OrbitBack Privacy Policy

Last updated: December, 2025

OrbitBack (“OrbitBack”, “we”, “our”, or “us”) is committed to protecting your privacy and handling personal information responsibly. This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you use our website, applications, and services (collectively, the “Services”).

1. Scope

This Privacy Policy applies to:

  • Users of OrbitBack’s web and application-based services
  • Visitors to orbitback.com and related domains
  • Information collected directly or via third-party integrations such as Plaid

This policy does not apply to third-party websites or services that may be linked from our Services.

2. Information We Collect

2.1 Information You Provide Directly

We may collect:

  • Name
  • Email address
  • Contact information
  • Account-related preferences
  • Communications with support

2.2 Financial Data via Third-Party Providers

With your explicit consent, OrbitBack may access financial data through third-party providers such as Plaid, including:

  • Account identifiers
  • Transaction metadata
  • Account balances
  • Financial institution information
Important:

OrbitBack does not collect or store your banking login credentials (usernames or passwords). These credentials are handled directly by Plaid and your financial institution.

2.3 Automatically Collected Information

We may automatically collect:

  • Device and browser information
  • IP address
  • Usage and interaction data
  • Log and diagnostic data

This data is used for security, analytics, and service improvement.

3. How We Use Information

OrbitBack uses information to:

  • Provide, operate, and improve the Services
  • Authenticate users and prevent fraud
  • Deliver customer support
  • Communicate updates and service-related notices
  • Comply with legal and regulatory obligations

We do not sell personal information.

4. Legal Basis for Processing (Where Applicable)

Depending on jurisdiction, OrbitBack processes personal data based on:

  • User consent
  • Performance of a contract
  • Legitimate business interests
  • Legal obligations

5. Data Sharing & Disclosure

OrbitBack may share information only as necessary with:

5.1 Service Providers

Trusted vendors that support our operations, including:

  • Cloud infrastructure providers (e.g., Google Cloud Platform)
  • Database providers (e.g., MongoDB Atlas)
  • Email and communication services (e.g., Amazon SES)
  • Financial data providers (e.g., Plaid)

These providers are contractually obligated to protect data and use it only for authorized purposes.

5.2 Legal & Regulatory Requirements

We may disclose information if required to:

  • Comply with applicable law
  • Respond to lawful requests
  • Protect the rights, safety, or security of OrbitBack or users

6. Data Retention

OrbitBack retains personal and financial data only for as long as necessary to:

  • Provide the Services
  • Meet legal or contractual obligations
  • Resolve disputes and enforce agreements

Retention practices are governed by our Data Retention & Disposal Policy.

7. Data Deletion & Account Termination

You may request deletion of your OrbitBack account and associated personal data at any time.

At this time, account deletion requests are processed manually. To request deletion, contact us at support@orbitback.com using the email address associated with your account.

Upon verification of your request, OrbitBack will:

  • Disconnect any linked financial accounts
  • Delete or anonymize personal information associated with your account
  • Remove stored transaction data, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, regulatory compliance, dispute resolution)

We retain data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable law.

We are actively developing self-service account deletion functionality, which will be made available in a future release.

8. Data Security

OrbitBack implements administrative, technical, and organizational safeguards designed to protect information, including:

  • Encryption of data in transit (TLS 1.2+)
  • Encryption of sensitive data at rest
  • Role-based access controls
  • Multi-factor authentication for administrative systems
  • Monitoring and logging of system activity

Despite these measures, no system can be guaranteed 100% secure.

9. User Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access personal data
  • Request correction or deletion
  • Withdraw consent
  • Object to certain processing activities

Requests can be submitted to:

support@orbitback.com

10. Children’s Privacy

OrbitBack’s Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.

11. International Data Transfers

OrbitBack operates in the United States. If you access the Services from outside the U.S., your information may be transferred to and processed in jurisdictions with different data protection laws.

12. Changes to This Policy

OrbitBack may update this Privacy Policy periodically. Material changes will be communicated via the Services or by other appropriate means.

Continued use of the Services after updates constitutes acceptance of the revised policy.

13. Contact Us

For privacy-related questions or requests:

support@orbitback.com

Table of contents

Loyalty cashback should be free. We make it free.

Copyrights © 2025. All rights reserved.