Privacy Policy

1. Who we are (Data Controller / Data Fiduciary)

For GDPR we are the data controller; for the DPDP Act we are the Data Fiduciary. Operated by [REGISTERED ENTITY NAME], [REGISTERED BUSINESS ADDRESS].

• General contact: support@orbb.app
• Privacy / Data Protection Officer (GDPR): privacy@orbb.app
• Grievance Officer (India, DPDP s.13): grievance@orbb.app
• EU/UK Article 27 Representative: to be appointed

2. Personal data we collect

• Account identity — Sign in with Apple identifier; email (optional, only if you share it); display name.
• Profile — display name, profile photo, self-reported role/focus.
• Bookmarked content — URLs, titles, captions, web-page text, saved images and video, voice-note audio, tags, notes.
• AI-derived data — category, summary, extracted entities (people/places/organisations/topics), detected resources, voice transcripts, sentiment, embeddings, interest inferences. This is "profiling" under GDPR Art.4(4).
• Location — GPS coordinates and photo-EXIF location (optional, revocable in iOS Settings); inferred place names.
• Search & chat activity — recent searches; Ask Orbb chat history.
• Usage & analytics, crash/diagnostics — feature interactions, retention signals, performance and crash data.
• Device & push tokens, subscription status, linked-account data (Instagram, connected AI clients), and support/grievance correspondence.
• Creator Rewards submissions — if you participate, the video URLs you submit, your self-reported channel handle and view counts, the verification code we issue, and review notes. We view publicly available video pages to verify; we do not access your third-party accounts. Kept for fraud-prevention and accounting.
• Feedback, comments, reports & attachments — request titles/details, comments, replies, votes, subscriber status, roadmap/changelog activity, reports, uploaded screenshots or screen recordings, file metadata, uploader identifiers and timestamps.

We do not intentionally collect special-category / sensitive data. Content you choose to save (a voice note, a photo of a face, a place of worship) may itself reveal such data; we process it only to provide the feature you requested, on a consent basis.

3. Why we use your data, and our legal basis

For each purpose we rely on a GDPR Art.6 basis and a DPDP basis (your consent under s.6, or a legitimate use under s.7 such as providing a service you requested):

• Provide the core service (accounts, store/organise/search bookmarks, AI analysis) — Art.6(1)(b) contract / DPDP s.7(a).
• Voice & image/video analysis, location tagging, Instagram import, connected AI clients, push notifications — Art.6(1)(a) consent / DPDP s.6.
• The Discover feed (an anonymous index of public reels, carrying no account identifier) — Art.6(1)(f) legitimate interests, with an opt-out; excluded for minors.
• Product analytics & crash diagnostics — consent in the EEA, UK and India; legitimate interests (with opt-out) elsewhere.
• Recommendations & in-app personalisation — legitimate interests; disabled for minors.
• Subscriptions — Art.6(1)(b) contract.
• In-app feedback — contract / requested service for requests, comments, votes, roadmap, changelog and notifications; legitimate interests for moderation, duplicate handling, product improvement and abuse prevention.
• Security, fraud prevention, legal compliance, grievance handling — legitimate interests / legal obligation; DPDP s.7 / s.13.

Where we rely on consent you may withdraw it at any time, as easily as you gave it. Where we rely on legitimate interests you may object.

4. AI processing & automated decisions

Orbb uses Google Gemini (Gemini 3.1 Flash Lite, via the Google Generative AI API) to analyse content you save — text, URLs, web excerpts, images, video frames and voice-note audio are sent to Google's API to return a category, summary, entities, resources and transcript. Building a picture of your interests is profiling, which we disclose here. Orbb makes no solely-automated decisions producing legal or similarly significant effects (GDPR Art.22). You can correct any AI inference in the App, and corrections are preserved. We only state a "no-training/no-retention" guarantee where it is contractually true for the Google API tier we use.

5. The Discover feed — anonymous public content

Discover surfaces interesting public reels and posts (Instagram, YouTube, TikTok, etc.) that Orbb users save. It is an anonymous content index: the public copy contains only the reel's own metadata (title, thumbnail, original link, original creator, caption) and Orbb's AI description of that public content (category, tags, summary, and the places/topics the reel is about). It carries no account identifier, so no one can see who saved a reel or build a profile of you — it is not personal data about you. Private content (voice notes, personal notes, private links, your own photos, your device location) is never published. If you are under 18, none of your saves appear in Discover. Participation is on by default; you can turn off "Include my saves in Discover" in Settings → Privacy & Data at any time, which removes your reels' anonymous copies. Deleting or hiding a bookmark also removes its Discover copy.

5A. In-app feedback, public attachments & moderation

Orbb includes an in-app feedback board where signed-in users can post feature requests, vote, comment, reply, view roadmap/changelog updates, and receive in-app feedback notifications.

• Public to signed-in users: feedback requests, comments, replies, vote counts, roadmap/changelog status, and any screenshots or screen recordings you attach are visible to other signed-in Orbb users unless Orbb hides, removes, or merges them.
• Attachments: if you attach a screenshot or screen recording, we store the file in Google Cloud Storage/Firebase Storage and store related metadata such as file name, content type, size, storage path, uploader identifier, and timestamps. Do not upload secrets, private conversations, access tokens, payment information, government IDs, health/financial information, private location details, or media of another person unless you have permission.
• Reports & moderation: you can report requests or comments. Reports are visible to Orbb admins only and may include the reported content, reporter identifier, reason, target identifiers and timestamps. Orbb admins may hide, unhide, remove, merge, reply to, or otherwise moderate feedback.
• Sensitive media checks: where available and enabled, Orbb may use Apple's on-device Sensitive Content Analysis framework to warn about or restrict media that appears to contain nudity before upload. Automated checks are imperfect and do not replace user reporting or admin moderation.
• Feedback notifications: we create in-app notification records when feedback you created, voted on, commented on, or subscribed to receives an official reply, status change, merge update, shipped update, or relevant reply. You can mark these notifications read in the App.
• Retention: feedback, comments, reports and attachments are retained while needed to operate the board, preserve product history, investigate abuse, comply with law, or enforce our terms. Hidden or merged content may be retained for moderation and audit purposes.

Because this feature collects and displays user-generated text, photos/videos and other user content, it should be reflected accurately in Orbb's App Store privacy details.

6. Sub-processors & third parties

We share data only as needed with the providers below; we do not sell your data or share it for advertising. Region indicates where processing primarily occurs.

• Google Firebase / Cloud (Auth, Firestore, Storage, Functions, Analytics, Crashlytics, FCM) — core infrastructure, feedback attachments & analytics — United States — terms.
• Google Gemini API — AI analysis incl. text, images, video frames and voice-note audio — United States — terms.
• Google Places API — receives precise GPS to resolve/enrich places — United States — terms.
• Google Books API and YouTube Data API — metadata (no account identifiers) — United States — terms.
• Apify — fetches public Instagram content you save — US/EU — terms.
• Meta / Instagram Graph API — optional linking & DM-based saving — US/Ireland — terms.
• Apple (Sign in with Apple, In-App Purchase, App Store Server API, APNs) — auth, payments, push — US/Ireland — terms.
• TMDB, Spotify, FxTwitter, PullPush (Reddit), Algolia (Hacker News) — public-content metadata (no account identifiers).

7. International data transfers

Orbb stores and processes data in the United States (Google Cloud Firestore multi-region nam5, Cloud Functions us-central1) and sends content to Google Gemini in the US.

GDPR (Chapter V): EEA/UK transfers are protected by Standard Contractual Clauses in our processors' data processing agreements (Google Cloud DPA + UK Addendum) and applicable adequacy frameworks (e.g. the EU-US Data Privacy Framework). DPDP (s.16): we transfer Indian Data Principals' data to the US, and commit to honour any country/territory the Indian Government restricts by notification.

India: we are your Data Fiduciary; our Grievance Officer is your first point of contact; you may escalate to the Data Protection Board of India; analytics and crash reporting are off until you opt in; minors receive special protections.

8. How long we keep your data

• Account, profile, bookmarks and AI-derived data — while your account is active.
• Recent searches — ~90 days. Ask Orbb chat — ~180 days.
• Analytics & retention events — ~14 months. Crash data — per Crashlytics defaults (typically up to 90 days).
• Feedback, comments, reports and public feedback attachments — while needed to operate the feedback board, maintain roadmap/changelog history, investigate abuse, enforce terms, comply with law, or until removed under our moderation/deletion processes.
• Following a deletion request — erased within 30 days across our systems (including backups, derived/AI data, Storage media, public copies, linked tokens, and your authentication identity); processors are instructed to erase.

9. Your rights

You have the rights below (GDPR Arts.15–22; DPDP ss.11–14). We respond without undue delay and within one month (GDPR Art.12(3)).

• Access & portability — Profile → Privacy & Data → Download my data (machine-readable JSON).
• Rectification — edit your profile and bookmarks, and correct AI inferences via a bookmark's Edit details; corrections are preserved.
• Erasure — Profile → Delete Account starts a 30-day grace period then triggers full server-side erasure (content, AI-derived data, Storage media, public copies, third-party tokens and your auth identity), with processors instructed to erase.
• Restriction & objection — use the Privacy & Data toggles or contact us.
• Withdraw consent — toggles for Analytics, Crash reporting, Discover, Instagram link and AI-client connections; revoke OS permissions in iOS Settings.
• No solely-automated significant decisions (Art.22) — Orbb makes none.
• Nominate another person (DPDP s.14) — contact the Grievance Officer.

10. Complaints to a regulator

Please contact us first. You may also complain to a regulator: your EEA Data Protection Authority (list); the UK ICO (ico.org.uk); or, in India, the Data Protection Board of India after raising the matter with our Grievance Officer.

11. Analytics, cookies & consent

Orbb runs no advertising trackers and does not sell data. For users in the EEA, UK and India, non-essential Firebase Analytics and Crashlytics are OFF by default and enabled only after you opt in (Profile → Privacy & Data); elsewhere they are on by default with an opt-out. Essential processing needed to run the App is not optional. The website uses only cookies necessary to serve the site.

12. Children's privacy

The minimum age to use Orbb is 13; children under 13 may not use Orbb. Users aged 13–17 are treated as minors: we disable behavioural profiling, targeted recommendations, the Discover feed and retention/marketing notifications, and show a parental-consent notice. In the EEA/UK we obtain parental consent where required by national digital-consent age (13–16). In India (DPDP s.9), anyone under 18 is a child requiring verifiable parental consent; minors receive a restricted, no-profiling experience and we are rolling out a verifiable parental-consent flow. We do not direct behavioural advertising at minors.

13. Security

We use measures appropriate to the risk (GDPR Art.32; DPDP s.8(5)): TLS in transit and encryption at rest; owner-scoped Firestore security rules with server-write-only derived data; secrets in Google Secret Manager; Sign in with Apple and PKCE OAuth for connected AI clients; pseudonymised analytics identifiers; and data-minimised third-party payloads.

14. Data-breach notification

If a breach is likely to risk your rights, we notify the competent supervisory authority without undue delay and where feasible within 72 hours (GDPR Art.33) and affected users where the risk is high (Art.34). For the DPDP Act we give intimation to the Data Protection Board of India and to affected Data Principals as prescribed (s.8(6)).

15. Subscriptions & payment

Apple processes all payments via In-App Purchase; Orbb receives subscription status only, not payment details. Auto-renewal continues unless canceled at least 24 hours before the renewal date. Manage or cancel in iOS Settings → [your Apple ID] → Subscriptions.

16. Changes & contact

We may update this policy; we will update the date/version, post it here and in the App, and for material changes notify you and, where required, seek fresh consent.

Contact: support@orbb.app · Privacy/DPO: privacy@orbb.app · India Grievance Officer: grievance@orbb.app.