MyOrbit Privacy Policy
MyOrbit, Inc. and its affiliates ("MyOrbit," "we," "our," or "us") respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites, mobile applications, and services (collectively, the "Services").
By accessing or using the Services, you acknowledge that you have read, understood, and agree to this Policy and our Terms of Service. If you do not agree, please do not use the Services.
Table of Contents
- Information We Collect
- How We Use Your Information
- How We Share Information
- Your Privacy Rights and Controls
- Data Security
- Data Retention
- International Data Transfers
- Children's Privacy
- Platform-Specific Features
- Cookies and Tracking
- Third-Party Services
- Contact Us
- Changes to This Policy
- Additional Provisions
1. Information We Collect
1.1 Information You Provide Directly
Account Registration and Profile
- Basic information: name, username, email, phone number
- Profile details: bio, avatar, preferences
- Age verification data (for age-appropriate experiences)
- Optional: demographic information for personalization
Messages and Content
- AI Encryption Mode: Messages processed in secure memory for safety features, never permanently stored
- Superior E2EE Mode: Zero access by MyOrbit; messages stored encrypted on your device only
- Undelivered messages may be temporarily stored (encrypted, max 30 days)
- We never alter your data unless legally required
Digital Twins and AI Interactions
- Training data for your personal AI twin (FameWave OS)
- Conversation context for AI assistants
- Avatar customizations and preferences
- Business twin configurations (EchoBurst OS)
Creator and Monetization Data
- Payment information for subscriptions and Nuggets
- Tax information where required
- Creator verification documents
- Revenue and earnings data
- Orbit membership information
Support and Feedback
- Support tickets and correspondence
- Bug reports and feature requests
- Survey responses
- Beta testing feedback
1.2 Information Collected Automatically
Usage and Analytics
- Features you use and frequency
- Interaction patterns with AI companions
- Content engagement metrics
- Session duration and activity levels
- Device information (OS, browser, app version)
- General location (country/city level, if permitted)
Technical Data
- IP addresses (may be hidden in Superior E2EE mode)
- Device identifiers
- Log data and diagnostics
- Performance metrics
- Crash reports
Cookies and Tracking
See our Cookie Notice for detailed information about:
- Strictly necessary cookies
- AI feature cookies
- Analytics cookies
- Advertising cookies (optional)
1.3 Information from Third Parties
- Other Users: When they invite you or mention you
- Social Platforms: If you connect accounts
- Payment Providers: Transaction confirmations
- Business Partners: Integration data from connected services
- Public Sources: Publicly available information for verification
1.4 Special Categories of Data
Biometric Data (with explicit consent only)
- Facial features for avatar creation
- Voice patterns for AI twin training
- Age estimation from photos
- Used only for specified purposes
- Enhanced security measures applied
Health and Wellness Data (opt-in only)
- Fitness tracking information
- Wellness goals and progress
- Mental health check-ins (anonymized)
- Never shared without explicit consent
2. How We Use Your Information
2.1 To Provide Services
- Create and manage your account
- Enable messaging and communication features
- Power AI companions and digital twins
- Process transactions and subscriptions
- Deliver requested content and features
- Provide customer support
2.2 To Improve and Personalize
- Customize your experience based on preferences
- Recommend relevant content and connections
- Optimize AI model selection for cost and performance
- Develop new features and services
- Fix bugs and improve performance
- Conduct research and analytics
2.3 For Safety and Security
- Detect and prevent harmful content (AI Encryption mode)
- Identify and block spam, fraud, and abuse
- Verify age for age-appropriate experiences
- Respond to safety reports and emergencies
- Protect against unauthorized access
- Maintain platform integrity
2.4 To Communicate
- Send service updates and notifications
- Deliver security alerts and warnings
- Provide product announcements (with consent)
- Share policy changes
- Respond to your inquiries
2.5 For Legal Compliance
- Meet legal obligations
- Respond to legal requests and court orders
- Protect rights, property, and safety
- Enforce our Terms of Service
- Investigate violations
2.6 With Your Consent
- Additional purposes you specifically agree to
- Optional features requiring extra permissions
- Marketing communications (opt-in)
- Participation in research or beta programs
3. How We Share Information
3.1 Service Providers
We work with trusted partners who help us operate:
- Cloud Infrastructure: AWS, Google Cloud (SOC2 compliant)
- AI Partners: OpenAI, Anthropic, Google (contractually prohibited from training on your data)
- Payment Processors: Stripe, PayPal (PCI compliant)
- Analytics: Google Analytics (anonymized data only)
- Communications: SendGrid, Twilio
All service providers are bound by strict confidentiality agreements.
3.2 Safety Partners
For platform safety, we may share limited data with:
- PhotoDNA: CSAM detection (hash matching only)
- Perspective API: Toxicity detection
- Age Verification Services: Identity verification
- Crisis Support Organizations: When users need help
3.3 Legal Disclosures
We may disclose information when required by:
- Valid legal process (subpoenas, warrants)
- Emergency situations involving danger
- Our Terms of Service enforcement
- Protection of rights and safety
Important E2EE Limitation: In Superior E2EE mode, we cannot provide message content as we have no access to it.
3.4 Business Transfers
If MyOrbit is involved in a merger, acquisition, or sale:
- Your information may transfer to the new entity
- We'll notify you before any transfer
- The new entity must honor this Privacy Policy
3.5 Public Information
Information you make public is visible to:
- Other users (based on your privacy settings)
- Search engines (public profiles only)
- Third-party services you connect
3.6 Consent-Based Sharing
We share information when you:
- Direct us to share with specific parties
- Connect third-party accounts
- Participate in partnerships or promotions
- Use collaborative features
3.7 Aggregated Data
We may share anonymized, aggregated data that cannot identify you for:
- Industry research
- Platform transparency reports
- Academic studies
- Business intelligence
We Never Sell Your Personal Data
We do not sell personal information for monetary consideration.
4. Your Privacy Rights and Controls
4.1 Universal Rights
All users can:
- Access your personal data
- Update incorrect information
- Delete your account and data
- Download your information
- Control privacy settings
- Opt-out of non-essential data uses
4.2 Regional Privacy Rights
European Union (GDPR)
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
- Lodge complaints with supervisory authorities
California (CCPA/CPRA)
- Right to know what data we collect
- Right to delete personal information
- Right to opt-out of "sale" or "sharing"
- Right to non-discrimination
- Right to correct inaccurate information
- Right to limit sensitive data use
Other Jurisdictions
We respect privacy rights under all applicable laws including those in Canada, Brazil, Australia, and other regions.
4.3 How to Exercise Your Rights
- In-App: Settings > Privacy > Your Data Rights
- Email: privacy@myorbit.ai
- Portal: myorbit.ai/privacy-rights
We'll respond within:
- 30 days (GDPR requirement)
- 45 days (CCPA, with possible extension)
- As required by applicable law
4.4 Choice and Control Tools
Privacy Settings
- Profile visibility controls
- Messaging preferences
- Content sharing options
- Relationship-based privacy levels
Communication Preferences
- Marketing opt-out
- Notification customization
- Email frequency settings
AI and Data Training
- Opt-out of AI training use
- Control AI feature access
- Manage digital twin data
Encryption Mode
- Choose between AI Encryption and Superior E2EE
- Switch modes anytime (some data may be lost)
- Clear mode indicators and warnings
5. Data Security
5.1 Technical Safeguards
- Encryption in Transit: TLS 1.3 for all connections
- Encryption at Rest: AES-256 for stored data
- Superior E2EE: Signal Protocol for maximum privacy
- Secure Infrastructure: SOC2-compliant cloud providers
- Access Controls: Role-based, least privilege principle
- Regular Audits: Security assessments and penetration testing
5.2 Organizational Measures
- Security training for all employees
- Strict confidentiality agreements
- Limited access to personal data
- Background checks for key personnel
- Incident response procedures
- Regular security updates
5.3 Your Security Role
Help keep your account secure:
- Use strong, unique passwords
- Enable two-factor authentication
- Keep your app updated
- Report suspicious activity
- Don't share login credentials
- Be cautious with public Wi-Fi
5.4 Breach Notification
If a breach affects your data:
- We'll notify you within 72 hours (where required)
- Provide clear information about the incident
- Offer guidance on protective steps
- Work with authorities as needed
6. Data Retention
6.1 Retention Periods
We keep data only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | While account active + 30 days | Service provision |
| Messages (AI Mode) | Processed only, not stored | Privacy by design |
| Messages (E2EE) | User-controlled on device | Zero access |
| Transactions | 7 years | Tax/legal requirements |
| Safety Reports | 2 years | Platform safety |
| Deleted Content | 30 days in backups | Recovery/legal holds |
| Analytics | 90 days | Service improvement |
| Marketing | Until opt-out + 30 days | Preference processing |
6.2 Deletion Practices
When you delete data:
- Removed from active systems immediately
- Purged from backups within 30 days
- May persist if legally required
- Anonymized data may be retained
6.3 Account Deletion
You can delete your account anytime:
- Self-service in Settings
- Email request to privacy@myorbit.ai
- All personal data removed
- Some records kept for legal compliance
7. International Data Transfers
7.1 Global Operations
MyOrbit operates globally. Your data may be processed in:
- United States (primary)
- European Union (for EU users)
- Other countries where we have operations
7.2 Transfer Safeguards
We ensure appropriate protection through:
- Standard Contractual Clauses (SCCs) for EU-US transfers
- Adequacy decisions where available
- Binding corporate rules for intra-group transfers
- Your consent where required
7.3 Regional Data Storage
Where possible, we store data regionally:
- EU data in EU data centers
- Certain countries may have local requirements
- E2EE data remains on your device
8. Children's Privacy
8.1 Age Requirements
- Minimum age: 13 years old (16 in EU)
- Erotica content: 18+ only
- Business features: 18+ or with guardian approval
8.2 Parental Controls
For users 13-17, we provide:
- Parental consent mechanisms (under 13 with COPPA)
- Account monitoring tools
- Content filtering options
- Privacy settings management
- Data access and deletion rights
8.3 Minor Protections
Default protections for minors:
- Private profiles
- Limited adult contact
- No targeted advertising
- Enhanced content filtering
- Restricted data collection
8.4 Age Verification
Progressive verification system:
- Phone number (all users)
- Photo age estimation (sensitive features)
- Government ID (high-risk features)
9. Platform-Specific Features
9.1 AI Features and Privacy
FameWave OS (Personal AI)
- Digital twin data stays private to you
- Training happens locally when possible
- You control personality and boundaries
- Clear AI vs. human labeling
EchoBurst OS (Business AI)
- Business data segregated from personal
- Audit trails for compliance
- Enterprise-grade security
- GDPR/CCPA compliant processing
9.2 Creator Economy
Look Ma I'm Famous
- IP protection for celebrity likeness
- 30-day grace period for claims
- Revenue sharing transparency
- DMCA compliance tools
AdWorks
- Optional advertising participation
- Clear opt-out mechanisms
- Revenue share transparency
- No selling of personal data
9.3 Encryption Modes Explained
AI Encryption (Default)
- Balanced privacy and features
- Content processed for safety
- AI features available
- Crisis support active
Superior E2EE (Optional)
- Complete end-to-end encryption
- Zero MyOrbit access
- No AI features
- You control all data
11. Third-Party Services
11.1 Integrated Services
When you connect third-party services:
- We access only necessary data
- Clear permissions requested
- You can disconnect anytime
- Data deleted upon disconnection
11.2 External Links
Our Services may contain links to third-party sites:
- We're not responsible for their practices
- Review their privacy policies
- Exercise caution sharing data
11.3 App Stores
When downloading from app stores:
- Additional terms may apply
- Store policies govern app distribution
- We comply with store requirements
12. Contact Us
12.1 Privacy Inquiries
Data Protection Officer
Email: privacy@myorbit.ai
Privacy Portal: myorbit.ai/privacy
General Privacy Questions
Email: privacy@myorbit.ai
Support: support@myorbit.ai
12.2 Mailing Address
MyOrbit, Inc.
730 Moreno Ave
Palo Alto, CA 94303
United States
12.3 Response Times
- Urgent safety issues: 24 hours
- Privacy rights requests: 30 days
- General inquiries: 48-72 hours
- Complex requests: 45 days with notice
12.4 Supervisory Authorities
EU residents may contact their local Data Protection Authority.
California residents may contact the California Privacy Protection Agency.
13. Changes to This Policy
13.1 Updates
We may update this Policy to reflect:
- Legal or regulatory changes
- New features or services
- Security improvements
- User feedback
13.2 Notification
For material changes:
- 30 days advance notice
- Email and in-app notifications
- Opportunity to review changes
- Option to close account if disagreeing
13.3 Version History
- Current Version: 3.0.0
- Effective: September 5, 2025
- Previous versions: Available on request via privacy@myorbit.ai
14. Additional Provisions
14.1 California Privacy Rights
"Shine the Light" Law: California residents can request information about personal data shared with third parties for marketing.
CCPA Metrics (2024):
- Requests received: [Number]
- Requests completed: [Number]
- Average response time: [Days]
14.2 Legal Basis for Processing (GDPR)
We process personal data based on:
- Contract: To provide Services you requested
- Legal Obligation: To comply with laws
- Vital Interests: To protect life/safety
- Legitimate Interests: To operate and improve Services
- Consent: For optional processing activities
14.3 Automated Decision-Making
We use automated systems for:
- Content moderation (AI Encryption mode)
- Fraud detection
- Age estimation
- Personalization
You can request human review of significant automated decisions.
Acknowledgment
By using MyOrbit, you acknowledge that you have read and understood this Privacy Policy. We're committed to protecting your privacy while providing innovative AI-powered experiences. Thank you for trusting us with your personal information.
Remember:
- You control your data
- Privacy settings are customizable
- We never sell personal data
- Encryption mode is your choice
- We're here to help with privacy questions