Privacy Policy
Last updated June 10, 2026
Template for reference — have a lawyer review for your jurisdiction (GDPR, India DPDP Act, CCPA, etc.).
This Privacy Policy explains how [LEGAL_ENTITY_NAME] (“we”) collects, uses, and shares information when you use OrbitSub. We aim to collect the minimum we need, and to be honest about what we do with it.
1. Information We Collect
You provide
- Account: email, username, password (hashed), display name, bio, avatar.
- Profile: interests/topics you choose, optional avatar uploads.
- Content: research drafts and publications, comments, messages, AI prompts, reports you file.
- Support: anything you write to us via the contact form.
- Billing (paid plans): name, address, and tax ID (collected and processed by our payment processor; we do not store full card numbers).
Collected automatically
- Device / log data: IP, browser type, OS, referrer, pages viewed, timestamps.
- Cookies: essential (auth, security), optional (analytics, marketing) — see our Cookie Policy.
- Crash & performance: when something fails, we may capture error context via Sentry or similar.
2. How We Use Information
- Operate the Service (sign-in, content delivery, search, messaging, notifications).
- Personalize the feed using your interests, follows, and behavior.
- Safety & abuse prevention (rate limiting, brute-force detection, moderation).
- Billing & tax compliance for paid plans.
- Service communications (security alerts, policy changes, support replies).
- Product improvement via aggregated analytics.
3. Sharing
We share information with:
- Service providers who operate the Service on our behalf (hosting, email, payments, analytics, error monitoring). They are bound by contract to use data only as we instruct.
- Other users: anything you post publicly (research, comments, profile) is visible to other users. Messages are visible to the recipient.
- Law enforcement when legally required, and to protect the safety of users or the Service.
We do not sell personal data.
4. Your Rights
Depending on where you live, you may have the right to:
- Access, correct, or delete your personal data;
- Object to or restrict certain processing;
- Export your data in a portable format;
- Withdraw consent (where processing is based on consent);
- Lodge a complaint with your local data protection authority.
You can delete your account from Settings → Account → Delete account. Email [PRIVACY_EMAIL] for other requests.
5. Data Retention
We retain account and content data while your account is active. After deletion we remove personal data within 30 days, except where we must keep records for legal, tax, fraud prevention, or security purposes.
6. International Transfers
We may transfer data outside your country (e.g. to our cloud providers). Where required, we use standard contractual clauses or equivalent safeguards.
7. Children
OrbitSub is not directed to children under 13 (or the digital-consent age in your jurisdiction). If we learn a child has signed up, we will delete the account.
8. Security
We use encryption in transit (TLS), hashed passwords (bcrypt), encrypted 2FA secrets, rate limits, brute-force protection, and structured incident logging. No system is perfectly secure; we'll notify you of breaches affecting you as required by law.
9. Changes
We may update this policy. Material changes will be notified by email or in-product banner at least 14 days before they take effect.
10. Contact
[PRIVACY_EMAIL] · postal: [BUSINESS_ADDRESS]