PRIVACY POLICY

1. Introduction

Welcome to Orbit! We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at support@orbitaim.io.

Orbit by OrbitAIM is an AI-native marketing superapp that helps small and mid-sized businesses unify strategy, content, lead generation, and automation into a single intelligent platform. Rather than forcing teams to stitch together 8–10 separate tools for email, CRM, content, and reporting, Orbit acts as a central business brain that codifies best practices, executes campaigns, and optimizes performance with minimal human intervention.

About OrbitAIM and Our Platform

OrbitAIM is operated and managed by HEMANT GADODIA. Our mission is to enable growth-focused teams and SMEs to run advanced, multi-channel marketing without deep in-house expertise. We embed strategy and repeatable processes inside automation so every campaign is rooted in a shared brand playbook rather than ad-hoc prompts or disconnected slides.

We specifically target SMEs, startups, and mid-market teams—business owners, marketing managers, and employer-branding leads who want a guided, scalable system without the complexity of enterprise suites. Orbit is built for teams that are resource-constrained, forward-looking on AI, and tired of juggling many disconnected tools.

Our Five Integrated Modules

Orbit provides five core modules that work together as a unified marketing automation platform. Understanding these modules helps clarify what data we collect and why:

• Strategy & Knowledge Hub: The "Brain" of Orbit. This module stores your brand guidelines, Ideal Customer Profiles (ICPs), tone of voice settings, and messaging pillars. It ensures every AI-generated output remains on-brand and consistent across all channels. Data stored here directly influences content quality.
• Content & Creation: AI-powered writers for LinkedIn posts, blog articles, and cold emails. This module includes "Assisted Ideation" to generate hooks, angles, and content frameworks instantly. Your usage patterns help us improve AI recommendations.
• Lead Engine: A complete lead generation machine featuring prospecting, data enrichment, list management, and full lifecycle tracking from first touch to conversion. This module processes prospect data to help you build and manage your sales pipeline effectively.
• Automation & Workflows: Curated, pre-built workflows with trigger-based sequences. For example, LinkedIn engagement can automatically trigger email follow-ups. These workflows are executed by autonomous AI agents that process your campaign data.
• Analytics & Dashboards: Actionable metrics for SMEs including ROI tracking, engagement rates, open rates, and "AI Usage" transparency. This module aggregates your campaign data to provide insights and help you close the loop from activity to outcome.

Our Business Model & Credits System

Orbit operates on a Membership + Credits model designed for teams. A base subscription covers your platform access and team seats (optimized for teams of 3-10+), while our "Orbit Credits" currency powers AI-driven features. Understanding this model is important for knowing how we track and process usage data:

• Subscription Credits: Included monthly with your plan (Starter, Pro, or Growth tiers). These refresh each billing cycle and do not roll over.
• Top-up Credits: Additional credit packs you can purchase. These never expire and remain in your account until used.
• Credit Consumption: Different features consume different amounts of credits. For example, generating a cold email may cost 1 credit, while deep web research may cost 2 credits. All consumption is transparently tracked in your dashboard.
• Company Credit Pool: Credits are shared across your entire team/company, allowing flexible allocation based on who needs AI assistance most.

Scope of This Privacy Policy

This privacy policy describes how and why we collect, store, use, and share your information when you use our services, including when you:

• Register on the platform and create your company workspace
• Connect third-party services like Gmail for email automation
• Input brand guidelines and ICPs into the Strategy Hub
• Utilize our AI-powered content writers for LinkedIn, blogs, and emails
• Access the Lead Engine for prospecting and data enrichment
• Set up and run Automation Workflows with AI agents
• Purchase subscriptions or top-up credit packs
• View Analytics & Dashboards for campaign performance

Our Privacy Commitment

At OrbitAIM, we believe that trust is the foundation of any successful business relationship. We are committed to:

• Transparency: Being clear about what data we collect, why we collect it, and how it is used
• Security: Implementing robust technical and organizational measures to protect your data
• Control: Giving you meaningful control over your personal information and how it is processed
• Minimal Collection: Only collecting data that is necessary to provide and improve our services
• No Data Selling: We never sell your personal data or Gmail data to third parties for advertising purposes

By using Orbit, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

We collect personal information that you voluntarily provide to us when you register on the platform, express an interest in obtaining information about us or our products and services, when you participate in activities on the platform, or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the platform, the choices you make, and the products and features you use. The personal information we collect may include the following:

Account & Profile Information

• Name and Contact Data: Full name, email address, phone number, and mailing address used to create and manage your user account.
• Account Credentials: Username, password, and security questions for authentication and account recovery.
• Company Information: Company name, size, industry, website URL, and team structure for workspace setup and personalization.
• Team Member Data: Email addresses and roles of team members you invite to your shared workspace.
• Profile Preferences: Language preferences, timezone, notification settings, and dashboard configurations.

Billing & Subscription Information

• Payment Information: Billing address and payment method details (processed securely by our payment processors). We do not store full credit card numbers.
• Subscription Plan Data: Your selected tier (Starter, Pro, or Growth), billing cycle (monthly/annual), and plan features enabled.
• Orbit Credits Balance: Current credit balance, monthly allocation from subscription, and any top-up packs purchased.
• Credit Consumption History: Detailed logs of credit usage across features including cold email generation (1 credit), web research (2 credits), LinkedIn posts, blog articles, and automation workflows.
• Invoice & Transaction Records: Payment history, invoices, refunds, and subscription changes for accounting and compliance purposes.

Strategy & Knowledge Hub Data

The Strategy Hub is the central brain of Orbit. To personalize AI outputs, we collect and store:

• Brand Guidelines: Your company's visual identity information, brand voice descriptions, core values, and messaging frameworks.
• Ideal Customer Profiles (ICPs): Detailed descriptions of your target customers including demographics, job titles, industries, pain points, and buying behaviors.
• Tone of Voice Settings: Your preferred communication style parameters (formal/casual, technical/simple, persuasive/informative) used to guide AI content generation.
• Messaging Pillars: Key themes, value propositions, and talking points that should be consistently reflected in all marketing materials.
• Competitor Information: Notes about competitor positioning and differentiation points you want to emphasize.
• Product/Service Descriptions: Details about your offerings that inform content creation and lead targeting.

Content & Creation Module Data

When you use our AI-powered content writers, we collect:

• Content Inputs: Prompts, topics, keywords, and instructions you provide to generate content.
• Generated Content: All AI-generated LinkedIn posts, blog articles, cold emails, and other marketing copy created through the platform.
• Content Edits: Modifications you make to AI-generated content, which helps improve future recommendations.
• Assisted Ideation Data: Hooks, angles, and content frameworks generated during brainstorming sessions.
• Content Performance Feedback: Your ratings and feedback on generated content quality.
• Template Preferences: Custom templates and formatting preferences you save for future use.

Lead Engine Data

The Lead Engine module processes prospect data to support your sales pipeline. We collect:

• Prospect Lists: Contact information for leads including names, email addresses, phone numbers, job titles, and company information.
• Enrichment Data: Additional information gathered about prospects through data enrichment services, including LinkedIn profiles, company size, and industry data.
• Lead Scoring Data: Engagement signals, open rates, click rates, and behavioral data used to prioritize leads.
• Pipeline Stage Information: Lead status, lifecycle stage (first touch, engaged, qualified, converted), and progression history.
• Interaction History: Records of all touchpoints with each lead including emails sent, responses received, and engagement activities.
• List Management Data: Tags, segments, and custom fields you create to organize your prospect database.

Automation & Workflow Data

When you use automation features, we process:

• Workflow Configurations: Your custom automation sequences, trigger conditions, and action steps.
• AI Agent Execution Logs: Records of autonomous AI agent activities including multi-channel campaign execution (LinkedIn to Email sequences).
• Trigger Events: Events that initiate automated workflows such as email opens, link clicks, or LinkedIn engagement.
• Scheduled Actions: Timing preferences for automated emails, posts, and follow-up sequences.
• Workflow Performance Data: Success rates, completion rates, and error logs for automation sequences.

Analytics & Dashboard Data

• Campaign Metrics: Open rates, click-through rates, response rates, and conversion data for all campaigns.
• ROI Tracking Data: Revenue attribution, cost-per-lead, and return on investment calculations.
• AI Usage Transparency: Detailed breakdown of how AI features contributed to your results and credit consumption.
• Engagement Analytics: LinkedIn post performance, blog traffic, and email engagement statistics.
• Custom Reports: Dashboard configurations, saved reports, and data export preferences.

Technical & Usage Data

• Device Information: IP address, browser type and version, operating system, and device identifiers.
• Session Data: Login times, session duration, pages visited, and feature interactions.
• Error & Performance Logs: Technical errors, API response times, and platform performance metrics.
• Integration Data: Connection status and tokens for third-party integrations you enable.

Communication Data

• Support Requests: Help desk tickets, chat conversations, and email correspondence with our support team.
• Feedback & Surveys: Responses to product surveys, feature requests, and satisfaction ratings.
• Onboarding Data: Information provided during account setup, demos, and training sessions.

Google User Data

When you connect your Gmail account to Orbit for email automation features, we collect and access the following information through Gmail APIs:

• Email Messages: Content, headers, attachments, and metadata of emails you send and receive through Orbit.
• Email Account Settings: Configuration and preferences from your Gmail account.
• Contact Information: Email addresses and names from your email communications for lead tracking.
• Labels & Folders: Organizational structures you use to categorize emails.
• Email History: Sending and receiving timestamps for delivery tracking and analytics.
• Email Tracking Data: Open rates, click tracking pixels, and delivery confirmations for emails sent through Orbit.

3. How We Use Your Information

We use personal information collected via our platform for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations.

Orbit is designed to be your "central business brain" for marketing operations. Below we explain in detail how we use your information across each of our five integrated modules.

Account Management & Platform Access

• Account Creation & Authentication: We use your name, email, and credentials to create your account, verify your identity, and provide secure access to the platform.
• Workspace Setup: We use company information to configure your shared workspace, assign team seats (optimized for teams of 3-10+), and set up role-based permissions.
• Administrative Communications: We send product updates, security alerts, credit balance notifications, subscription renewal reminders, and important policy changes.
• Team Collaboration: We facilitate team messaging, shared access to campaigns, and collaborative features within your company workspace.

Strategy & Knowledge Hub Usage

The Strategy Hub is the "Brain of Orbit. We use the data you store here to power personalized AI experiences across all modules:

• Brand Consistency: We use your brand guidelines, core values, and visual identity information to ensure all AI-generated content remains on-brand across LinkedIn posts, blogs, and emails.
• ICP Targeting: Your Ideal Customer Profiles (ICPs) inform lead targeting in the Lead Engine and help personalize cold outreach messaging to resonate with specific audience segments.
• Tone Calibration: Tone of voice settings (formal/casual, technical/simple, persuasive/informative) are applied to all AI content generation to match your communication style.
• Messaging Alignment: Your messaging pillars and value propositions are woven into generated content to maintain consistent positioning across all channels.
• Competitive Differentiation: Competitor information helps the AI emphasize your unique selling points and avoid messaging that overlaps with competitors.

Content & Creation Module Usage

When you use our AI-powered content writers and Assisted Ideation features, we use your data to:

• Generate LinkedIn Posts: Create engaging, on-brand LinkedIn content using your Strategy Hub data, topic preferences, and content style guidelines.
• Write Blog Articles: Produce long-form content that reflects your brand voice, targets your ICP, and incorporates your messaging pillars.
• Craft Cold Emails: Generate personalized outreach emails that align with your ICP definitions and incorporate proven cold email frameworks.
• Power Assisted Ideation: Generate hooks, angles, subject lines, and content frameworks to accelerate your creative process.
• Learn From Feedback: Use your edits, ratings, and content performance feedback to improve future AI recommendations and better align with your preferences.
• Save Templates: Store your custom templates and formatting preferences for efficient reuse across campaigns.

Lead Engine Usage

The Lead Engine is a complete lead generation machine. We use your data to support your full sales pipeline:

• Prospecting: Match your ICP criteria against prospect databases to identify and surface relevant leads for your outreach campaigns.
• Data Enrichment: Enhance prospect records with additional information like LinkedIn profiles, company size, industry, and contact details to improve targeting accuracy.
• List Management: Organize prospects using tags, segments, and custom fields to enable targeted campaign execution.
• Lifecycle Tracking: Monitor lead progression from first touch through qualification to conversion, providing visibility into your sales funnel.
• Lead Scoring: Use engagement signals (email opens, clicks, responses) to automatically prioritize high-intent leads for follow-up.
• Interaction History: Maintain a complete record of all touchpoints with each lead for context in follow-up conversations.

Automation & Workflow Usage

We process your data to execute automation workflows powered by autonomous AI agents:

• Trigger-Based Sequences: Execute automated actions based on events like email opens, link clicks, LinkedIn engagement, or time-based triggers.
• Multi-Channel Campaigns: Run coordinated campaigns across channels (e.g., LinkedIn engagement automatically triggers email follow-up sequences).
• AI Agent Execution: Deploy autonomous AI agents to execute complex workflow sequences with minimal human intervention.
• Scheduled Sending: Queue emails, posts, and other actions for optimal delivery times based on your preferences.
• Workflow Optimization: Analyze workflow performance data to identify bottlenecks and suggest improvements.

Analytics & Dashboard Usage

We aggregate and analyze your data to provide actionable insights:

• Campaign Performance: Calculate and display open rates, click-through rates, response rates, and conversion metrics for all your campaigns.
• ROI Tracking: Track revenue attribution, cost-per-lead, and return on investment to help you understand marketing effectiveness.
• AI Usage Transparency: Provide detailed breakdowns of how AI features contributed to your results, including credit consumption by feature type.
• Engagement Analytics: Monitor LinkedIn post performance, blog traffic, email engagement, and overall channel effectiveness.
• Custom Reporting: Generate and save custom reports based on your specific KPIs and business objectives.

Credits & Subscription Management

We track and manage your Orbit Credits to ensure transparent, predictable billing:

• Credit Allocation: Allocate monthly subscription credits based on your plan tier (Starter, Pro, or Growth) and track consumption across all AI-powered features.
• Usage Tracking: Log credit usage per action (e.g., 1 credit for cold email generation, 2 credits for deep web research) with full transparency.
• Balance Notifications: Alert you when credit balance is running low or when subscription renewal is approaching.
• Top-up Processing: Process purchases of additional credit packs that never expire and add to your company pool.
• Company Pool Management: Manage shared credit allocation across team members within your company workspace.

Platform Improvement & Support

• Product Development: Analyze aggregated usage patterns to identify popular features, pain points, and opportunities for improvement.
• Customer Support: Use your account and usage data to provide faster, more accurate support when you contact our team.
• Onboarding Assistance: Guide new users through platform setup based on their company profile and goals.
• Feature Recommendations: Suggest relevant features and workflows based on your usage patterns and business objectives.
• Quality Assurance: Monitor platform performance, identify bugs, and ensure reliable service delivery.

Legal & Compliance Usage

• Terms Enforcement: Monitor compliance with our Terms of Service and Acceptable Use Policy, including fair use of AI credits.
• Fraud Prevention: Detect and prevent fraudulent activity, unauthorized access, and abuse of platform features.
• Legal Compliance: Respond to valid legal requests, subpoenas, and regulatory inquiries as required by law.
• Dispute Resolution: Use transaction and usage records to resolve billing disputes or service-related issues.

How We Use Your Gmail Data

We use information received from Gmail APIs specifically for the following purposes related to our Cold Emailer and automation features:

• Email Composition & Sending: Compose, read, send, and organize emails through our platform interface using your connected Gmail account.
• Cold Email Campaigns: Send personalized cold outreach emails to prospects in your Lead Engine lists with tracking and follow-up automation.
• Email Automation: Execute scheduled sending, email sequences, and automated follow-ups as part of your workflow configurations.
• Delivery Tracking: Track email delivery status, opens, and clicks to measure campaign effectiveness and trigger follow-up actions.
• Response Detection: Identify and categorize responses to automatically update lead status and pause automation when appropriate.
• Sync & Backup: Synchronize email data within our platform for seamless access and backup purposes.

4. How We Share Your Information

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations. As a marketing automation platform, Orbit integrates with various third-party services to deliver comprehensive functionality. Below we explain in detail how and when we share your information.

Sharing Within Your Organization

Orbit is designed for teams of 3-10+ members. Your data may be shared within your organization in the following ways:

• Team Workspace Access: Team members in your shared workspace can access campaigns, leads, content, and analytics based on their assigned roles and permissions.
• Company Credit Pool: Orbit Credits are shared across your team, so credit consumption is visible to administrators and tracked at the company level.
• Strategy Hub Data: Brand guidelines, ICPs, tone settings, and messaging pillars are shared across all team members to ensure brand consistency.
• Lead Engine Lists: Prospect lists and lead data can be shared among team members for collaborative sales and marketing efforts.
• Campaign Collaboration: Multiple team members can collaborate on campaigns, workflows, and content creation.

Service Providers & Infrastructure Partners

We work with trusted third-party service providers who help us operate and improve the Orbit platform:

• Cloud Hosting Providers: We use secure cloud infrastructure (AWS, Google Cloud, or similar) to host our platform and store your data with enterprise-grade security.
• Database Services: Your data is stored in secure, encrypted databases managed by trusted providers with SOC 2 compliance.
• AI/LLM Providers: We use large language model providers to power our AI content writers, Assisted Ideation, and autonomous AI agents. Your prompts and generated content pass through these services.
• Email Delivery Services: For cold email campaigns, we may use email delivery infrastructure to ensure high deliverability rates.
• Payment Processors: Subscription payments and credit top-up purchases are processed by PCI-compliant payment providers. We never store full credit card numbers.
• Analytics Services: We use analytics tools to understand platform usage and improve performance. This data is aggregated and anonymized.

Data Enrichment & Lead Services

The Lead Engine module may share limited data with enrichment services:

• Prospect Enrichment: When you use our data enrichment features, basic prospect information (name, email, company) may be sent to enrichment providers to retrieve additional details like LinkedIn profiles and company data.
• Lead Verification: Email addresses may be verified through third-party services to ensure deliverability and reduce bounces.
• Web Research: When you use our AI-powered web research features (2 credits), we may query external data sources to gather publicly available information.

Third-Party Integrations

When you connect Orbit with third-party services, data flows between our platform and those services:

• Gmail Integration: Email content, contacts, and settings are accessed via Gmail APIs for cold email campaigns and automation (see Section 5 for details).
• LinkedIn Integration: For LinkedIn content posting and engagement tracking, we may connect with LinkedIn APIs to publish posts and retrieve analytics.
• CRM Integrations: If you connect external CRM tools, lead data may be synchronized bidirectionally based on your configuration.
• Webhook Integrations: Custom workflow triggers may send data to external services you configure.

Business Circumstances

• With Your Consent: We may share your information when you have given us explicit permission to do so, such as when publishing testimonials or case studies.
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. In such cases involving Google user data, we will obtain your explicit prior consent.
• Legal Requirements: When we believe disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request.
• To Protect Rights: When we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to safety, or as evidence in litigation.
• Aggregated/Anonymized Data: We may share aggregated, anonymized data that cannot identify you for research, benchmarking, or marketing purposes.

Sharing of Google User Data

We share, transfer, or disclose your Google user data only in the following limited circumstances, in strict compliance with Google API Services User Data Policy:

5. Gmail API Services

Orbit uses Gmail API services to power our Cold Emailer and Automation Workflow features. This section explains in detail how we use Gmail APIs, what data we access, and how we protect your email data in compliance with Google API Services User Data Policy.

Gmail integration is a core component of Orbit's multi-channel marketing capabilities, enabling you to execute personalized cold outreach campaigns, automate follow-up sequences, and track email engagement—all from within the platform.

Why We Need Gmail Access

Orbit's Gmail integration enables the following platform features:

• Cold Emailer Campaigns: Send personalized outreach emails to prospects in your Lead Engine lists with AI-generated content that matches your Strategy Hub settings.
• Email Sequences: Execute multi-step email sequences with automated follow-ups based on recipient behavior.
• Multi-Channel Automation: Trigger email sends based on LinkedIn engagement or other workflow events.
• Delivery Tracking: Monitor email delivery, opens, and clicks to measure campaign effectiveness.
• Response Detection: Automatically detect replies to pause automation and update lead status.
• Unified Inbox: View and manage email conversations alongside your Lead Engine data.

Scopes We Request

We request the following Gmail API scopes to provide our services. Each scope is necessary for specific functionality:

1. Read, compose, send, and permanently delete all your email from Gmail
   Required for: Comprehensive email management, sending cold emails, managing sent/received messages, and cleaning up draft emails created during campaigns.
2. View your email messages and settings
   Required for: Displaying your emails within Orbit, syncing account configurations, and reading email threads for response detection.
3. Send email on your behalf
   Required for: Sending cold outreach emails and automated follow-up sequences through your Gmail account.
4. Read, compose, and send emails from your Gmail account
   Required for: Creating email drafts, personalizing content with AI, and executing email campaigns.

How We Use Gmail Data in Orbit Features

Legitimate Use Case

Orbit is an email management and productivity platform designed to enhance your email experience for business purposes. We fall under Google's approved use case for "applications that enhance the email experience for productivity purposes (such as applications for customer relationship management, delayed sending of email, or mail merge)."

Specifically, Orbit provides:

• CRM-like Functionality: Lead management with email tracking and engagement history
• Delayed/Scheduled Sending: Queue emails for optimal delivery times
• Mail Merge Capabilities: Personalized mass outreach with dynamic content fields
• Email Templates: AI-generated templates based on your Strategy Hub settings
• Sequence Automation: Multi-step email campaigns with conditional logic

Security Measures for Gmail Data

We implement robust security measures to protect your Gmail data:

• Encryption in Transit: All data transmitted between Gmail and Orbit uses TLS 1.2 or higher
• Encryption at Rest: Email data stored on our servers is encrypted using AES-256
• Secure Token Storage: OAuth tokens are stored in encrypted, access-controlled environments
• Access Controls: Only authorized services can access Gmail data, with strict role-based permissions
• Audit Logging: All access to Gmail data is logged for security monitoring
• Regular Security Audits: We conduct regular security assessments of our Gmail integration

Human Access to Your Gmail Data

Our employees do not access or read your emails except in the following strictly limited circumstances:

• With Your Explicit Consent: You have specifically requested technical support and granted permission for troubleshooting email-related issues
• Security Investigations: It is necessary to investigate abuse, unauthorized access, security incidents, or violations of our Terms of Service
• Legal Compliance: Required by applicable law, regulation, or valid legal process (subpoena, court order)

All employee access is logged, monitored, and subject to strict confidentiality agreements. Employees who access user data undergo additional privacy training.

Data Retention and Deletion

Gmail data accessed through our platform is handled as follows:

• Secure Storage: Stored securely using industry-standard encryption (both in transit and at rest)
• Minimal Retention: Retained only as long as necessary to provide our services to you
• Automatic Deletion: Automatically deleted within 30 days after you revoke our access or delete your account (unless retention is required by law)
• Campaign Data: Email campaign analytics (aggregated metrics) may be retained for your historical reporting needs
• Purpose Limitation: Never used for purposes beyond those disclosed in this policy

Access Review Requirements

Google will ask you to review Orbit's access to your Gmail data every 6 months, unless you choose to allow ongoing access during the initial authorization process. This is a Google security feature designed to ensure you remain in control of your data.

Limited Use Disclosure

6. How Long We Keep Your Information

We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. This section provides detailed information about our retention practices for each type of data we collect.

Our retention policies are designed to balance your right to data minimization with our need to maintain service quality, comply with legal obligations, and support your business continuity needs.

Retention by Data Category

Data Deletion Upon Request

You may request deletion of your data at any time by contacting us at support@orbitaim.io or through your account settings. Upon receiving a valid deletion request:

• Standard Deletion: Most data is deleted within 30 days of your request.
• Backup Purge: Backup copies are purged within 90 days.
• Legal Holds: Certain data may be retained if required by law or ongoing legal proceedings.
• Aggregated Data: Anonymized, aggregated data that cannot identify you may be retained for analytical purposes.

7. How We Keep Your Information Safe

We implement robust organizational and technical security measures to protect your personal information and Google user data. As an AI-native marketing platform handling sensitive business data, security is fundamental to our architecture and operations.

OrbitAIM, managed by HEMANT GADODIA, is committed to maintaining the highest security standards to protect your Strategy Hub data, Lead Engine prospects, content, and Gmail integrations.

Technical Security Measures

Infrastructure Security

• Cloud Infrastructure: Hosted on enterprise-grade cloud platforms with SOC 2 Type II compliance
• Network Security: Firewalls, DDoS protection, and network segmentation protect our infrastructure
• Vulnerability Management: Regular vulnerability scanning and patching of all systems
• Penetration Testing: Annual third-party penetration testing to identify security weaknesses
• Disaster Recovery: Geo-redundant backups and documented disaster recovery procedures

AI & LLM Security

As an AI-native platform using LLMs, autonomous AI agents, and LangChain for workflow orchestration, we implement specific security measures for AI components:

• Data Isolation: Your Strategy Hub data is used only to personalize your own AI experiences, not to train shared models
• Prompt Security: Input validation and filtering to prevent prompt injection attacks
• Output Monitoring: AI-generated content is monitored for compliance with platform policies
• Audit Trails: Full logging of AI agent activities for transparency and debugging
• Third-Party LLM Providers: We use vetted LLM providers with enterprise security agreements

Gmail Integration Security

• OAuth 2.0: Secure authentication using Google's OAuth 2.0 protocol—we never see your Google password
• Token Security: OAuth tokens are encrypted at rest and in transit, with automatic refresh handling
• Scope Minimization: We only request the Gmail API scopes necessary for Cold Emailer and automation features
• Access Revocation: You can revoke access instantly via Google Account settings

Organizational Security

• Employee Training: All employees undergo security awareness training, with additional training for those handling user data
• Background Checks: Security-sensitive roles require background verification
• Confidentiality Agreements: All employees sign NDAs and confidentiality agreements
• Security Policies: Documented security policies and procedures reviewed annually
• Vendor Management: Third-party vendors are vetted for security practices and sign data processing agreements

Compliance & Standards

• Google API Services User Data Policy: Full compliance with Google's requirements for Gmail API access
• Data Protection: Alignment with GDPR principles for data protection and privacy
• Industry Best Practices: Following OWASP guidelines for web application security
• Regular Audits: Internal and external security audits to verify compliance

Incident Response

In the event of a security incident, we have established procedures to respond quickly and effectively:

• Detection: Automated systems and manual monitoring to detect potential incidents
• Response Team: Dedicated incident response team with defined roles and responsibilities
• Containment: Rapid containment procedures to limit impact
• User Notification: Affected users will be notified within 72 hours of confirmed data breaches, as required by applicable laws
• Root Cause Analysis: Post-incident analysis to prevent recurrence

8. Do We Collect Information From Minors?

We do not knowingly solicit data from or market to children under 18 years of age. Orbit is designed exclusively as a B2B (business-to-business) marketing automation platform for SMEs, startups, and marketing professionals—not for personal or consumer use by minors.

Age Requirements

• Minimum Age: You must be at least 18 years old to create an Orbit account and use our services.
• Business Representation: By registering, you represent that you are authorized to act on behalf of your company and have the legal capacity to enter into binding agreements.
• Team Members: All team members added to your company workspace must also be at least 18 years of age.
• Parental Consent: If you are the parent or guardian of a minor who has created an account without authorization, please contact us immediately.

Why Age 18?

The 18-year age requirement reflects the nature of our platform:

• Professional Use: Orbit is designed for marketing professionals, business owners, and startup founders making strategic business decisions.
• Financial Transactions: Our subscription plans (Starter, Pro, Growth) and Orbit Credits system require the ability to enter into financial agreements.
• Third-Party Integrations: Use of Gmail APIs, LinkedIn integrations, and other connected services require users to have their own authorized accounts.
• Data Responsibility: Users handle prospect data in the Lead Engine and are responsible for compliance with outreach regulations.

If We Discover Minor Users

If we learn that we have collected personal information from a user under the age of 18 without verification of proper authorization, we will take the following steps:

1. Immediate Account Suspension: The account will be temporarily suspended pending verification.
2. Parental Notification: If contact information for a parent or guardian is available, we will notify them.
3. Data Deletion: All personal data, Strategy Hub configurations, Lead Engine data, content, and Gmail connections will be permanently deleted.
4. Credit Refund: Any unused Top-up Credits will be refunded where applicable.
5. Documentation: We will document the incident for compliance purposes.

Reporting Underage Users

If you become aware of any data we have collected from children under 18, or if you believe someone under 18 is using our platform, please contact us immediately:

9. What Are Your Privacy Rights?

OrbitAIM, managed by HEMANT GADODIA, is committed to respecting your privacy rights. Depending on your location and applicable laws, you have several rights regarding your personal information and how we process it.

We make it easy for you to exercise these rights through your account dashboard, direct email requests, or by managing your third-party app permissions (for Gmail data).

General Privacy Rights

Rights Specific to Orbit Platform Features

Given the nature of our AI-native marketing platform, you have specific rights related to each module:

Managing Your Gmail Data

Upon receiving a valid deletion request, we will delete your Gmail data within 30 days. Aggregated, anonymized campaign metrics (not containing personal information) may be retained for your historical reporting needs.

Team Member Rights

If you are a team member in a company workspace (rather than the account owner):

• Contact Your Admin: Some data management requests may need to be processed by your company's Orbit administrator
• Personal Profile Data: You can directly access and modify your own profile information
• Gmail Connection: If you connected your personal Gmail, you maintain full control over that integration
• Leave Workspace: You can request to be removed from a company workspace at any time

Regional Privacy Considerations

Depending on your location, you may have additional rights:

• European Union (GDPR): Full data subject rights including access, rectification, erasure, restriction, portability, and objection. Right to lodge a complaint with your local data protection authority.
• California (CCPA/CPRA): Right to know what personal information is collected, right to delete, right to opt-out of sale (note: we do not sell personal information), and right to non-discrimination for exercising your rights.
• India (DPDP Act): Rights including access, correction, erasure, and the right to nominate another person to exercise rights on your behalf.
• Other Jurisdictions: We comply with applicable data protection laws in all jurisdictions where we operate.

How to Exercise Your Rights

To exercise any of your privacy rights, you have multiple options:

Response Timeline

• Acknowledgment: We will acknowledge your request within 48 business hours
• Standard Response: Most requests are completed within 30 days
• Complex Requests: If your request is complex or if we receive many requests, we may extend this period by up to 60 additional days (we will notify you if this is necessary)
• No Fee: We do not charge a fee for exercising your privacy rights unless requests are manifestly unfounded or excessive

10. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

Our Current DNT Response

At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy policy.

Tracking Technologies We Use

Understanding what tracking technologies we use helps you make informed decisions about your privacy:

What We Do NOT Track

OrbitAIM is committed to minimal data collection. We do NOT:

• Track your activity across other websites (no cross-site tracking)
• Sell or share tracking data with advertisers
• Use tracking pixels for advertising purposes
• Build behavioral profiles for ad targeting
• Share Analytics data with third-party marketing networks

Email Tracking in Cold Emailer

Our Cold Emailer feature includes tracking capabilities for emails you send through the platform:

• Open Tracking: We may include a small transparent pixel to detect when recipients open your emails
• Click Tracking: Links in your emails may be routed through our servers to track click-through rates
• Optional Feature: You can disable email tracking for individual campaigns or globally in your account settings
• Recipient Choice: Email recipients can use email clients that block tracking pixels

Your Tracking Controls

You have multiple options to manage tracking:

• Browser Settings: Adjust your browser settings to refuse cookies or alert you when cookies are being sent
• Account Preferences: Manage analytics and tracking preferences in your Orbit dashboard settings
• Campaign Settings: Disable open and click tracking for individual Cold Emailer campaigns
• Private Browsing: Use private/incognito mode to limit cookie storage
• Third-Party Tools: Use browser extensions designed to block tracking

11. International Data Transfers

Your information, including personal data and Gmail data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

OrbitAIM, managed by HEMANT GADODIA, operates globally and may transfer data internationally to provide our AI-native marketing platform services. This section explains how we handle such transfers and the safeguards we implement.

Where Your Data May Be Processed

Depending on how you use our platform, your data may be processed in the following locations:

Safeguards for International Transfers

When we transfer data internationally, we implement the following safeguards:

• Standard Contractual Clauses (SCCs): When transferring data from the EEA to countries without adequate data protection, we use EU-approved Standard Contractual Clauses.
• Data Processing Agreements: All service providers who process data on our behalf sign comprehensive data processing agreements with security and confidentiality obligations.
• Encryption: All data transfers are encrypted using TLS 1.2 or higher, and data at rest is encrypted using AES-256.
• Access Controls: Strict role-based access controls limit who can access your data, regardless of location.
• Vendor Assessment: We vet all vendors for their security practices before engaging them and periodically review their compliance.

Regional Considerations

Data Categories and Transfer Purposes

The following types of data may be transferred internationally:

• Strategy Hub Data: Transferred to AI/LLM providers for content personalization and generation
• Lead Engine Data: May be processed by enrichment services to enhance prospect information
• Content Data: Processed by AI services for LinkedIn posts, blog articles, and cold email generation
• Gmail Data: Processed through Google's infrastructure and our Cold Emailer services
• Billing Data: Processed by payment providers for subscription and credit transactions
• Analytics Data: May be processed by analytics providers to improve platform performance

Gmail Data and International Transfers

Your Consent to Transfers

If you are located outside India and choose to provide information to us, please note that we transfer the data, including personal data, to India and process it there.

Your consent to this privacy policy followed by your submission of such information represents your agreement to that transfer. You may withdraw consent by deleting your account, though this may affect your ability to use our services.

Questions About Data Transfers

If you have questions about international data transfers or would like to obtain a copy of the safeguards we use, please contact us:

12. Third-Party Services and Links

Our platform may contain links to third-party websites, services, or applications that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Third-Party Service Providers We Use

OrbitAIM, managed by HEMANT GADODIA, integrates with various third-party services to power our AI-native marketing platform. These providers are carefully vetted and contractually bound to protect your data:

Platform-Specific Third-Party Integrations

Different Orbit modules utilize specific third-party services:

What Data We Share with Third Parties

We only share the minimum data necessary for each service to function:

• AI/LLM Providers: Content prompts, Strategy Hub context (brand voice, ICP, messaging pillars), and input data for generation tasks
• Email Delivery Services: Recipient email addresses, subject lines, and email content for campaign delivery
• Lead Enrichment: Company names, job titles, and email addresses for verification and enhancement
• Payment Processors: Transaction details (amount, plan, credit quantity) — they collect payment information directly
• Analytics Services: Anonymized usage data, feature engagement, and performance metrics
• Cloud Providers: All platform data is stored with encrypted cloud infrastructure providers

Our Data Sharing Principles

External Links

Our platform may contain links to external websites:

• Blog Content: Links included in AI-generated blog articles
• LinkedIn Posts: Links to external resources in your LinkedIn content
• Lead Profiles: Links to LinkedIn profiles and company websites in Lead Engine
• Cold Emails: Your custom links and resources in email campaigns
• Help & Support: Links to documentation, tutorials, and external resources

We are not responsible for the privacy practices or content of these external sites. We recommend reviewing their privacy policies before providing any personal information.

Your Control Over Third-Party Access

• Gmail Integration: You can revoke access at any time through your Google Account settings
• LinkedIn Integration: Disconnecting LinkedIn stops data flow to LinkedIn-related services
• Lead Engine Data: You can delete leads to remove them from enrichment services
• Content Generation: Your data is only sent to AI providers when you actively use content generation features
• Account Deletion: Deleting your account terminates all third-party data processing on your behalf

13. Do We Make Updates to This Policy?

Yes, we will update this policy as necessary to stay compliant with relevant laws and to reflect changes in our practices. OrbitAIM, managed by HEMANT GADODIA, is committed to keeping you informed about any changes that may affect how your data is processed.

Reasons We May Update This Policy

We may revise this privacy policy in response to:

• New Features: When we introduce new modules, features, or capabilities (such as new content types, AI agents, or integrations) that affect how we collect or process data
• Legal Requirements: Changes in data protection laws, regulations, or guidance in jurisdictions where we operate (GDPR, CCPA, DPDP Act, etc.)
• Business Changes: Mergers, acquisitions, reorganizations, or changes to our service offerings
• Third-Party Services: Changes to the third-party services we use, such as new AI/LLM providers, payment processors, or cloud infrastructure
• Security Updates: Enhanced security measures or changes to our data protection practices
• Google API Compliance: Updates to Google API Services User Data Policy that affect our Gmail integration
• User Feedback: Clarifications based on user questions or feedback about our privacy practices

How We Will Notify You of Changes

We use different notification methods depending on the significance of the changes:

What Constitutes a "Material Change"

We consider the following types of changes to be material and will provide additional notice:

• New categories of personal data collected
• New purposes for processing your data
• Changes to how we share data with third parties
• Modifications to your privacy rights
• Changes to our Gmail data handling practices
• New AI/LLM providers processing your content
• Changes to data retention periods

Version History

We maintain a record of policy updates:

Previous versions of this policy are available upon request. Contact support@orbitaim.io to request archived versions.

Your Options When We Update

When we make changes to this privacy policy, you have the following options:

• Review the Changes: Read the updated policy and any summary we provide
• Contact Us: If you have questions about the changes, reach out to support@orbitaim.io
• Continue Using: Your continued use of Orbit after the changes take effect indicates your acceptance
• Export Your Data: If you disagree with changes, you can export your data before closing your account
• Delete Your Account: You can delete your account if you do not agree with the updated terms

14. How Can You Contact Us About This Policy?

If you have questions, comments, or concerns about this privacy policy or our privacy practices, OrbitAIM, managed by HEMANT GADODIA, welcomes your feedback. We are committed to addressing all privacy-related inquiries promptly and transparently.

Primary Contact Information

Types of Inquiries We Handle

Our privacy team is equipped to handle various types of requests:

How to Submit Your Request

For the fastest processing of your privacy request:

1. Send Email To: support@orbitaim.io
2. Subject Line: Include the request type (e.g., "Privacy Rights Request", "Data Deletion", "Gmail Data Question", "Policy Inquiry")
3. Include: Your account email address, specific request details, and any relevant context about which Orbit modules are involved
4. Verification: For security, send from your registered email address or be prepared to verify your identity

Our Response Process

Escalation Path

If you are not satisfied with our initial response:

1. First Level: Reply to your original support email requesting escalation
2. Second Level: Email support@orbitaim.io with "ESCALATION" in the subject line and reference your original ticket
3. Third Level: For EEA users, you may lodge a complaint with your local data protection authority
4. India Users: You may file a grievance under the DPDP Act with the relevant authority

15. Additional Disclosures for Specific Jurisdictions

OrbitAIM, managed by HEMANT GADODIA, is committed to complying with data protection laws across all jurisdictions where we operate. This section provides additional information required by specific regional regulations.

For Users in the European Economic Area (EEA) — GDPR

If you are located in the EEA, you have certain rights under the General Data Protection Regulation (GDPR). This section provides specific disclosures required under GDPR.

For Users in the United Kingdom — UK GDPR

If you are located in the United Kingdom, you have rights under the UK General Data Protection Regulation and the Data Protection Act 2018. Your rights are substantially similar to those under EU GDPR.

For California Residents — CCPA/CPRA

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

For Users in India — DPDP Act

OrbitAIM is based in India and fully complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian data protection laws.

Data Categories Summary by Regulation