Privacy Policy

• Account & sign-in: the email address used to sign in via a one-time magic link.
• Connected social accounts:when a team member connects a YouTube, Instagram, or TikTok account through the platform's official OAuth flow, we store the resulting access and refresh tokens (encrypted at rest) so Orbitcan read that account's analytics.
• Profile & content data:public profile details (username, display name, avatar, follower count) and the account's own posts/videos along with their performance metrics (views, likes, comments, shares, and similar), retrieved from the connected platform's API.

Data is used solely to display analytics and reporting to the account owners inside Orbit. We do not sell data, use it for advertising, or share it with third parties for their own purposes. We do not access, post, or modify content on connected accounts beyond reading the metrics described above.

Connecting an account is optional and initiated by the account owner. Our use of information received from these APIs adheres to each platform's developer terms and policies, including the Google API Services User Data Policy (including its Limited Use requirements), the Meta Platform Terms, and the TikTok Developer Terms of Service and Platform Guidelines.

For TikTok specifically, Orbit uses Login Kit and the Display API with the scopes user.info.basic, user.info.profile, user.info.stats, and video.listto read the connected account's profile information, follower count, and its own public videos and their statistics. Orbit does not store copies of TikTok video cover images.

Data is stored in a managed Postgres database (Supabase) with row-level security, and the application is hosted on Vercel. OAuth tokens are encrypted at rest using AES-256-GCM and are never exposed to the browser. Access is restricted to authenticated members of the Receitei workspace.

You can disconnect any social account at any time from the Integrations screen; doing so deletes the stored access and refresh tokens for that account. You may also revoke Orbit's access directly from the platform's own app/connection settings. To request deletion of any remaining data associated with your account, contact us at the address below and we will remove it.

You may request access to, correction of, or deletion of your personal data, and you may withdraw a connection at any time. Requests are handled by contacting us directly.

We may update this policy as the product evolves. Material changes will be reflected by the “Last updated” date above.

Questions or data requests: frvalle2007@gmail.com.