OrbytSign in

Privacy Policy

Last updated: February 25, 2026

1. Introduction

Orbyt ("we," "our," or "us") operates the Orbyt household management platform available at orbythq.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Orbyt, you consent to the practices described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect your email address, display name, and optional profile information such as an avatar selection and theme preference.

Household Data

Data you enter into Orbyt including calendar events, tasks, shopping lists, contacts, financial records (accounts, transactions, budgets, bills, savings goals), and related notes or attachments.

Financial Data via Plaid

If you choose to connect a bank account, we use Plaid Inc. to securely access your financial institution. Plaid may collect and transmit your financial data including account balances, transaction history, and account metadata (account name, type, and last four digits). We never receive or store your bank login credentials — Plaid handles all authentication directly.

By connecting your bank through Plaid, you acknowledge and agree to Plaid's End User Privacy Policy.

Connected Calendar Data

If you connect Google Calendar or Microsoft Outlook, we import event data (title, time, location, attendees) to display alongside your Orbyt calendar. OAuth tokens for these services are encrypted at rest.

Usage & Device Data

We collect standard log data including IP address, browser type, device information, and pages visited to maintain security and improve the Service. We use Sentry for error monitoring, which may capture technical diagnostics when errors occur.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To sync financial data from your connected bank accounts
  • To sync calendar events from connected Google or Microsoft accounts
  • To send notifications and reminders you have configured
  • To improve the Service and develop new features
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations

We do not sell your personal data. We do not use your financial data for advertising or share it with third parties for marketing purposes.

4. Data Sharing & Third Parties

We share data only with the following categories of service providers:

  • Plaid Inc. — Financial data aggregation (bank account connections, transactions, balances)
  • Supabase — Database hosting, authentication, and file storage
  • Vercel — Application hosting and content delivery
  • Sentry — Error monitoring and diagnostics
  • Google / Microsoft — Calendar sync (only if you connect your calendar)

We may also disclose information if required by law, subpoena, or to protect the rights, safety, or property of Orbyt or its users.

5. Data Security

We implement the following security measures to protect your data:

  • All data in transit is encrypted via TLS 1.2+ with HSTS enforced
  • Sensitive credentials (OAuth tokens, Plaid access tokens) are encrypted at rest using AES-256-GCM
  • Row-Level Security (RLS) policies enforce data isolation between households at the database level
  • Content Security Policy (CSP), X-Frame-Options, and other security headers are enforced on all pages
  • All API inputs are validated and sanitized using schema validation
  • Bank credentials are never transmitted to or stored by Orbyt — Plaid handles all bank authentication

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention & Deletion

We retain your data for as long as your account is active and as needed to provide the Service. You can request data deletion at any time by contacting us.

  • Bank connections: You can disconnect a bank at any time from Settings. Disconnecting revokes the access token at Plaid and removes the connection from your account.
  • Calendar connections: You can disconnect Google or Microsoft calendar at any time. Disconnecting revokes OAuth tokens and removes imported events.
  • Account deletion: Upon account deletion, all personal data and household data you own is permanently deleted from our systems.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for data processing
  • Disconnect third-party services (Plaid, Google, Microsoft) at any time
  • Request a portable copy of your data

To exercise any of these rights, please contact us at the email below.

8. Children's Privacy

Orbyt is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

admin@orbythq.com