Skip to main content
Last updated · May 6, 2026Version 2.1Changelog of changesEnglish is the authoritative version.

Privacy Policy

Plain English. Short paragraphs. No dark patterns. If something here is unclear, email privacy@altorbit.app and we'll explain — and probably rewrite the section.

Who we are

AltOrbit is an independent project, currently pre-incorporation — operated by its founder. A legal entity (planned in the EU) will be established before public launch. When this policy says "we", it means AltOrbit. When it says "you", it means anyone whose data we handle — usually a user of an AltOrbit workspace, or a visitor to altorbit.app.

What we collect

Three buckets — the things you give us, the things your workspace generates, and the things we measure to keep the service working.

BucketExamplesWhy
AccountName, email, hashed password, profile photoSo you can sign in and your team can find you
Workspace contentTime blocks, projects, chats, leave requestsThe product itself
BillingCard last-4, billing address, invoice historyCharging, taxes, receipts. Card numbers are held by Stripe, not us.
OperationalIP, user-agent, error stacks, click eventsDebugging, security, fraud prevention

Why we use it

  • To run the product — sign-in, sync, notifications, billing.
  • To keep it secure — block brute-force attempts, detect compromised accounts, audit admin actions.
  • To improve it — aggregated, anonymised usage stats. Never shared.
  • To talk to you — receipts, security alerts, occasional product news (you can opt out).
What we don't do

We don't sell your data. We don't share it with advertisers. We don't use your workspace content to train AI models — ours or anyone else's. AI features (when you opt in) run through inference-only providers with zero-retention agreements.

Who we share it with

A short, public list of sub-processors. We use them because building our own would be worse for your data, not better.

  • AWS — primary infrastructure (EU region, Frankfurt).
  • Cloudflare — CDN, DDoS protection, edge security.
  • Stripe — payment processing. Card data never touches our servers.
  • Resend — transactional email (receipts, password reset, invites).
  • Sentry — error tracking. Configured with PII scrubbing.

The full list with current addresses and DPAs is at altorbit.app/subprocessors and is updated whenever it changes — we email Owners 30 days before adding any new processor.

Where your data lives

Your workspace runs in the EU (Frankfurt) today. A US (Virginia) region is on our roadmap, with no committed date yet. Workspace data, backups, and processing all stay in your region. Some operational metadata (account email for cross-region sign-in, billing data) is replicated to a single billing region in the EU.

Your rights

If you live under GDPR (EU/UK), CCPA (California), or a similar regime, you have the right to:

  • Access — get a copy of everything we hold about you. Self-serve in settings, or email us.
  • Correct — fix anything wrong. Most of it is editable from your profile.
  • Delete — close your account and have your data purged within 30 days.
  • Port — export everything as CSV + JSON.
  • Object — opt out of any non-essential use (marketing emails, analytics).

Reach us at privacy@altorbit.app. We reply within 5 business days, usually faster.

How long we keep it

  • Active workspaces — for as long as the workspace exists.
  • Closed workspaces — 30 days grace period (read-only, recoverable), then purged from primary storage. Removed from backups on the next 90-day rotation.
  • Audit logs — 12 months, then deleted.
  • Billing records — 7 years, because tax law says so.

Cookies

We use the smallest set of cookies that lets the product work — a session cookie, a CSRF token, and a theme preference. On the website we additionally use PostHog analytics, and it loads only after you opt in via the consent banner. We don't use advertising or retargeting cookies.

Children

AltOrbit is not for children under 16. If you believe a child has signed up, email us and we'll delete the account immediately.

Changes to this policy

We change this document when our practices change, not for fun. Material changes get a 30-day notice email to all Owners. Cosmetic changes (typos, clearer wording) are made without a separate notice.

Contact

Privacy contact: Andrii Zhelezko, founder · privacy@altorbit.app. A Data Protection Officer will be appointed once AltOrbit is incorporated.
Registered address: published once AltOrbit is incorporated (planned in the EU)
UK representative: available on request

If we can't resolve a complaint, you can escalate to your local data protection authority. For EU residents, that's typically the regulator in your country of residence.