Last updated · May 6, 2026Version 2.1Changelog of changes

Privacy Policy

Plain English. Short paragraphs. No dark patterns. If something here is unclear, email privacy@altorbit.appand we'll explain — and probably rewrite the section.

Who we are

AltOrbit is operated by AltOrbit OÜ, a company registered in Tallinn, Estonia (registration code 12345678). When this policy says "we", it means us. When it says "you", it means anyone whose data we handle — usually a user of an AltOrbit workspace, or a visitor to altorbit.app.

What we collect

Three buckets — the things you give us, the things your workspace generates, and the things we measure to keep the service working.

BucketExamplesWhy
AccountName, email, hashed password, profile photoSo you can sign in and your team can find you
Workspace contentTime blocks, projects, chats, leave requestsThe product itself
BillingCard last-4, billing address, invoice historyCharging, taxes, receipts. Card numbers are held by Stripe, not us.
OperationalIP, user-agent, error stacks, click eventsDebugging, security, fraud prevention

Why we use it

  • To run the product — sign-in, sync, notifications, billing.
  • To keep it secure — block brute-force attempts, detect compromised accounts, audit admin actions.
  • To improve it — aggregated, anonymised usage stats. Never shared.
  • To talk to you — receipts, security alerts, occasional product news (you can opt out).
What we don't doWe don't sell your data. We don't share it with advertisers. We don't use your workspace content to train AI models — ours or anyone else's. AI features (when you opt in) run through inference-only providers with zero-retention agreements.

Who we share it with

A short, public list of sub-processors. We use them because building our own would be worse for your data, not better.

  • AWS — primary infrastructure (EU and US regions).
  • Cloudflare — CDN, DDoS protection, edge security.
  • Stripe — payment processing. Card data never touches our servers.
  • Postmark — transactional email (receipts, password reset, invites).
  • Sentry — error tracking. Configured with PII scrubbing.

The full list with current addresses and DPAs is at altorbit.app/subprocessors and is updated whenever it changes — we email Owners 30 days before adding any new processor.

Where your data lives

You pick a region when you create the workspace — EU (Frankfurt) or US (Virginia). Workspace data, backups, and processing all stay in that region. Some operational metadata (account email for cross-region sign-in, billing data) is replicated to a single billing region in the EU.

Your rights

If you live under GDPR (EU/UK), CCPA (California), or a similar regime, you have the right to:

  • Access — get a copy of everything we hold about you. Self-serve in settings, or email us.
  • Correct — fix anything wrong. Most of it is editable from your profile.
  • Delete — close your account and have your data purged within 30 days.
  • Port — export everything as CSV + JSON.
  • Object — opt out of any non-essential use (marketing emails, analytics).

Reach us at privacy@altorbit.app. We reply within 5 business days, usually faster.

How long we keep it

  • Active workspaces — for as long as the workspace exists.
  • Closed workspaces — 30 days grace period (read-only, recoverable), then purged from primary storage. Removed from backups on the next 90-day rotation.
  • Audit logs — 12 months, then deleted.
  • Billing records — 7 years, because tax law says so.

Cookies

We use the smallest set of cookies that lets the product work — a session cookie, a CSRF token, and a theme preference. We don't use third-party tracking or advertising cookies. No banner with 47 vendors and a buried "reject all".

Children

AltOrbit is not for children under 16. If you believe a child has signed up, email us and we'll delete the account immediately.

Changes to this policy

We change this document when our practices change, not for fun. Material changes get a 30-day notice email to all Owners. Cosmetic changes (typos, clearer wording) are logged in our public policy changelog without an email.

Contact

Data Protection Officer: Olena Kovalenko · privacy@altorbit.app
Postal: AltOrbit OÜ, Pärnu mnt 22, 10141 Tallinn, Estonia
EU representative: Same as above
UK representative: Available on request

If we can't resolve a complaint, you can escalate to your local data protection authority. For EU residents, that's typically the regulator in your country of residence.

Theme
Direction