Skip to main content

Privacy Policy

Last Updated: 26 February 2026

1. Introduction

Orbitra Home (“we”, “our”, or “us”) is committed to protecting your privacy and handling your personal data transparently and securely.

This Privacy Policy explains how we collect, use, store, process, and share personal data when you use the Orbitra Home mobile application and website (orbitrahome.com).

Orbitra Home acts as the data controller under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR).

By using Orbitra Home, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Google Account Information

When you sign in using Google OAuth, we collect:

  • Name
  • Email address
  • Google profile information
  • Google account identifier

This data is used for authentication and account management.

2.2 Gmail Data

With your explicit consent, we access Gmail data through Google APIs. We access only emails associated with Gmail labels that you explicitly select within your Orbitra Home settings (“watched labels”). We do not access your entire inbox unless configured by you.

We may collect and securely store:

  • Email subject lines
  • Email body content
  • Sender and recipient details
  • Timestamps
  • Attachments
  • Metadata

Emails forwarded to your unique Orbitra Home forwarding address (e.g., @inbox.orbitra.app) are received and processed via SendGrid Inbound Parse and stored securely.

2.3 Google Calendar Data

With your permission, we access and sync:

  • Event titles
  • Event descriptions
  • Event times and locations
  • Attendee metadata

Calendar information is displayed in-app and may be included in AI-generated daily summaries.

2.4 AI Processing & Derived Data

Orbitra Home uses third-party artificial intelligence models, including:

  • OpenAI GPT models
  • Google Gemini models

Email content, attachments, calendar data, tasks, and chat messages may be transmitted to these providers for:

  • Task extraction
  • Daily digest generation
  • Contextual organisation assistance
  • Chat assistant functionality

We do not enable zero-retention processing modes with these providers. Submitted data may be temporarily retained in accordance with their respective data processing policies. AI-generated outputs are suggestions only and do not constitute professional advice.

2.5 Chat Data

All chat messages between you and the Orbitra Home assistant are stored persistently in our database to provide conversation history and service continuity.

2.6 Account & Family Member Data

We collect:

  • Account holder name and email
  • Family member names
  • Role permissions
  • PIN credentials for child profiles

Primary account holders must be aged 18 or over.

2.7 Usage & Analytics Data

We use Google Analytics to collect information such as:

  • Device type
  • Operating system
  • Browser type
  • IP address
  • Session metrics
  • Website interaction behaviour

This data is used to improve service performance and user experience.

2.8 Push Notification Data

We use Firebase Cloud Messaging (FCM) solely to deliver push notifications. We do not use Firebase Analytics.

2.9 Billing & Subscription Data

Subscriptions within the Android application are processed exclusively via Google Play Billing. Payments are processed by Google in accordance with Google's Privacy Policy and Google Payments Terms. We do not store full payment card details.

We may receive limited billing-related information from Google, such as:

  • Subscription status
  • Purchase tokens
  • Transaction identifiers
  • Subscription renewal or cancellation events

This information is used solely to manage subscription access within Orbitra Home.

2.10 AI Usage Metrics

We track AI usage metrics, including daily AI query counts per user, to manage fair usage limits and maintain service performance.

3. Lawful Basis for Processing (GDPR)

We process personal data under the following lawful bases:

  • Contractual necessity — to provide Orbitra Home services
  • Consent — for Gmail and Calendar access
  • Legitimate interests — service improvement, analytics, and security
  • Legal obligation — compliance with applicable laws

You may withdraw Gmail or Calendar access permissions at any time through your Google account settings.

4. How We Use Your Data

We use personal data to:

  • Extract tasks from labelled emails
  • Sync and display calendar events
  • Generate AI-powered daily digests
  • Provide chat assistant functionality
  • Deliver push notifications
  • Manage subscription access
  • Provide customer support
  • Improve system reliability and performance
  • Detect and prevent fraud or misuse

We do not sell personal data. We do not use your data for advertising profiling.

5. Data Storage & Security

We implement appropriate technical and organisational safeguards, including:

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Secure API authentication
  • Role-based access controls
  • Infrastructure monitoring

Data is hosted on secure cloud infrastructure providers, including Lovable Cloud and associated data processing providers.

6. International Data Transfers

Certain service providers (including OpenAI, Google, SendGrid, and others) may process personal data outside the United Kingdom or European Economic Area. Where international transfers occur, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Appropriate safeguards under GDPR

to ensure a lawful transfer mechanism and appropriate protection of personal data.

7. Data Retention

We retain personal data as follows:

Data TypeRetention Period
Account dataUntil account deletion
Emails & attachmentsUntil account deletion
Calendar dataUntil account deletion
Chat historyUntil account deletion
AI usage metricsUntil account deletion
Analytics dataUp to 26 months
Backup dataUp to 30 days rolling backup

When you use the in-app “Delete Account” feature, all personal data is permanently erased from active systems, subject to backup retention windows.

8. Children's Privacy

Orbitra Home is intended for adults aged 18 and over. Parents may create limited child profiles under their supervision. Child profiles:

  • Do not require email addresses
  • Use PIN-based login
  • Have restricted permissions
  • Are not used for advertising

We do not knowingly collect personal information directly from children under 13.

9. Third-Party Service Providers

We use the following service providers:

  • Google APIs (Gmail & Calendar)
  • OpenAI
  • Google Gemini
  • Google Play Billing
  • Firebase Cloud Messaging
  • SendGrid
  • Google Analytics
  • Lovable Cloud

Orbitra Home's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

10. Automated Decision-Making

Orbitra Home uses AI systems to assist with task extraction and content summarisation. These systems provide recommendations only and do not make legally binding or similarly significant automated decisions.

11. Your Rights (GDPR)

You have the right to:

  • Access your data
  • Rectify inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent

To exercise your rights, contact: Hello@OrbitraHome.com

You also have the right to lodge a complaint with your local supervisory authority.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via in-app notification or email.

13. Contact

Orbitra Home
Email: Hello@OrbitraHome.com