Privacy policy

Updated 30 April 2026

Who we are

Orbit helps you track and manage your subscriptions and digital spending. We do not provide direct banking services and never initiate financial transactions on your behalf. This Privacy Policy explains how we collect, use, and protect your personal information when you use Orbit.

Information we collect

When you use Orbit, we collect the following:

• Account details. Name, email address, or details from your sign in provider (Apple, Google).

• Subscription data. Subscription names, renewal dates, and billing amounts for the subscriptions you add manually or confirm after a statement upload.

• Uploaded documents. Bank statements, CSVs, or other files you upload. At the moment of processing, we extract recurring charges and strip out any sensitive or personal information. The original document is never retained.

• Device and usage data. Browser type, IP address, and device ID, used for security and to improve the product. This data stays on our servers and is never shared with third party analytics providers.

• Anonymised behavioural and detection data. We store anonymised data about how subscriptions are detected and confirmed, to improve accuracy over time. This data is stripped of identifiers, stays internal to Orbit, and cannot be tied back to you.

• Coming in future: Bank account linking (via Plaid) and email inbox scanning. When these features ship, we'll update this policy in advance and you'll need to opt in explicitly. We don't collect any of this data today.

How we use your information

We use your data to:

• Show your subscriptions and total spending in one place.

• Send notifications before subscriptions renew or free trials convert.

• Help you discover subscriptions you may have forgotten.

• Allow secure login.

• Improve detection accuracy and product performance.

• Comply with legal obligations.

How AI processing works

Orbit uses AI to help identify recurring charges and clean up subscription data. Here's exactly how that works:

• When you upload a statement, processing happens on our own infrastructure.

• We extract individual line items and strip out all sensitive and personal information (account numbers, balances, names, addresses, anything identifying).

• Only the cleaned line items, with personal information already removed, are sent to our AI provider for categorisation and merchant matching.

• The original document is deleted immediately.

• Your full statement is never sent to any external party. Sensitive or personal information never reaches our AI provider.

We currently use Anthropic's API for the cleaning and categorisation step, under a zero data retention agreement. This means Anthropic does not retain or train on the data we send. We're actively working to move this processing onto our own local infrastructure so no data leaves Orbit's systems at all.

If we change AI providers or how AI is used, we'll update this policy in advance and explain what's changing.

Anonymised data

We store anonymised behavioural and subscription detection data — meaning data stripped of any identifiers connecting it to you — to improve detection accuracy for everyone. This data stays internal to Orbit and is never shared externally.

How we share your information

We do not sell your data. Ever.

We share information only with:

• Anthropic, our current AI provider, used for cleaning and categorising subscription line items only. Sensitive and personal information is removed before any data is sent. Anthropic does not retain or train on the data under our zero retention agreement.

• Infrastructure providers (Railway) that host our database.

• Law enforcement, only if legally required.

We don't share your data with advertisers, data brokers, or any third party for marketing or profiling.

Data security

We use encryption and follow strict security protocols to protect your information. We don't currently have any direct connection to your bank account. When bank connections are added in the future via Plaid, those connections will be read only and bank credentials will be handled exclusively by Plaid, never stored on our servers.

If we ever experience a data breach affecting your information, we'll notify you and the relevant authorities within 72 hours, in line with GDPR and Australian Privacy Act requirements.

Your rights

You have the right to:

• Access the data we hold about you. Request a copy at any time.

• Correct any information that's inaccurate.

• Delete your account and all associated data. This is a one tap action in Settings, with no retention window or waiting period.

• Export your data in a portable format.

• Withdraw consent for any optional data processing.

• Object to specific uses of your data.

• Request human review of any automated decisions Orbit makes (such as how we categorise your subscriptions).

To exercise any of these rights, email simon@orbitmoney.io. We'll respond within 30 days.

Children's privacy

Orbit is not intended for users under 18. We don't knowingly collect data from minors. If you believe a minor has signed up, contact us and we'll delete the account.

International data transfers

We're currently hosted on Railway infrastructure in the United States, with plans to migrate to Australian infrastructure. If you're in the EU or UK, your data may be transferred outside your region. We use standard contractual clauses to ensure your data remains protected to the same standards as in your home jurisdiction.

Changes to this policy

We may update this policy to reflect product changes or legal requirements. If we make significant changes — particularly anything that affects how we use or share your data — we'll notify you through the app and by email at least 30 days before the change takes effect.

Contact us

Questions, concerns, or want to exercise your rights? Email simon@orbitmoney.io.