+). We do not knowingly collect personal information from anyone under 18.
- Questions? Email us at support@orbytsocial.com or use the in-app Contact Support link.
1. Information We Collect
We collect information in three ways: information you provide, information collected automatically when you use the Service, and information we receive from third parties.
1.1 Information You Provide
- Account information: when you create an account, we collect your name, email address, username, and authentication identifier from Sign in with Apple or Sign in with Google. You may also choose to provide a phone number, profile photo, biographical information, professional title, location, and links.
- Content: posts, comments, direct messages, voice posts, columns, images, audio recordings, reactions, follows, blocks, reports, and any other content you create or interact with through the Service.
- Subscription & payment information: if you subscribe to a paid feature (for example, a paid newsletter), purchases are processed through the Apple App Store or Google Play. We receive a confirmation of the transaction and the entitlement granted, but we do not collect or store your full payment card details. For payouts to creators, you may be required to provide tax and bank information through our payments partner.
- Verification data: if you choose to apply for a verified badge, the gesture-based liveness check runs entirely on your device and your photos are never uploaded to us or anyone else. We receive only the pass/fail result. See Face Data and Identity Verification below for the complete description.
- Reports & correspondence: if you report content or contact support, we collect the report metadata, your message, and any attachments you choose to send.
1.2 Information Collected Automatically
- Device & technical data: device model, operating system version, app version, build number, device language and region, mobile carrier, IP address, network type, and device identifiers (such as the Identifier for Vendors on iOS and the Android Advertising ID where available).
- Usage data: the screens you view, features you use, search queries, content you interact with, error events, performance metrics, session duration, and timestamps.
- Approximate location: derived from your IP address and used to serve regionally relevant content. We do not collect precise (GPS-level) location unless you explicitly grant permission to a feature that requires it.
- Push notification tokens: issued by Apple Push Notification service or Firebase Cloud Messaging when you opt into notifications. We log only the last four characters of the token for support correlation.
- Cookies & similar technologies: our website uses essential cookies to maintain sessions and load preferences. We do not use advertising cookies.
1.3 Information From Third Parties
- Authentication providers: when you sign in with Apple or Google, we receive a verified email address (or relayed email), a stable user identifier, and the display name you authorize the provider to share.
- Mentions and tags: when other users mention or tag you, that interaction is associated with your account.
The categories of personal information we collect map to the disclosures in our App Store privacy nutrition label.
2. How We Use Information
- Operate and provide the Service: authenticate accounts, deliver content to feeds, route notifications, deliver media, process subscription entitlements, and operate the report and block flows.
- Personalize your experience: recommend creators, columns, and topics; surface relevant content; remember your preferences.
- Trust & safety: automatically classify content for objectionable material at upload time, investigate reports, enforce our Community Guidelines, prevent fraud and abuse, and verify accounts. Content classification is performed by automated systems including third-party content moderation services; the classification is logged but the underlying content is not retained by the classifier beyond the classification call.
- Communicate with you: send service messages, security alerts, transactional emails, and (with your consent) product updates.
- Measure and improve: understand which features are used, identify bugs and crashes, run experiments, and improve product quality. We use aggregated, non-identifying metrics for this purpose where possible.
- Comply with legal obligations: respond to lawful requests, enforce our Terms of Service, and protect our rights and the safety of our users.
We do not use your content (posts, messages, images, audio) to train our own machine-learning models, and we do not permit the AI providers we use to train their models on it (see Artificial Intelligence Features below). We do not sell your personal information.
2.1 Legal Bases for Processing (EEA, UK, and Switzerland)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information only where we have a legal basis to do so. The legal basis we rely on depends on the purpose:
- To operate and provide the Service (authenticate you, deliver your content and feeds, process subscriptions and entitlements) — performance of our contract with you.
- To communicate with you for service and security reasons and to keep the Service safe, prevent fraud and abuse, and improve and secure our product — our legitimate interests in running a trustworthy, functioning network (balanced against your rights).
- For optional features — AI features (Orbee and the tools described below), precise-location features, marketing communications, and any connected service you authorize — your consent, which you may withdraw at any time.
- To meet legal obligations (respond to lawful requests, retain records we are required to keep, defend legal claims) — compliance with a legal obligation and, where applicable, our legitimate interest in establishing or defending legal claims.
Where we rely on consent, withdrawing it does not affect processing we carried out before you withdrew it, and the rest of the Service continues to work normally. Where we rely on legitimate interests, you have the right to object — see Your Choices and Rights and Regional Disclosures below.
3. Face Data and Identity Verification
Orbyt offers an optional Get Verified feature that lets you earn a verified badge by proving you are a real, live person. This section describes our collection, use, disclosure, sharing, and retention of face data in full.
- What face data we collect: none is transmitted to us. When you start the check, your device's camera captures a short series of photos of you performing a quick liveness action, such as blinking. Those photos are analyzed entirely on your device using on-device face detection; they are written only to your device's temporary local storage and are deleted immediately after the check completes, whether it succeeds or fails. The photos are never uploaded to Orbyt and never shared with any third party.
- How face data is used: for exactly one purpose — confirming on your device that a real, live person performed the requested gesture, which helps prevent bots and impersonation. We do not create or store biometric templates, faceprints, or any other biometric identifiers; we do not perform facial recognition; and we do not match your face against your profile photo, other users, or any database.
- What our servers receive: only the outcome of the on-device check — a pass/fail result, the name of the gesture requested, and non-image diagnostics (such as the number of frames analyzed). No image and no data derived from your face leaves your phone.
- Sharing: face data is not shared with anyone, including Orbyt — it never leaves your device. No third party, AI service, or service provider receives it.
- Retention: because no face data is collected or transmitted, none is retained. The photos exist on your device only for the seconds the check takes and are then deleted. We retain only your verification status (verified or not), the date of verification, and a non-image record of the attempt (gesture requested, outcome, timestamps) used for rate-limiting and abuse prevention.
- Earlier app versions: versions of the app released before June 2026 performed this check by uploading a single photo for automated analysis by our image-analysis provider; that photo was used solely to confirm the gesture and was deleted immediately after the check, on success or failure. Current versions perform the check entirely on-device, and the legacy method is being retired.
4. Artificial Intelligence Features
Some Orbyt features are powered by third-party AI services. These features process your data only when you choose to use them, and we share only what the feature needs to work. The face data described above is never processed by these services.
- Orbee assistant: when you chat with Orbee, your messages, recent conversation history, and relevant profile context (such as your name, title, skills, and recent posts) are sent to Google LLC's Gemini API to generate responses. If you ask Orbee about other Orbyt content (for example, another member's public profile or a public post), that public content may be included so Orbee can answer.
- Résumé import and career tools: if you choose to upload a résumé or use job-match analysis, the résumé content and relevant profile details are processed by Google's Gemini API to extract structured information (such as skills and experience) and generate suggestions. The extracted results are saved to your profile; the raw document is not retained by the AI service.
- Natural-language search: your search query text is processed by Google's Gemini API to interpret what you are looking for. No profile information is included.
- Content safety: content you post is automatically screened for policy violations by OpenAI's content-moderation service. The classification result is logged; the classifier does not retain the content beyond the classification call.
We do not use your content to train AI models — ours or theirs. The content you send to Orbee and the other AI features above is processed by Google LLC under its paid-service terms, which prohibit Google from using your prompts or the generated responses to train its models and prohibit human review of them by Google's annotators. The content screened by OpenAI's moderation service is likewise processed under terms that prohibit training on it. These providers act as our service providers (data processors) and process your information solely to return results to us; they are contractually prohibited from using your information for advertising or selling it, and they apply protections for your data equivalent to those described in this Policy. We do not train our own machine-learning models on your content. Your AI conversations with Orbee are stored with your account like other content and are deleted when your account is deleted. We do not use these services on your data for any purpose other than providing the feature you invoked.
Your permission comes first. AI features do not send anything until you opt in: the first time you open an AI feature, the app explains what will be shared and with whom, and asks for your consent. If you decline, the rest of Orbyt works normally. You can grant or withdraw consent at any time in Settings → Privacy → AI Features.
5. How We Share Information
5.1 With Other Users
Your username, profile photo, public profile fields, posts, comments, and reactions are visible to other users. Direct messages are visible only to participants in the conversation. Reports and blocks are confidential.
5.2 With Service Providers
We share information with vendors that perform functions on our behalf under written agreements that limit their use to what we authorize. Categories of service providers (and the categories of third parties to whom we disclose personal information) include:
- Cloud hosting and database infrastructure providers
- Content delivery network and media storage providers
- Mobile push notification delivery services
- Email delivery and transactional messaging services
- Subscription management services
- Payment processing and creator payout providers
- Automated content classification and trust-and-safety services (OpenAI)
- AI processing services for the features described in Artificial Intelligence Features (Google LLC — Gemini API)
- Analytics and product-research services (event-level, no payload content)
- Error monitoring and reliability services
- Search infrastructure providers
- Customer support tooling
5.3 With Authentication and Distribution Partners
- Apple — for Sign in with Apple, App Store distribution, in-app purchase processing, and push notification delivery on iOS.
- Google — for Sign in with Google, Google Play distribution, in-app purchase processing, and push notification delivery on Android.
These partners process data subject to their own privacy policies.
5.4 For Legal Reasons
We may disclose information when we have a good-faith belief it is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Orbyt, our users, or others.
5.5 In Connection With a Business Transfer
If Orbyt is involved in a merger, acquisition, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in writing or through a prominent notice in the Service.
5.6 With Your Consent
We may share information with other parties when you direct us to or with your consent.
5.7 Connected Services You Choose to Authorize
Some Orbyt features require connecting an external service to your account. These connections are entirely optional — you can use Orbyt without authorizing any of them, and you can disconnect at any time.
Google Calendar (experts and mentors only). If you offer bookable sessions on Orbyt and choose to connect Google Calendar, you grant Orbyt the https://www.googleapis.com/auth/calendar.events scope. We use this access for a single purpose: to create one calendar event on your primary Google Calendar each time a buyer books a session with you, add the buyer's email as an attendee on that event, and attach a Google Meet link so you and the buyer have a video room. Orbyt does not read your existing calendar events, your availability, or any other event you did not book through Orbyt — we only write events Orbyt itself created.
We store the OAuth access and refresh tokens issued by Google, your Google account email, and a flag indicating whether the connection is active. You can disconnect at any time in Settings → Connected Accounts. Disconnecting calls Google's token revocation endpoint and removes the stored tokens from our database. You may also revoke Orbyt's access directly at myaccount.google.com/permissions.
Orbyt's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, calendar data obtained through Google APIs is used only to provide the booking feature described above; is not used or transferred for serving advertisements (including retargeting or personalized advertising); is not sold; and is not read by humans except when (a) you give us explicit consent for a specific incident, (b) it is necessary for security purposes such as investigating abuse, or (c) it is necessary to comply with applicable law.
Stripe Connect (creators receiving payouts). If you accept paid bookings or paid newsletter subscriptions on Orbyt, payouts are processed by Stripe Connect. Stripe collects information directly from you (legal name, business details, government identification for KYC, and bank or card details) under Stripe's own privacy policy. Orbyt does not store your full bank or card details — we receive only the Stripe account identifier and payout status. See stripe.com/privacy.
6. Data Retention
- Active accounts: we retain your account information and content for as long as your account is active.
- Closed accounts: when you delete your account, your profile becomes invisible to other users within 24 hours, and the associated personal information is deleted within 30 days, except where retention is required by law, necessary to resolve disputes, or needed to enforce our agreements or prevent abuse.
- Reported and removed content: retained in a moderation log for the time required to handle appeals, defend against legal claims, and detect repeat violations — typically up to 12 months.
- Backups and audit logs: may persist for up to 90 days after deletion before being overwritten.
- Aggregated, de-identified analytics: may be retained indefinitely.
When we no longer have a lawful purpose to keep your personal information, we delete it or de-identify it so it can no longer be associated with you.
7. Security
We implement reasonable administrative, technical, and physical safeguards designed to protect your information — including encrypted transport (HTTPS/TLS), encrypted at-rest storage for sensitive fields, scoped access controls, secret rotation, and ongoing monitoring. No system is perfectly secure, however, and we cannot guarantee that unauthorized access, disclosure, or loss will never occur.
8. Your Choices and Rights
You have meaningful control over your personal information. Depending on where you live, some of these are legal rights (see Regional Disclosures below); we extend the core controls to everyone.
- Access and update: you can view and edit your profile information, subscriptions, and preferences from within the app.
- Correct (rectify): you can correct inaccurate personal information in the app, or ask us to correct it.
- Delete your account: you can delete your account from Settings → Account. Deletion is processed as described in Data Retention above.
- Export your data (portability): you may request a copy of your personal information in a portable, machine-readable format by emailing support@orbytsocial.com.
- Object or restrict processing: you may object to or request restriction of processing of your personal information in certain circumstances.
- Withdraw consent: for any feature that relies on your consent (such as AI features or marketing), you can withdraw it at any time in the relevant settings or by contacting us, without affecting the rest of the Service.
- Push notifications: control delivery in Settings → Notifications or in your device's system settings.
- Marketing communications: opt out using the unsubscribe link in any marketing email or by contacting us.
To exercise any right, contact us at support@orbytsocial.com from the email address associated with your account, or use the in-app Contact Support link. We respond within the timelines required by applicable law (typically 30–45 days). We will not discriminate against you for exercising your rights. You may use an authorized agent to submit a request where the law permits; we may need to verify your identity and the agent's authority before acting.
9. Children's Privacy
Orbyt is intended for adults. The Service is not directed to anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe a minor has provided us with personal information, please contact us at support@orbytsocial.com and we will take steps to delete such information. For our broader commitments to preventing child sexual exploitation and abuse, see our Child Safety Standards.
Because Orbyt is adults-only and not directed to minors, the digital age of consent thresholds set by certain jurisdictions for children's data do not apply to our Service; we require all users to be 18 or older regardless of the local threshold.
10. International Users and Data Transfers
Orbyt is operated from the United States and stores data primarily in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your country.
Where we transfer personal information out of the EEA, UK, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards — principally the European Commission's Standard Contractual Clauses (and the UK Addendum / IDTA, and the Swiss equivalent, where applicable) — together with supplementary technical and organizational measures. You may request a copy of the relevant safeguards by contacting us at support@orbytsocial.com.
11. Regional Disclosures
11.1 California Residents (CCPA / CPRA)
This section provides additional information for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
Categories of personal information we collect. In the past 12 months we have collected the following categories: identifiers (such as name, username, email address, account and device identifiers, and IP address); commercial information (subscription and purchase entitlements); internet or network activity (usage and interaction data); approximate geolocation (derived from IP address); audio, visual, and similar information (profile photos, images, voice posts, and audio you upload); professional or employment-related information (title, professional background, and résumé content you provide); and the content of your communications (posts, comments, and direct messages). Some of these may be treated as sensitive personal information — for example, account log-in credentials and the contents of your direct messages. We use sensitive personal information only to provide the Service and for the purposes described in this Policy, and not to infer characteristics about you.
Sources. We collect personal information directly from you, automatically from your use of the Service and your device, and from third parties such as sign-in providers and other users who mention or tag you.
Business purposes for collection. We use personal information for the business purposes described in How We Use Information above — operating and providing the Service, personalization, trust and safety, communicating with you, measurement and improvement, and legal compliance.
Categories of third parties. We disclose personal information to the categories of service providers and partners listed in How We Share Information above (for example, cloud hosting, content delivery, payments, analytics, AI processing, and trust-and-safety vendors).
No sale or sharing. We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. Because we do not sell or share personal information, we do not offer a separate "Do Not Sell or Share My Personal Information" mechanism — there is nothing to opt out of. We also do not use or disclose sensitive personal information for purposes that would trigger the right to "Limit the Use of My Sensitive Personal Information," so no separate limitation request is required; you may still contact us with any question about how we handle this data.
Your California rights. You have the right to: (a) know what personal information we collect, use, disclose, and (if applicable) sell or share; (b) request deletion of your personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of personal information (not applicable, as we do neither); and (e) limit the use and disclosure of sensitive personal information (not applicable, as described above). To exercise any right, contact support@orbytsocial.com or use the in-app Contact Support link. We will not discriminate against you for exercising any of these rights.
11.2 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)
If you are in the EEA, UK, or Switzerland, Orbyt Social, Inc. is the controller of your personal information. The legal bases on which we rely are described in Legal Bases for Processing above. You have the rights of access, rectification, erasure, restriction of processing, data portability, and objection, and where we rely on consent you have the right to withdraw that consent at any time (without affecting processing carried out before withdrawal). To exercise any right, contact support@orbytsocial.com.
Right to lodge a complaint. You also have the right to lodge a complaint with your local data protection supervisory authority. In the EEA, this is the authority in your country of residence, place of work, or where the alleged infringement occurred; in the UK, it is the Information Commissioner's Office (ICO); in Switzerland, it is the Federal Data Protection and Information Commissioner (FDPIC). We would, however, appreciate the chance to address your concerns directly before you do so.
International transfers of your personal information out of these regions, and the safeguards we apply, are described in International Users and Data Transfers above.
11.3 Other Jurisdictions
If your jurisdiction grants additional privacy rights, we honor them as required by applicable law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top and, for material changes, provide additional notice (such as an in-app banner or email). Your continued use of the Service after the effective date of an update constitutes your acceptance of the updated policy.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our practices, contact us at:
Orbyt Social, Inc.
Email: support@orbytsocial.com
In-app: Settings → Contact Support
Related: Terms of Service · Community Guidelines · Child Safety Standards