Privacy Policy
Last Updated: January 27, 2026
At Orbiter Dev (“we”, “us”, or “our”), we believe that your code is your intellectual property and should remain under your control. This Privacy Policy explains how we collect, use, and protect your information across our Mobile App, Visual Studio Code Extension, and Cloud Services.
1. The Core Promise: “Zero Data Mode”
Orbiter Dev offers a Zero Data Mode for Enterprise and privacy-conscious users.
- When Enabled: Our servers act as a blind relay. Code snippets, diffs, and approval requests are transmitted via transient WebSocket connections and are never written to our persistent databases or logs.
- Data Persistence: In this mode, approval history is stored only locally on your device (using SwiftData/CoreData).
- Encryption: All transient payloads are End-to-End Encrypted (E2EE) using HPKE (RFC 9180) when paired with a verified mobile device. We cannot read the contents of your code approvals.
2. Information We Collect (Standard Mode)
If you do NOT enable Zero Data Mode, we collect the following to provide the Service:
A. Information You Provide
- Account Information: GitHub User ID, Avatar, and Display Name (via OAuth).
- Usage Data: Approval history, timestamps, and decision outcomes (Approved/Rejected).
- Code Snippets: We store diff summaries (file names, line counts, and short snippets of changed code) to display them on your mobile device.
B. Technical Data
- Device Information: Device model, OS version, and Push Notification tokens (APNs).
- Telemetry: Anonymous usage statistics (e.g., “Number of approvals per day”) to improve the product. Use of this data is aggregated and de-identified.
3. Data Retention
- Free Tier: We retain approval history for 7 days. After 7 days, data is automatically deleted from our servers.
- Pro/Team Tiers: We retain approval history indefinitely while your subscription is active, allowing you to access long-term audit logs.
- Account Deletion: If you delete your account, all personal data is removed immediately.
4. Third-Party Processors
We use the following trusted third-party service providers to operate Orbiter Dev:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, Authentication, Realtime | AWS (US East / EU West) |
| Stripe | Payment Processing | USA |
| Fly.io | Backend Compute / API Hosting | Global (Edge) |
| Apple (APNs) | Push Notifications | USA |
5. Security
- Encryption at Rest: All database volumes are encrypted using AES-256.
- Encryption in Transit: All traffic is secured via TLS 1.3.
- Biometrics: We leverage on-device biometrics (Face ID / Touch ID) to authorize sensitive actions. We never access or store your biometric data on our servers; we only receive a cryptographic signature attesting to verification.
6. Your Rights
Under laws like GDPR and CCPA, you have rights regarding your data:
- Access: You can export your approval history from the Web Dashboard.
- Rectification: You can update your profile via GitHub.
- Deletion: You can request full account deletion via the “Panic Button” or Settings menu.
7. Contact Us
For privacy concerns, please contact our Data Protection Officer at: legal@orbiterdev.ai