Privacy Policy

Effective Date: October 3, 2025
Last Updated: October 3, 2025

1. Introduction

Orbital (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you voluntarily provide to us, including:

  • Waitlist Information: Email address and any optional information you provide when signing up for our waitlist via Google Forms
  • Account Information: When account creation is enabled, email address, name, and password
  • Service Data: Information about your SaaS subscriptions that you choose to add to the Service (service names, URLs, costs, billing cycles, renewal dates, categories, tags, and notes)
  • Communications: Information you provide when you contact us for support or feedback

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

  • Usage Data: Information about how you interact with the Service (pages visited, features used, time spent)
  • Device Information: Browser type and version, operating system, device type
  • Log Data: IP address, access times, pages viewed, referring URLs

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service. Cookies are files with small amounts of data that may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

We currently use:

  • Essential Cookies: Required for basic Service functionality
  • Analytics Cookies: To understand how users interact with the Service (when analytics are enabled)
  • Preference Cookies: To remember your settings (theme preference, filter selections)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: To deliver and maintain the Service functionality
  • User Support: To respond to your inquiries and provide customer support
  • Service Improvement: To understand usage patterns and improve the Service
  • Communications: To send you updates about the Service, including launch notifications for waitlist members
  • Security: To detect, prevent, and address technical issues and security threats
  • Legal Compliance: To comply with legal obligations and protect our legal rights
  • Analytics: To analyze trends and user behavior (in aggregate, anonymized form)

4. Data Storage and Security

4.1 Current Storage Model

Currently, the Service primarily uses browser-based local storage for your subscription data. This means:

  • Your service data is stored locally in your browser
  • This data is not automatically transmitted to our servers
  • You can export and import your data using the Service's built-in tools
  • Clearing your browser data will delete your locally stored information

4.2 Future Cloud Storage

We plan to implement cloud-based storage using Supabase, which will enable:

  • Data synchronization across devices
  • Automatic backups
  • Multi-user collaboration features

When cloud storage is implemented, you will be notified and given the option to migrate your data.

4.3 Security Measures

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit using HTTPS/TLS
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Secure hosting infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

  • Google Forms: For waitlist management
  • Hosting Providers: For application hosting (Render)
  • Database Services: For data storage (Supabase, when implemented)
  • Email Services: For transactional emails (Resend, when implemented)
  • Analytics Services: For usage analytics (when implemented)

These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

6. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain data protection rights under the General Data Protection Regulation (GDPR):

6.1 Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service.

6.2 Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

6.3 Right to Erasure

You have the right to request that we erase your personal data, under certain conditions (“right to be forgotten”).

6.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

6.5 Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions. The Service provides export functionality for this purpose.

6.6 Right to Object

You have the right to object to our processing of your personal data, under certain conditions.

6.7 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

6.8 Exercising Your Rights

To exercise any of these rights, please contact us at marc+orbital@marchoag.com with “GDPR Request” in the subject line. We will respond to your request within one month.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained while your account is active and for up to 90 days after account deletion
  • Waitlist Data: Retained until you request deletion or unsubscribe
  • Analytics Data: Retained in anonymized, aggregated form
  • Log Data: Retained for up to 90 days for security and troubleshooting purposes

8. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.

If you are located outside the United States and choose to provide information to us, we transfer your data to the United States and process it there.

For EEA users, we ensure that appropriate safeguards are in place for such transfers, including standard contractual clauses approved by the European Commission.

9. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us. If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems.

10. Do Not Track Signals

Some web browsers incorporate a “Do Not Track” (DNT) feature. Because there is not yet an accepted standard for how to respond to DNT signals, our Service does not currently respond to DNT browser signals or mechanisms.

11. Third-Party Links

The Service may contain links to third-party websites and services (including the SaaS applications you track). We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to request disclosure of the personal information we collect, use, and disclose about you
  • Right to Delete: You have the right to request deletion of your personal information
  • Right to Opt-Out: You have the right to opt-out of the sale of your personal information (we do not sell personal information)
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights

To exercise these rights, contact us at marc+orbital@marchoag.com.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the “Last Updated” date at the top of this Privacy Policy
  • Sending an email notification (for material changes)

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Orbital

Email: marc+orbital@marchoag.com

Marin County, California, United States

For GDPR-related inquiries: Use subject line “GDPR Request”

For CCPA-related inquiries: Use subject line “CCPA Request”

15. Legal Basis for Processing (GDPR)

For EEA users, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legal Obligation: To comply with legal requirements
← Back to Home