Privacy Policy

Orbit Command (“Orbit Command,” “we,” “us”) provides software that service businesses use to run their operations — managing requests, quotes, jobs, scheduling, invoices, payments, and customer communication. This policy explains how we handle information for two groups of people:

• Business users — owners, staff, and technicians who create an account and use the platform to run their business.
• Your customers — the people a business serves, whose details a business stores in Orbit Command and who may interact with a business through a customer portal link, email, or text message.

When a business stores information about its own customers in Orbit Command, the business decides what to collect and why — the business is the data “controller,” and we act as a “processor” handling that data on the business’s behalf and instructions.

For information about the business account itself — who signed up, billing, and how the business uses Orbit Command — we act as the controller, and this policy describes our own practices.

If you are a customer of a business that uses Orbit Command and you have questions about your data, please contact that business directly; they control their own records.

Account & profile. When you create a workspace we collect your name, email address, password (stored only as a secure hash), business name, and role. We may collect a phone number and business details you choose to add.

Business & customer records you enter. Content you add to run your business — customer names, addresses, phone numbers, and emails; service requests, quotes, jobs, appointments, checklists, invoices, and notes; and files or photos you upload.

Payment information. Subscription and customer payments are handled by our payment processor, Stripe. Card numbers are entered directly with Stripe and are not stored on Orbit Command’s servers. We retain limited records such as amounts, status, and transaction identifiers needed to show payment history and reconcile invoices.

Communications. When the platform sends reminders, notifications, or messages on a business’s behalf, we process the recipient phone number or email and the message content, plus delivery status.

Usage & device data. Like most online services, we automatically collect basic technical data — IP address, browser type, pages viewed, and timestamps — to operate, secure, and improve the service.

Cookies. We use cookies that are necessary to keep you signed in and to keep your session secure. See Cookies below.

• Provide, maintain, and operate the platform and its features.
• Authenticate users and secure accounts and sessions.
• Process subscriptions and enable businesses to collect payments from their customers.
• Send transactional communications a business has configured (reminders, status updates, receipts) and important service notices.
• Provide support, respond to requests, and investigate issues.
• Monitor, debug, prevent abuse, and protect the security and integrity of the service.
• Comply with legal obligations and enforce our terms.

We use Stripe to process platform subscriptions and to let businesses accept payments from their own customers. When a business connects its Stripe account, customer payments are processed directly through that business’s Stripe account.

Card and bank details are collected and stored by Stripe under its own privacy practices, not by Orbit Command. Stripe’s handling of this data is described in the Stripe Privacy Policy.

When a business enables text messaging, we use Twilio to deliver SMS on that business’s behalf — for example appointment reminders, on-the-way notices, or payment receipts. We process the recipient’s phone number, the message content, and delivery status.

Businesses are responsible for obtaining the consent required to message their customers and for honoring opt-out requests. Recipients can reply STOP to opt out of further messages. Message and data rates may apply.

Files and photos you upload (such as job photos, documents, or attachments) are stored using our cloud storage provider and are access-controlled so they are available only to authorized users of your workspace and, where you choose to share them, to the relevant customer via a secure link.

We do not sell your personal information. We share information only as needed to run the service:

• Service providers (subprocessors) who power the platform under contract, including: Supabase (database, authentication, and file storage), Stripe (payments), Twilio (text messaging), and Vercel (application hosting).
• Within your workspace — records are visible to authorized users of the same business according to their role and permissions.
• With your customers — when a business shares a quote, invoice, or portal link, the relevant details are shown to that recipient.
• Legal & safety — when required by law, to enforce our terms, or to protect the rights, safety, and security of users and the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

We retain information for as long as your account is active or as needed to provide the service. When records are deleted in the app they are first soft-deleted and then purged on a rolling basis. We may retain limited information as required for legal, tax, accounting, or fraud-prevention purposes.

A business can request export or deletion of its workspace data by contacting us at [email protected].

Every business’s data is isolated by design, and access is permission-checked on the server for each request. We use encryption in transit, role-based access controls, and audit logging. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard safeguards. Learn more on our Security page.

Depending on where you live, you may have rights to access, correct, export, or delete your personal information, or to object to or restrict certain processing. Business users can update much of their information directly in the app. To make a request, contact us at [email protected].

If you are a customer of a business that uses Orbit Command, direct your request to that business, which controls its own records; we will assist them as their processor.

We use strictly necessary cookies to keep you signed in and to protect your session. These are required for the app to function. We do not use them to build advertising profiles. You can control cookies through your browser settings, but disabling necessary cookies will prevent you from signing in.

Orbit Command is a business tool and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

We and our service providers operate primarily in the United States. If you access the service from outside the United States, you understand your information may be processed in the United States, where data-protection laws may differ from those in your country.

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Continued use of the service after an update means you accept the revised policy.

Questions about this policy or your information? Email us at [email protected].