Privacy Policy
Orbital Health Intelligence, Inc. · Effective February 1, 2026 · Version 2.0
The short version: Your capacity data is stored locally on your device by default. We don't sell your data. We don't show ads. You can export or delete everything at any time.
1. Who We Are
Orbital is operated by Orbital Health Intelligence, Inc. ("Orbital," "we," "us"). Orbital is a longitudinal capacity tracking tool — you log how you're doing each day, and over time, the app reveals your personal patterns.
For privacy questions: privacy@orbitalhealth.app
2. What We Collect
2.1 Data You Provide
- Capacity signals — your self-reported state (resourced, stretched, or depleted), optional category tags (sensory, demand, social), and optional free-text notes
- Email address — when you create an account or join the waitlist
- Year of birth — collected during onboarding for age-appropriate experience and aggregate cohort analytics (never shared individually)
- Payment information — processed by Stripe (credit card details are never stored on our servers)
2.2 Data Collected Automatically
- Device type, operating system, and app version
- Crash reports and error logs (via Sentry) for debugging
- Aggregate, anonymized usage metrics (page views, feature usage counts)
2.3 Data We Do NOT Collect
- Location data
- Contacts or address book
- Health data from HealthKit, Google Fit, or any other health platform
- Biometric data
- Browsing history
3. How We Store Your Data
Local-first architecture. All capacity signals are stored on your device by default. Data only leaves your device if you enable cloud sync.
- On-device storage — AsyncStorage (encrypted at the OS level on iOS and Android)
- Cloud sync (optional) — when enabled, data is encrypted in transit (TLS 1.3) and at rest. Stored in Supabase with row-level security — only you can access your rows
- Backups — cloud data is backed up with Supabase's infrastructure (AWS, US regions)
4. How We Use Your Data
- To provide the capacity tracking service and generate pattern visualizations
- To generate your Capacity Credential Index (CCI) reports when purchased
- To enable Circles sharing features (only with your explicit consent per circle)
- To send transactional emails (receipts, account changes) and waitlist updates
- To improve service quality through aggregate, anonymized analytics
- To respond to support requests
5. What We Never Do
- We never sell your data. Not to advertisers, data brokers, researchers, or anyone else.
- We never show ads. Our revenue comes from subscriptions and CCI purchases.
- We never share individual data without your explicit consent.
- We never use your data to train AI models.
6. Third-Party Services
We use a limited number of third-party services, each under strict data processing agreements:
- Supabase — encrypted cloud storage and authentication
- Stripe — payment processing (PCI DSS Level 1 compliant)
- RevenueCat — mobile subscription management (Apple/Google in-app purchases)
- Sentry — error monitoring and crash reporting (no capacity data sent)
- Resend — transactional email delivery
7. Cookies
The Orbital website and app do not use cookies for tracking. We do not use any third-party analytics cookies, social media pixels, or advertising trackers. The only cookies are essential session cookies for authentication when you sign in to the web admin panel.
8. Your Rights
You have the right to:
- Access — view all data we have about you (Settings → Export)
- Export — download your full dataset as JSON or CSV at any time
- Delete — permanently delete all your data (Settings → Delete Account)
- Revoke sharing — leave any Circle and revoke consent instantly
- Withdraw — stop using cloud sync at any time; your local data stays on your device
To exercise any of these rights, use the in-app settings or email privacy@orbitalhealth.app. We respond within 30 days.
9. Data Retention
- Active accounts — data retained while your account is active
- Account deletion — all data permanently deleted within 30 days of request
- Waitlist signups — email retained until you unsubscribe or launch period ends
- Payment records — retained for 7 years per tax and financial compliance requirements
10. Children's Privacy (COPPA)
Orbital requires users to be 13 years of age or older. We enforce this through a year-of-birth gate during onboarding. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us at privacy@orbitalhealth.app and we will delete the account and all associated data within 48 hours.
11. International Users
Data may be processed in the United States. By using Orbital, you consent to the transfer of data to the US. We comply with applicable data protection regulations including GDPR (for EU users) and CCPA (for California residents).
12. Security
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Row-level security (RLS) on all database tables
- Admin functions locked to service_role only
- No shared credentials — each user has isolated access
13. Changes to This Policy
We may update this policy. Material changes will be communicated through the app and via email to account holders. The "Effective" date at the top reflects the most recent version.
14. Contact
For privacy questions: privacy@orbitalhealth.app
For general support: contact@orbitalhealth.app
Mailing address: Orbital Health Intelligence, Inc.
Orbital is not a medical device. It does not provide medical advice, diagnosis, or treatment. All data is self-reported and subjective.