ORBTR
Legal

Privacy Policy

Last updated: 1 February 2026

1. Introduction

ORBTR ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our device management and SD-WAN platform, including the ORBTR agent software, control plane services, and marketing website.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, organisation name, and billing information. This information is used to provide and manage your account.

Device Information

When you install the ORBTR agent, we collect device metadata including hostname, operating system, architecture, agent version, and network interface information. This data is necessary to provide device management services.

Telemetry Data

The agent may collect system metrics, health status, and security events as configured by your organisation's policy. Sensitive fields are redacted by default. Deep diagnostics are opt-in only.

Usage Data

We collect anonymised usage data about how you interact with our control plane dashboard, including page views, feature usage, and session duration.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our services
  • Process transactions and manage billing
  • Communicate service updates, security advisories, and support
  • Monitor platform health, detect abuse, and enforce our terms
  • Comply with legal obligations

4. Data Security

All data in transit is encrypted using Noise protocol with Ed25519 key binding. Data at rest is encrypted using OS-level key management. Device keys are generated locally and never leave the host device. We maintain SOC 2 Type II compliance for our infrastructure.

5. Data Retention

We retain account data for the duration of your subscription plus 30 days. Telemetry and device data are retained according to your plan tier (7 days for Starter, 90 days for Pro, custom for Enterprise). You may request deletion of your data at any time.

6. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers who assist in operating our platform (hosting, billing, analytics)
  • Law enforcement when required by applicable law
  • Your organisation's administrators, as configured in your tenant settings

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You may also object to processing or request restriction. Contact us at privacy@orbtr.io to exercise these rights.

8. Cookies

Our marketing website uses essential cookies for session management. Our control plane uses authentication cookies. We do not use third-party tracking cookies.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email and a notice on our website at least 30 days before they take effect.

10. Contact

For privacy-related inquiries, contact us at privacy@orbtr.io or use our contact form.