Legal · the fine print

Privacy Policy

Last Updated: June 10, 2026 · Effective Date: June 10, 2026

This Privacy Policy describes how Orbyt Social, Inc. ("Orbyt," "we," "us," or "our") collects, uses, shares, and protects information when you use the Orbyt Social mobile application, our website at orbytsocial.com, and related services (collectively, the "Service"). It applies to all users of the Service worldwide unless a separate notice applies to your jurisdiction (see Regional Disclosures below).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

We collect information in three ways: information you provide, information collected automatically when you use the Service, and information we receive from third parties.

1.1 Information You Provide

  • Account information: when you create an account, we collect your name, email address, username, and authentication identifier from Sign in with Apple or Sign in with Google. You may also choose to provide a phone number, profile photo, biographical information, professional title, location, and links.
  • Content: posts, comments, direct messages, voice posts, columns, images, audio recordings, reactions, follows, blocks, reports, and any other content you create or interact with through the Service.
  • Subscription & payment information: if you subscribe to a paid feature (for example, a paid newsletter), purchases are processed through the Apple App Store or Google Play. We receive a confirmation of the transaction and the entitlement granted, but we do not collect or store your full payment card details. For payouts to creators, you may be required to provide tax and bank information through our payments partner.
  • Verification data: if you choose to apply for a verified badge, the gesture-based liveness check runs entirely on your device and your photos are never uploaded to us or anyone else. We receive only the pass/fail result. See Face Data and Identity Verification below for the complete description.
  • Reports & correspondence: if you report content or contact support, we collect the report metadata, your message, and any attachments you choose to send.

1.2 Information Collected Automatically

  • Device & technical data: device model, operating system version, app version, build number, device language and region, mobile carrier, IP address, network type, and device identifiers (such as the Identifier for Vendors on iOS and the Android Advertising ID where available).
  • Usage data: the screens you view, features you use, search queries, content you interact with, error events, performance metrics, session duration, and timestamps.
  • Approximate location: derived from your IP address and used to serve regionally relevant content. We do not collect precise (GPS-level) location unless you explicitly grant permission to a feature that requires it.
  • Push notification tokens: issued by Apple Push Notification service or Firebase Cloud Messaging when you opt into notifications. We log only the last four characters of the token for support correlation.
  • Cookies & similar technologies: our website uses essential cookies to maintain sessions and load preferences. We do not use advertising cookies.

1.3 Information From Third Parties

  • Authentication providers: when you sign in with Apple or Google, we receive a verified email address (or relayed email), a stable user identifier, and the display name you authorize the provider to share.
  • Mentions and tags: when other users mention or tag you, that interaction is associated with your account.

The categories of personal information we collect map to the disclosures in our App Store privacy nutrition label.

2. How We Use Information

  • Operate and provide the Service: authenticate accounts, deliver content to feeds, route notifications, deliver media, process subscription entitlements, and operate the report and block flows.
  • Personalize your experience: recommend creators, columns, and topics; surface relevant content; remember your preferences.
  • Trust & safety: automatically classify content for objectionable material at upload time, investigate reports, enforce our community guidelines, prevent fraud and abuse, and verify accounts. Content classification is performed by automated systems including third-party content moderation services; the classification is logged but the underlying content is not retained by the classifier beyond the classification call.
  • Communicate with you: send service messages, security alerts, transactional emails, and (with your consent) product updates.
  • Measure and improve: understand which features are used, identify bugs and crashes, run experiments, and improve product quality. We use aggregated, non-identifying metrics for this purpose where possible.
  • Comply with legal obligations: respond to lawful requests, enforce our Terms of Service, and protect our rights and the safety of our users.

We do not use your content (posts, messages, images, audio) to train our own machine-learning models. We do not sell your personal information.

3. Face Data and Identity Verification

Orbyt offers an optional Get Verified feature that lets you earn a verified badge by proving you are a real, live person. This section describes our collection, use, disclosure, sharing, and retention of face data in full.

  • What face data we collect: none is transmitted to us. When you start the check, your device's camera captures a short series of photos of you performing a quick liveness action, such as blinking. Those photos are analyzed entirely on your device using on-device face detection; they are written only to your device's temporary local storage and are deleted immediately after the check completes, whether it succeeds or fails. The photos are never uploaded to Orbyt and never shared with any third party.
  • How face data is used: for exactly one purpose — confirming on your device that a real, live person performed the requested gesture, which helps prevent bots and impersonation. We do not create or store biometric templates, faceprints, or any other biometric identifiers; we do not perform facial recognition; and we do not match your face against your profile photo, other users, or any database.
  • What our servers receive: only the outcome of the on-device check — a pass/fail result, the name of the gesture requested, and non-image diagnostics (such as the number of frames analyzed). No image and no data derived from your face leaves your phone.
  • Sharing: face data is not shared with anyone, including Orbyt — it never leaves your device. No third party, AI service, or service provider receives it.
  • Retention: because no face data is collected or transmitted, none is retained. The photos exist on your device only for the seconds the check takes and are then deleted. We retain only your verification status (verified or not), the date of verification, and a non-image record of the attempt (gesture requested, outcome, timestamps) used for rate-limiting and abuse prevention.
  • Earlier app versions: versions of the app released before June 2026 performed this check by uploading a single photo for automated analysis by our image-analysis provider; that photo was used solely to confirm the gesture and was deleted immediately after the check, on success or failure. Current versions perform the check entirely on-device, and the legacy method is being retired.

4. Artificial Intelligence Features

Some Orbyt features are powered by third-party AI services. These features process your data only when you choose to use them, and we share only what the feature needs to work. The face data described above is never processed by these services.

  • Orbee assistant: when you chat with Orbee, your messages, recent conversation history, and relevant profile context (such as your name, title, skills, and recent posts) are sent to Google LLC's Gemini API to generate responses. If you ask Orbee about other Orbyt content (for example, another member's public profile or a public post), that public content may be included so Orbee can answer.
  • Résumé import and career tools: if you choose to upload a résumé or use job-match analysis, the résumé content and relevant profile details are processed by Google's Gemini API to extract structured information (such as skills and experience) and generate suggestions. The extracted results are saved to your profile; the raw document is not retained by the AI service.
  • Natural-language search: your search query text is processed by Google's Gemini API to interpret what you are looking for. No profile information is included.
  • Content safety: content you post is automatically screened for policy violations by OpenAI's content-moderation service. The classification result is logged; the classifier does not retain the content beyond the classification call.

These providers act as our service providers and process your information solely to return results to us. We use Google's Gemini API under its paid-service terms, under which Google does not use your prompts or the generated responses to train its models and does not have them reviewed by human annotators; our AI providers are likewise prohibited from using your information for advertising or selling it, and they apply protections for your data equivalent to those described in this policy. Your AI conversations with Orbee are stored with your account like other content and are deleted when your account is deleted. We do not use these services on your data for any purpose other than providing the feature you invoked.

Your permission comes first. AI features do not send anything until you opt in: the first time you open an AI feature, the app explains what will be shared and with whom, and asks for your consent. If you decline, the rest of Orbyt works normally. You can grant or withdraw consent at any time in Settings → Privacy → AI Features.

5. How We Share Information

5.1 With Other Users

Your username, profile photo, public profile fields, posts, comments, and reactions are visible to other users. Direct messages are visible only to participants in the conversation. Reports and blocks are confidential.

5.2 With Service Providers

We share information with vendors that perform functions on our behalf under written agreements that limit their use to what we authorize. Categories of service providers include:

  • Cloud hosting and database infrastructure providers
  • Content delivery network and media storage providers
  • Mobile push notification delivery services
  • Email delivery and transactional messaging services
  • Subscription management services
  • Payment processing and creator payout providers
  • Automated content classification and trust-and-safety services (OpenAI)
  • AI processing services for the features described in Artificial Intelligence Features (Google LLC — Gemini API)
  • Analytics and product-research services (event-level, no payload content)
  • Error monitoring and reliability services
  • Search infrastructure providers
  • Customer support tooling

5.3 With Authentication and Distribution Partners

  • Apple — for Sign in with Apple, App Store distribution, in-app purchase processing, and push notification delivery on iOS.
  • Google — for Sign in with Google, Google Play distribution, in-app purchase processing, and push notification delivery on Android.

These partners process data subject to their own privacy policies.

5.4 For Legal Reasons

We may disclose information when we have a good-faith belief it is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Orbyt, our users, or others.

5.5 In Connection With a Business Transfer

If Orbyt is involved in a merger, acquisition, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in writing or through a prominent notice in the Service.

5.6 With Your Consent

We may share information with other parties when you direct us to or with your consent.

5.7 Connected Services You Choose to Authorize

Some Orbyt features require connecting an external service to your account. These connections are entirely optional — you can use Orbyt without authorizing any of them, and you can disconnect at any time.

Google Calendar (experts and mentors only). If you offer bookable sessions on Orbyt and choose to connect Google Calendar, you grant Orbyt the https://www.googleapis.com/auth/calendar.events scope. We use this access for a single purpose: to create one calendar event on your primary Google Calendar each time a buyer books a session with you, add the buyer's email as an attendee on that event, and attach a Google Meet link so you and the buyer have a video room. Orbyt does not read your existing calendar events, your availability, or any other event you did not book through Orbyt — we only write events Orbyt itself created.

We store the OAuth access and refresh tokens issued by Google, your Google account email, and a flag indicating whether the connection is active. You can disconnect at any time in Settings → Connected Accounts. Disconnecting calls Google's token revocation endpoint and removes the stored tokens from our database. You may also revoke Orbyt's access directly at myaccount.google.com/permissions.

Orbyt's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, calendar data obtained through Google APIs is used only to provide the booking feature described above; is not used or transferred for serving advertisements (including retargeting or personalized advertising); is not sold; and is not read by humans except when (a) you give us explicit consent for a specific incident, (b) it is necessary for security purposes such as investigating abuse, or (c) it is necessary to comply with applicable law.

Stripe Connect (creators receiving payouts). If you accept paid bookings or paid newsletter subscriptions on Orbyt, payouts are processed by Stripe Connect. Stripe collects information directly from you (legal name, business details, government identification for KYC, and bank or card details) under Stripe's own privacy policy. Orbyt does not store your full bank or card details — we receive only the Stripe account identifier and payout status. See stripe.com/privacy.

6. Data Retention

  • Active accounts: we retain your account information and content for as long as your account is active.
  • Closed accounts: when you delete your account, your profile becomes invisible to other users within 24 hours, and the associated personal information is deleted within 30 days, except where retention is required by law, necessary to resolve disputes, or needed to enforce our agreements or prevent abuse.
  • Reported and removed content: retained in a moderation log for the time required to handle appeals, defend against legal claims, and detect repeat violations — typically up to 12 months.
  • Backups and audit logs: may persist for up to 90 days after deletion before being overwritten.
  • Aggregated, de-identified analytics: may be retained indefinitely.

7. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information — including encrypted transport (HTTPS/TLS), encrypted at-rest storage for sensitive fields, scoped access controls, secret rotation, and ongoing monitoring. No system is perfectly secure, however, and we cannot guarantee that unauthorized access, disclosure, or loss will never occur.

8. Your Choices and Rights

  • Access and update: you can view and edit your profile information, subscriptions, and preferences from within the app.
  • Delete your account: you can delete your account from Settings → Account. Deletion is processed as described in Data Retention above.
  • Export your data: you may request a copy of your personal information in a portable, machine-readable format by emailing support@orbytsocial.com.
  • Object or restrict processing: you may object to or request restriction of processing of your personal information in certain circumstances.
  • Push notifications: control delivery in Settings → Notifications or in your device's system settings.
  • Marketing communications: opt out using the unsubscribe link in any marketing email or by contacting us.

To exercise any right, contact us at support@orbytsocial.com from the email address associated with your account, or use the in-app Contact Support link. We respond within the timelines required by applicable law (typically 30–45 days).

9. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@orbytsocial.com and we will take steps to delete such information.

In jurisdictions where the digital age of consent is higher than 13 (such as 16 in parts of the European Union), we comply with the local age threshold and require verifiable parental consent or the appropriate alternative permitted by local law.

10. International Users and Data Transfers

Orbyt is operated from the United States and stores data primarily in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate. We rely on appropriate legal mechanisms (such as Standard Contractual Clauses) to safeguard cross-border transfers where required by law.

11. Regional Disclosures

11.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, disclose, and sell or share; (b) request deletion of your personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of personal information; and (e) limit the use and disclosure of sensitive personal information. We do not sell your personal information and do not share it for cross-context behavioral advertising. To exercise any right, contact support@orbytsocial.com. We will not discriminate against you for exercising a right.

11.2 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, the legal bases on which we rely to process your personal information include: (a) performance of our contract with you; (b) your consent (which you may withdraw at any time); (c) compliance with legal obligations; and (d) our legitimate interests in operating, improving, and securing the Service. You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority. To exercise any right, contact support@orbytsocial.com.

11.3 Other Jurisdictions

If your jurisdiction grants additional privacy rights, we honor them as required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top and, for material changes, provide additional notice (such as an in-app banner or email). Your continued use of the Service after the effective date of an update constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our practices, contact us at:

Orbyt Social, Inc.
Email: support@orbytsocial.com
In-app: Settings → Contact Support

Related: Terms of Service · Community Guidelines