Orbit — Privacy Policy
Version: 2026-06-27 Last updated: 2026-06-27
1. Who we are
Orbit ("we", "us") is operated by David Enachescu-Goldenberg, operating as Orbit. The app is available at onorbit.app. For any privacy question or to exercise your rights, contact us at hello@onorbit.app.
2. The data we collect
We collect only what the app needs to work. We do not sell your data, we do not show ads, and we do not embed third-party advertising or tracking SDKs.
| Data | When | Why |
|---|---|---|
| Account: email, username, display name, optional avatar image | At signup / profile setup | Create and operate your account |
| Date of birth | At signup | Used only to verify you are 16+. It is NOT stored — we keep only a timestamp that age was confirmed (min_age_confirmed_at). |
| Location | Only while you are actively sharing an intent (foreground) | To find nearby matches ("serendipity"). Never collected in the background; never continuous tracking. |
| Push notification token | Only if you enable notifications | To deliver match / coordination alerts |
| Content you create: intents, burner-chat messages, pings, group memberships | As you use the app | To provide the core social features |
| Product analytics events (in-app actions) | As you use the app | First-party measurement to understand and improve the product |
3. Age requirement
Orbit is intended for users aged 16 and over. 16 is the age of digital consent under GDPR Art. 8 as applied in Germany (BDSG). We ask your date of birth at signup solely to confirm you meet this threshold and block sign-ups that do not. We do not store the date of birth itself.
4. Legal bases (GDPR Art. 6)
- Performance of a contract — operating your account and the core features you ask for.
- Consent — push notifications, and location access at the point you choose to share.
- Legitimate interests — first-party product analytics, safety and abuse prevention (blocking, reporting), and keeping the service secure and reliable.
5. Retention
- Burner chats are ephemeral and expire automatically after their lifetime ends.
- Blocking a user immediately closes and purges the burner conversation you shared.
- Operational logs (including the notification log) and product analytics events are retained for a limited period and then deleted or aggregated.
6. Your rights
Under the GDPR you can: access your data, export it, delete your account and data, correct inaccurate data, object to certain processing, and lodge a complaint with a supervisory authority. Account deletion and data export are available directly in the app (Profile → Privacy & data). You can also reach us at hello@onorbit.app.
7. Processors and third parties
We use the following processors to run Orbit:
- Supabase — database, authentication, file storage, and serverless functions.
- Expo — delivery of push notifications.
These providers process data on our behalf under our instructions.
8. Security
We protect your data with row-level access controls (each user can reach only their own private data), encrypted transport, and least-privilege access for our systems.
9. Changes to this policy
If we make material changes we will update the version date above and, where required, ask you to re-accept before continuing to use Orbit.
10. Contact
Questions or requests: hello@onorbit.app.