# Privacy Policy **Overview and Scope** We at Orbit Labs, LLC (“us,” “we,” “our,” “Orbit,” or the “Company”) recognize the importance of protecting privacy rights, and information relating to an identified or identifiable natural person (“Personal Information” or “PII” or “Personal Data”) collected about you and other visitors (collectively, “Users”) through our website (the “Site”). We are committed to ensuring that your privacy is protected. To that end, this Privacy Policy (“Policy”) discloses our practices regarding the collection, use, and disclosure of the PII we receive through your use of the Site. Unless otherwise expressly agreed to in writing, your Personal Information will be processed according to the terms of this Policy. Defined terms used but not defined herein have the meaning set forth in the Terms of Service as found at . This Policy is drafted to comply with the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act), with the E.U. General Data Protection Regulation (EU) 2016/679, the U.K. GDPR (collectively, the “GDPR”) and the Swiss Federal Act on Data Protection (“FADP”). However, the application of these laws depends on each individual case. Users of the Site are under no statutory or contractual obligation, or other obligation to provide PII to us. For the purposes of compliance with the GDPR and the FADP, we are the data controller of information we collect from data subjects through the Site. For the purposes of this Policy, “data subject” means an identified or identifiable natural person. This Policy applies to the Site, its subdomains, and all the websites and internet properties owned or operated by us, regardless of the medium by which the Site is accessed by Users (e.g., via a web or mobile browser). This version of the Policy replaces and supersedes any prior privacy policies applicable to the Site. By using the Site or our services (“Services”), you agree to the terms of this Policy. If you do not agree, please do not access or use the Site or Services. **Information We Collect** We are committed to minimizing data collection. We store only your digital wallet address (“Wallet ID”) in our AWS-hosted database, which is necessary for account and platform functionality. We do not store other user profile data by default. We do not store IP addresses anywhere in our application or database. If we implement geofencing in the future, IP addresses will be checked in real time for access control purposes but will not be retained. We are the sole owner of information collected on the Site. We collect only the following types of information: (A) Wallet Address: We store your Wallet ID in our AWS-hosted database solely for account identification and platform functionality. This is the only user-specific data we retain. The types of information we collect include the following: (B) Aggregated Analytics: We retain only aggregated usage analytics, including device type and operating system information, as well as aggregated click and event metrics. These analytics logs are stripped of personally identifiable information and are not stored at a user level-they cannot be tied back to a specific wallet address or user in our systems. (C) Information Collected Automatically: We may collect the following information automatically when you use the Site: · Wallet Addresses: Public distributed ledger information, such as your digital asset wallet address, which is used solely to provide and improve the Services. · Distributed Ledger Data: Transactional data is recorded on the Hedera distributed ledger and is beyond Orbit’s control once recorded. · Usage Analytics: Aggregated, PII-stripped data related to how users interact with the Site, including device type, operating system, and click/event metrics. This data is collected for performance optimization and improving user experience and is not tied to individual users. (D) Children’s Information: The Services are not directed to, and are not intended for use by, anyone under the age of 18. We do not offer our Services or promote the Site to, nor do we intentionally collect or retain PII from, children who are younger than 18 years of age. If you are under 18, do not use the Services and do not provide us with any information. In addition, we do not knowingly collect Personal Data from children under 13. If we discover that we have inadvertently collected information from a child under 18 (or under 13), we will promptly take all reasonable measures to delete such information from our systems and, where required, comply with applicable legal obligations. (E) Other Information: We may collect technical data such as blockchain wallet addresses and network transactions. **How We Collect Information** We collect PII and Deidentified Information in various ways, including: (A) Directly from You: We collect PII when you voluntarily submit PII to us while using the Site and in connection with other activities, services, features, or resources we make available on the Site. The PII we collect depends on what you do when you visit or utilize the Site or when you communicate with us for support or inquiries via our official email address: . (B) Through Your Use of the Site: We collect aggregated, PII-stripped usage data that your browser transmits when you visit the Site, including device type and operating system. We do not collect or store IP addresses. Aggregated click and event metrics may also be collected through automated tracking technologies, but this data is not tied to individual users. (C) From Third Party Services: We use Vercel as our sole third-party service provider. Vercel collects PII-stripped event logs for platform functionality. We do not use other analytics, error logging, security monitoring, or CDN vendors beyond Vercel. We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third parties’ services and/or third-party websites is governed by and subject to the terms and conditions of those third parties and/or third-party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third-party websites. **How We Use Information** We may use Users’ PII for lawful business purposes: (i) as necessary for the performance of our contract with Users, (ii) for our legitimate interests, so long as they are not overridden by Users’ own rights and interests, or (iii) as required by law. These purposes include: (A) Service Operation: We may use your PII and/or Deidentified Information to operate, administer, provide, maintain, and deliver our Services offered on the Site, including troubleshooting, system maintenance, and upgrades. (B) Transaction Processing: Ensuring smooth execution of swaps, limit orders, and other smart contract interactions. (C) Fulfill User Requests: We may use your PII and/or Deidentified Information to fulfill any requests you may submit through the Site. (D) Customer Service and User Communications: We may use your PII and/or Deidentified Information to help us respond to your inquiries, questions, requests, and support needs more efficiently. (E) User Experience Personalization: We may use Users’ PII and/or Deidentified Information in the aggregate to analyze Users’ browsing and usage activities and patterns in order to understand Users’ interests and preferences with respect to the Site and our Services. This will help us optimize your experience on the Site. (F) Business Optimization: We may use your PII and/or Deidentified Information to improve the content on our web pages, to customize the content and layout of our web pages, and in managing our everyday business needs. We may also use your feedback to improve the Site and our Services. (G) Safety and Security: We may use your PII and/or Deidentified Information to promote the safety and security of the Site, our users, and other parties. For example, we may use the information to detect, investigate, prevent, protect against, and respond to potential threats, authenticate users, facilitate transactions, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies. (H) Platform Security & Fraud Prevention: Monitoring and preventing unauthorized access, sanction violations, and other illicit activities. (I) Regulatory Compliance: Enforcing sanctions, jurisdictional restrictions, and compliance requirements where applicable. (J) Future Integrations: Orbit may implement distributed ledger analytics tools to enhance compliance monitoring. Such integrations, if implemented, will be publicly disclosed. (K) For Any Other Purposes with Your Consent: We will not collect additional categories of PII or use PII we collected for materially different, unrelated, or incompatible purposes without providing you notice. We will not collect additional categories of PII or use PII we collected for materially different, unrelated, or incompatible purposes without providing you notice. **How We Disclose Information** We do not sell, rent, lease, or share PII to third parties for monetary or other valuable consideration and will not disclose Users’ PII to third parties without your permission. (The CCPA defines “sharing” as the disclosure of PII for cross-context behavioral advertising.) We may disclose Users’ PII to third parties for a business purpose as described below: (A) To Affiliates: We may disclose your PII to affiliates, including entities within the Company. Any PII that we provide to our affiliates will be treated by those affiliates in accordance with the terms of this Policy. (B) To Service Providers: We use Vercel as our sole third-party infrastructure provider. Vercel collects PII-stripped event logs necessary for platform operation. We do not share personally identifiable information with Vercel or any other third-party service providers. (C) Regulatory Authorities: Data may be shared if legally required to comply with applicable laws, court orders, or governmental requests. (D) Law Enforcement, Safety, and Legal Processes: We may disclose your PII to law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also disclose your PII: (i) if required or permitted to do so by law; (ii) for fraud protection and credit risk reduction purposes; (iii) in the good-faith belief that such action is necessary to protect our rights, interests, or property; (iv) in the good-faith belief that such action is necessary to protect your safety or the safety of others or the public; or (v) to comply with a judicial proceeding, court order, subpoena, or other similar legal, arbitration, or administrative process. (E) Security & Fraud Prevention: Collaboration with security firms to prevent illicit activities and monitor for sanctioned addresses. (F) Sale or Acquisition of Assets: If we become involved in a transaction involving the sale of our assets, such as a merger or acquisition, or if we are transferred to another company, we may disclose and/or transfer your PII as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use your PII pursuant to its own privacy policies, and those policies may be different from this Policy. (E) Aggregated or De-Identified Information: We may share anonymized data for research, analytics, or marketing purposes. (F) Any Other Party with Your Consent. We may disclose your information to other third parties with your consent. **Data Retention** We retain different types of data for different periods based on their nature and purpose: · Wallet Address: Your Wallet ID is retained in our AWS-hosted database while you maintain an account or use the Services. When we no longer have an ongoing legitimate business need to retain your wallet address, we will delete it. · Aggregated Analytics & Event Data: Aggregated usage analytics and click/event metrics are retained for up to one (1) year. This data is PII-stripped and not linked to individual users. · Public Ledger Data: Transaction data recorded on the Hedera distributed ledger is permanent and beyond Orbit's control. **Security** The security and confidentiality of your PII is incredibly important to us. We use commercially reasonable administrative, technical, and physical security measures to protect your PII on the Site from unauthorized or unlawful access, use, modification, destruction, loss, alteration, and/or disclosure. These measures include: · Encryption: Data is encrypted in transit and at rest where applicable. · Access Controls: Strictly managed to ensure only authorized personnel can access necessary information. · Decentralization: The Site is designed to minimize centralized data collection and user risk. · Industry Standards: Orbit employs industry-standard security measures to prevent unauthorized access, disclosure, modification, or destruction of data. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your PII, we cannot guarantee or warrant that your PII will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or telecommunications networks. We require third parties acting on our behalf or with whom we disclose your information to provide security measures in accordance with industry standards and in compliance with contractual obligations, their privacy and security obligations, and any other appropriate confidentiality and security measures. We are not responsible for the privacy and security practices of such third parties outside of the information we receive from or disclose to them. Breach Notification: In the event of a data breach affecting your Personal Data, Orbit will notify affected users and/or regulators as required under applicable law. **Data Retention** We retain your wallet address while you maintain an account or use the Services. Aggregated analytics and click/event data (which is PII-stripped and not linked to individual users) is retained for up to one (1) year. When we no longer have an ongoing legitimate business need to process your information, we will either delete or anonymize it. When we no longer have an ongoing legitimate business need to process your PII, we will either delete or anonymize it. **Legal Rights** (A) GDPR and FADP Data Subject Rights You have various rights in relation to our processing of your PII, depending on the applicable data protection law: * Right to Access: You have the right to request a copy of your PII. * Right to Rectification: You have the right to request that we correct any mistakes in your PII. * Right to Erasure: You have the right to request that we delete your PII. * Right to Restrict Processing: You have the right to restrict processing of your PII. * Right to Object to Processing: You have the right to object to our processing or your PII. * Right to Data Portability: You have the right to receive your PII in a structured, commonly used and machine-readable format. * Right Not to be Subject to Automated Individual Decision Making: You have the right not to be subject to a decision based solely on automated processing. To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are subject to legal restrictions and may interfere with or make impossible the provision of our Services. (B) US State Law Privacy Rights In some states, you are granted additional protection under your state privacy laws. Your rights may include the: * Right to Access: You have the right to request a copy of the specific pieces of PII that we have collected about you in the previous twelve (12) months. The information will be delivered by mail or electronically. Upon receipt of a Verifiable Consumer Request, we will disclose: * The categories of PII we have collected about you; * The categories of sources from which PII is collected; * Our business purpose for collecting PII; * The categories of third parties with whom we share PII, if any; and * The specific pieces of PII we have collected about you. * Right to Data Portability: You have the right to receive your PII in a portable, readily usable format that allows you to transmit your information to another entity without hindrance. * Right to Correct Inaccurate Information: You have the right to request that we correct inaccurate information about you that we maintain. * Right to Deletion: You have the right to request that we delete your PII. * Right to Be Free from Discrimination: You have the right not to be discriminated against by us for exercising any of your rights under state privacy laws. Unless permitted by your state privacy laws, we will not: * Deny goods or services to you; * Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; * Provide a different level or quality of goods or services to you; or * Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services. To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are limited to the extent permitted by your applicable state privacy laws. (C) Additional Privacy Rights California’s “Shine the Light” law permits Users of the Site that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us at the contact information provided below. **Verifiable Consumer Requests** If you are a California resident or a data subject located in the EEA or Switzerland, you can exercise your legal rights by submitting a Verifiable Consumer Request to us by emailing us at . Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your PII. Making a Verifiable Consumer Request does not require you to create an account with us. The Verifiable Consumer Request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm the PII relates to you. We will only use PII provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request. We will make commercially reasonable efforts to respond to requests and handle requests to access, update, change, or delete PII without unreasonable delay and in any event within 30 days/one month of receipt of a Users’ request as required under applicable law. Where circumstances require, we may extend the reply period for an additional two months and/or as provided for under applicable law. Please be aware that requests may be limited to the extent permitted by applicable law, including the GDPR and the FADP. **Withdraw Consent** Generally, we do not process PII based on consent. However, in the event we do, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on said consent before its withdrawal. If you would like to withdraw your consent, please use the Verifiable Consumer Request method described above. **Cross Border Data Transfer** Orbit operates globally. To deliver our Services through the Site, it may be necessary for us to share data subjects’ PII outside the European Economic Area (“EEA”) or Switzerland. We may, e.g. share PII with Orbit affiliates and service providers located in the United States and around the world, which includes countries that from the perspective of the EEA or Switzerland do not offer an adequate level of data protection. In the event we transfer PII outside the EEA or Switzerland, we will do so in accordance with the terms of this Policy and applicable data protection law. Our standard practice is to use Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner’s Office and/or adjusted according to Swiss law, if applicable and required, to facilitate such data transfers. For users outside the United States, please note that your information may be transferred to and processed in the United States or other countries where data protection laws may differ from those of your jurisdiction. Orbit may transfer, store, process, or share information (including operational responsibilities and data processing activities) with our affiliates and service providers in other jurisdictions as necessary to operate, secure, and improve the Services, subject to applicable data protection laws and appropriate safeguards (such as Standard Contractual Clauses where required). **US State Law: Do Not Track Disclosure** The Site does not respond to Do Not Track signals. We may collect and use your browsing data as disclosed herein. You can disable cookies or use other privacy tools to manage your tracking preferences. **Cookies & Tracking** Orbit does not use cookies or similar tracking mechanisms to collect personal information. However, third-party providers may implement tracking technology necessary for their services. Users are encouraged to review the privacy policies of any third-party services integrated with the Site. **SPAM** We do not participate in bulk email solicitations that you have not consented to receiving. We do not sell or disclose customer lists or email address lists to unrelated third parties. Except as otherwise provided herein, we do not share PII with any third-party advertisers. **Third-Party Links** The Site may contain links to other websites or applications (“Linked Sites”) that are not owned by the Company. We do not control the collection or use of any information, including PII, which occurs while you visit Linked Sites. Therefore, we make no representations or warranties for —and will not in any way be liable for—any content, products, services, software, or other materials available on Linked Sites, even if one or more pages of the Linked Sites are framed within a page of the Site. Our protocol or browser extension may utilize functions from social networks including but not limited to Discord, GitHub, YouTube, Reddit, X, or StackExchange on the Site. When you click on them, the operators of the respective social networks may record that you are on the Site and may use this information. This processing of your personal data lays in the responsibility of these individual social media platforms and occurs according to their privacy policy. Please check with these individual social media platforms regarding their privacy policies. We are not responsible for data collected by these social media platforms and only use these platforms to inform our community of updates and answer user questions. Furthermore, we make no representations or warranties about the privacy policies or practices of the Linked Sites, and the Company is not responsible for the privacy practices of those Linked Sites. We encourage you to be aware of when you leave the Site and read the privacy policies of Linked Sites. **Modifications and Updates** We reserve the right to update this Policy from time-to-time in our sole discretion. If our privacy practices change materially in the future, we will post an updated version of the Policy to the Site. It is your responsibility to review this Policy for any changes each time you use the Site. Any modifications to this Policy will be effective upon our posting of the updated terms. Continued use of the Site constitutes acceptance of the revised Policy. **Accessing, Updating, and Controlling Information** If you ever wish to access, update, change, delete, opt out of us sharing, or otherwise control your PII, or remove or alter your user profile you may do so by contacting us at the Contact Information provided below. To help us process your request, please provide sufficient information to allow us to identify you in our records. We reserve the right to ask for additional information verifying your identity prior to disclosing any PII to you. Should we ask for verification, the information you provide will be used only for verification purposes, and all copies of the information will be destroyed when the process is complete. If you wish to opt out of receiving update messages and/or direct marketing communications from us, you may opt out by: (i) following any instructions included in the communication, or (ii) contacting us at the Contact Information provided below. Please be aware that although you may opt out of update messages and/or direct marketing communications, we reserve the right to email you administrative notices regarding the Site, as permitted under the CAN-SPAM Act and/or other applicable law. To exercise your rights, please use the Verifiable Consumer Request method described above. Please be aware that your rights (including those enumerated elsewhere in this Policy) are subject to legal restrictions and may interfere with or make impossible the provision of our Services. **File a Complaint** If you would like to file a complaint with us about our privacy practices, please contact us at the Contact Information provided below. If you are a data subject located in the EEA or Switzerland, the GDPR, respectively the FADP grants you the right to lodge a complaint with a competent supervisory authority as well. To find a competent supervisory authority, please use the following resource: . UK data subjects can utilize the following resource: . For Switzerland: Federal Data Protection and Information Commissioner (FDPIC): **Contact Information** If you have questions about this Policy or wish to contact us with questions or comments, please contact us at: Orbit Labs LLC This Privacy Policy is incorporated by reference into Orbit’s Terms of Service. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://orbit-labs-1.gitbook.io/orbit-labs/legal/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.