At OrbitCrafted ("we", "us", or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, products, and services (collectively, the "Services"). Please read this policy carefully to understand our practices regarding your personal data.
1. Information We Collect
We collect information you provide directly to us, information we collect automatically when you use our Services, and information from third-party sources.
1.1 Information You Provide
- Account Information: When you create an account, we collect your name, email address, company name, and password.
- Payment Information: If you purchase a paid plan, we collect payment details (processed securely by Stripe; we do not store full credit card numbers on our servers).
- Communications: When you contact us for support, send us emails, or participate in surveys, we collect the content of your communications and any contact information you provide.
- Marketing Data: If you sign up for our newsletter or marketing communications, we collect your email address and basic company information.
1.2 Information Collected Automatically
- Usage Data: We collect information about how you use our Services, including pages visited, features used, actions taken, and time spent on the platform.
- Device Information: We collect information about your device, including IP address, browser type, operating system, device identifiers, and referring URLs.
- Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your browsing behavior, remember your preferences, and keep you logged in. You can learn more about our use of cookies in our Cookie Policy.
1.3 Third-Party Integrations
When you connect third-party platforms (such as ad accounts, analytics tools, or CRM systems) to our Services, we collect data from those platforms as necessary to provide the Services. This may include campaign performance data, audience information, and conversion metrics. We only access data you explicitly authorize us to access, and we do not store more data than required to provide our Services.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, maintain, operate, and improve our Services, including processing transactions and managing your account
- To personalize your experience, including customizing content and features based on your preferences
- To send you technical notices, updates, security alerts, and support and administrative messages
- To respond to your comments, questions, and requests and provide customer service and support
- To monitor and analyze trends, usage, and activities in connection with our Services to improve our products
- To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities
- To comply with legal obligations, resolve disputes, and enforce our agreements
- With your consent, to send you marketing communications about new features, products, and offers. You can opt out of these communications at any time.
3. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following circumstances:
- Service Providers: We share information with trusted third-party service providers who perform services on our behalf, including payment processing, hosting, data storage, analytics, email delivery, and customer support. These providers only have access to information necessary to perform their services and are obligated to protect your data.
- Business Transfers: If we are involved in a merger, acquisition, financing, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.
- Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to meet national security or law enforcement requirements.
- Protection of Rights: We may disclose information to protect and defend our rights and property, the safety of our users or the public, or to prevent or stop activity we consider to be illegal or unethical.
4. Data Security
We implement industry-standard security measures to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction. These measures include:
- End-to-end encryption of data in transit using TLS 1.3 and encryption of data at rest using AES-256
- SOC 2 Type II certified infrastructure with regular third-party security audits
- Strict access controls: only authorized employees have access to personal data, and access is limited based on job role
- Regular security penetration testing and vulnerability scanning
- Multi-factor authentication for all internal systems and employee accounts
No method of transmission over the Internet or electronic storage is 100% secure, however. While we use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
5. Your Data Rights
Depending on your location, you may have the following rights regarding your personal data:
5.1 GDPR Rights (EEA/UK Users)
If you are located in the European Economic Area or United Kingdom, you have the following rights under the GDPR:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct inaccurate or incomplete personal data.
- Right to Erasure: You can request that we delete your personal data in certain circumstances.
- Right to Restriction of Processing: You can request that we restrict processing of your personal data in certain circumstances.
- Right to Data Portability: You can request that we transfer your data to another organization, or directly to you, in a structured, commonly used, machine-readable format.
- Right to Object: You can object to processing of your personal data for direct marketing purposes, or where we are processing based on legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
5.2 CCPA Rights (California Users)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to Know: You can request information about the categories of personal information we collect, the sources of that information, the purposes for which we use it, and the categories of third parties with whom we share it.
- Right to Delete: You can request that we delete your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell your personal information. If our practices change in the future, we will provide notice and an opt-out mechanism.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights, including by charging different prices or providing different levels of service.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you cancel your account, we will delete your personal data within 30 days of cancellation, except where retention is required by law or for legitimate business purposes (such as preventing fraud or resolving disputes).
7. International Data Transfers
We are based in the United States, and we process and store data on servers located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. We take appropriate measures to ensure that international transfers comply with applicable data protection laws, including the use of Standard Contractual Clauses approved by the European Commission.
8. Children's Privacy
Our Services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 16, please contact us at [email protected].
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date at the top. For material changes, we will provide a more prominent notice, including via email to the address associated with your account. We encourage you to review this Privacy Policy periodically for any changes.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
Contact us at [email protected] for any privacy-related inquiries.