Privacy Policy

We collect information you give us, information generated by your use of the product, and a small amount of information from integrations you connect.

Specifically: (a) account data — name, email, password hash, profile photo, workspace name; (b) workspace content — records, attributes, notes, comments, tasks, files, agent outputs, anything you or your team creates inside Orphica; (c) usage data — pages visited, features used, request timestamps, API requests, error logs; (d) device data — IP address, browser type and version, OS, viewport size; (e) third-party data — when you connect Gmail, Outlook, Slack, Linear, Intercom, Twilio, Stripe, or other integrations, the data those services make available under the scopes you grant.

marketing.privacy.sections.collect.p3

marketing.privacy.sections.collect.p4

We use the information to operate Orphica, secure your account, debug, deliver the features you ask for, communicate with you about the service, and meet our legal obligations.

AI features: prompts and context you send to an agent are forwarded to the model provider (Hypereal by default, or whichever provider your workspace owner has configured). Providers process the request and return a response. We do not allow providers to train models on your data; provider contracts prohibit this.

marketing.privacy.sections.use.p3

marketing.privacy.sections.use.p4

Subprocessors that help us run the service: Supabase (database, auth, file storage), Vercel (hosting), Stripe (billing), Hypereal (AI model gateway), Inngest (workflow execution), Resend (transactional email when enabled). Each is bound by data-processing terms.

We share data with law-enforcement or government bodies only when legally required (subpoena, court order, lawful request). We will notify you unless legally prohibited.

We never sell your personal data and we never share workspace content with third parties for advertising.

marketing.privacy.sections.share.p4

Active workspace data is retained for as long as the workspace exists. When you delete a workspace, content is removed from primary storage within 30 days and from backups within 90 days. Account-level data (login, billing history) is retained for the period required to meet legal and accounting obligations (typically 7 years for invoices).

marketing.privacy.sections.retention.p2

marketing.privacy.sections.retention.p3

marketing.privacy.sections.retention.p4

Depending on where you live, you have rights to: (a) access the personal data we hold about you; (b) correct inaccurate data; (c) delete your data; (d) export your data in a portable format; (e) object to processing; (f) lodge a complaint with a supervisory authority. You can exercise (a) – (d) yourself from your account settings, or email privacy@orphica.app and we'll respond within 30 days.

marketing.privacy.sections.rights.p2

marketing.privacy.sections.rights.p3

marketing.privacy.sections.rights.p4

Orphica is incorporated in the United States. By default workspace data is stored in the AWS region closest to the workspace owner at signup. Enterprise customers can pin a specific region (US, EU, APAC). When data crosses borders we rely on Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

marketing.privacy.sections.transfers.p2

marketing.privacy.sections.transfers.p3

marketing.privacy.sections.transfers.p4

We encrypt data in transit (TLS 1.2+) and at rest (AES-256). Database rows are protected by Postgres row-level security so a member of one workspace can never read another workspace's data. We run quarterly penetration tests and have SOC 2 Type II reports available on request.

marketing.privacy.sections.security.p2

marketing.privacy.sections.security.p3

marketing.privacy.sections.security.p4

Orphica is built for business use. We do not knowingly collect data from children under 16. If you believe a child has provided us data, email privacy@orphica.app and we will delete it.

marketing.privacy.sections.children.p2

marketing.privacy.sections.children.p3

marketing.privacy.sections.children.p4

Material changes will be announced at least 30 days in advance via in-product notification and email to the workspace owner. Non-material clarifications take effect immediately; the "Last updated" date above always reflects the most recent change.

marketing.privacy.sections.changes.p2

marketing.privacy.sections.changes.p3

marketing.privacy.sections.changes.p4

Questions about this policy or your data? Email privacy@orphica.app. Mailing address: Orphica, Inc., legal department.

marketing.privacy.sections.contact.p2

marketing.privacy.sections.contact.p3

marketing.privacy.sections.contact.p4