Orbis
← Back

Privacy Policy

Last updated: 5 April 2026

1. Data Controller

Orbis ("we", "us", "our") is the data controller responsible for processing your personal data. If you have questions about this policy, contact us at news@orbisx.ai.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data — name, email address, company name when you register.
  • Usage data — pages visited, features used, timestamps, device and browser information.
  • Contact data — information you provide when submitting our contact form.
  • Payment data — processed securely by our payment provider (Stripe). We do not store card details.

3. Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR), we process your data based on:

  • Contract performance — to provide and maintain our service (Art. 6(1)(b)).
  • Legitimate interest — to improve our product, prevent fraud, and ensure security (Art. 6(1)(f)).
  • Consent — for optional marketing communications, which you can withdraw at any time (Art. 6(1)(a)).
  • Legal obligation — to comply with applicable laws and regulations (Art. 6(1)(c)).

4. How We Use Your Data

  • Provide, operate, and maintain the Orbis platform.
  • Process payments and manage subscriptions.
  • Send transactional emails (account confirmations, billing).
  • Improve our services through aggregated, anonymised analytics.
  • Respond to support requests and contact form submissions.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers — hosting (AWS, EU region), payment processing (Stripe), email delivery.
  • Legal authorities — when required by law or to protect our rights.

All sub-processors are bound by data processing agreements compliant with GDPR.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we retain data for up to 30 days for backup purposes, then permanently delete it. Financial records are retained as required by applicable tax and accounting laws.

7. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at news@orbisx.ai. We will respond within 30 days.

8. Cookies

We use essential cookies required for the platform to function. We do not use third-party tracking or advertising cookies. Analytics data is collected in an anonymised, aggregated form.

9. International Transfers

Your data is stored and processed within the European Economic Area (EEA). If any transfer outside the EEA is necessary, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses.

10. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. In Denmark, this is the Danish Data Protection Agency (Datatilsynet).