Orbit
§ Legal · Privacy

The data we hold,
and the data we can't.

In plain language: most of your data is end-to-end encrypted before it ever leaves your device. We can't read your vault. We don't sell anything. There are no analytics SDKs. No ads. No third-party trackers.

Effective 17 May 2026 · v1.0

§ 01 Plain-English summary

Orbit is a productivity app built by one person in Florida. When you create an account, we store an email, a bcrypt hash of your password, and an encrypted "wrap" of your vault key — none of which can decrypt your vault on their own. We also store the non-vault records you create (client names, notes, tasks) so they can sync between your Mac and iPhone. We don't run analytics. We don't share your data with advertisers. We don't sell anything.

§ 02 The data we store on our server

Your Orbit account lives on a private server we operate. Here's everything kept there:

Email
Used to sign in and to send you account-related messages (e.g., password resets if you've set one up). Never used for marketing.
Password hash
Stored as a bcrypt hash. We never see your plain-text password. We can't recover it for you.
Wrapped vault key
A 256-bit AES-GCM-encrypted blob, plus a 16-byte salt. Useless without your password.
Client & task records
The non-vault data you create — names, notes, tasks, colors, dates. Stored in plain SQL rows scoped to your account. Only you can read them via the API.
Vault entries
The titles and types are stored in clear text (so the app can list them). The bodies — passwords, API keys, card details, secure notes — are encrypted on your device with the vault key before they're sent. We see ciphertext; we cannot see what's inside.
Server logs
Standard HTTP access logs (IP, timestamp, path) retained for 14 days for abuse prevention. Not joined with your account data for any analytics purpose.

§ 03 The vault — what "end-to-end encrypted" actually means

The credential vault uses AES-GCM with a 256-bit key. That key is generated on your device the moment you sign up, then immediately encrypted (wrapped) under a key derived from your password via PBKDF2-HMAC-SHA-256 with 600 000 iterations. Only the encrypted wrap leaves your device.

This means:

  • Your password never travels in any form that allows us to recover the vault key.
  • If our server is breached, the attacker gets ciphertext and a slow hash. Brute force requires 600 000 SHA-256 rounds per password guess.
  • If you forget your password, your vault is unrecoverable. We can't reset it. This is a feature of the design, not a bug.

§ 04 Sharing & sale of data

We don't sell your data. We don't share it with advertisers, data brokers, or "partners." The only third parties we use are:

  • Hostinger — operates the server where Orbit's database lives.
  • Apple — distributes the apps via the App Store and handles purchases. Apple's privacy policy governs anything they receive from you.
  • Formsubmit.co — delivers the contact form on this website to our inbox. Only used if you submit that form.

If we're ever served with a valid legal request, we can only hand over what we have — which, for vault contents, is encrypted bytes.

§ 05 Analytics & ads

The Orbit apps contain no analytics SDKs, no ad networks, no fingerprinting, and no third-party trackers. This website does not use cookies, does not run analytics, and does not include external scripts beyond Google Fonts for typography.

§ 06 How long we keep things

Your account data is kept for as long as your account is active. When you delete your account, all rows tied to it — client records, tasks, vault ciphertext, the wrapped vault key — are permanently deleted within 30 days. Server access logs roll off after 14 days regardless.

§ 07 Your rights

Wherever you live, you have the right to:

  • Access a copy of your data — exportable from the app at any time as JSON (vault ciphertext stays encrypted in the export).
  • Correct or delete any record at any time, from the app.
  • Delete your account, which deletes everything we have. Settings → Account → Delete account.
  • Email us with any privacy question or request.

§ 08 Children

Orbit isn't directed at anyone under 13, and we don't knowingly collect data from anyone in that age range. If you believe a child has created an account, email us and we'll delete it.

§ 09 Changes to this policy

If we ever change anything material here, we'll bump the version stamp at the top, and — for active users — surface a notice in the app before the change takes effect.

§ 10 Contact

Questions, requests, or anything else: ericolsenhospitality@gmail.com. One person reads that inbox.

Last updated 17 May 2026