Privacy Policy

Last updated: 26 May 2026

Your privacy matters to us. This policy explains what data we collect, why we collect it, who we share it with, and how we use it.

1. Information We Collect

We collect information you provide directly to us and information generated as you use Orbrey.

Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash). If you sign in with a third-party provider such as Google, we receive basic profile information from that provider.

Waitlist Data

If you join our closed-beta waitlist, we collect your email address (and optionally your name) plus the marketing-attribution details of your visit (referrer and UTM campaign tags). We use a double opt-in: you must confirm via an emailed link before we treat you as subscribed, which gives us a timestamped consent record under the Australian Privacy Act (APP 5). We never store your raw IP address — only a salted hash for abuse prevention. Every waitlist email includes a one-click unsubscribe link, and you can ask us to delete your waitlist record at any time.

Household & Content Data

Orbrey stores the content you create — calendar events, tasks, recipes, grocery lists, notes, and household member information. This data is stored on your behalf so the service can function.

Dietary & Health-Adjacent Data

Members of a household may record dietary preferences, foods to avoid, and allergies against their profile. We treat allergy information as sensitive data under the Australian Privacy Act (APP 3) and as health-adjacent data under UK GDPR Article 9. It is only readable by household members and is encrypted at rest along with the rest of your household content.

Calendar Sync Data

If you connect an external calendar (Google Calendar, Apple iCloud, Microsoft Outlook or any CalDAV provider), we access only the calendar data necessary to sync events. OAuth tokens and CalDAV app-passwords are encrypted at rest with envelope encryption; only server-side functions can decrypt them, and you can revoke access at any time from your Settings.

Usage, Analytics & Device Data

When you use Orbrey we automatically collect technical information including your browser type, operating system, pages visited, and feature interactions. IP addresses are recorded by our hosting and error-tracking providers; we scrub IPs from error events before they leave our infrastructure.

We use product-analytics, advertising-measurement, and crash-reporting tools as listed in section 3 below. These tools only load after you accept non-essential cookies via the consent banner. You can change your decision at any time from Settings → Privacy → Cookie preferences; rejecting non-essential cookies prevents these tools from loading at all.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Orbrey service
  • Sync your data across devices and household members
  • Process subscription payments and manage billing via Stripe
  • Send transactional emails (invitations, password resets, billing receipts)
  • Analyse usage patterns to improve features and fix bugs
  • Measure the effectiveness of advertising we place on third-party platforms (with your consent)
  • Respond to your support requests
  • Detect and prevent fraud or abuse

We do not use your household content (recipes, calendar, grocery, allergy data) to train AI models or build advertising profiles against you.

3. Data Sharing & Sub-Processors

We do not sell, rent, or trade your personal data. We share data with the third-party processors listed below, each of which processes only the data necessary for its function and is bound by its own privacy policy and data-protection agreement.

Essential service providers (always loaded)

  • Supabase — our database, authentication and server-side compute. Your data is hosted in the Singapore (ap-southeast-1) region. For users in Australia this constitutes a cross-border disclosure under Australian Privacy Act APP 8; Supabase is contractually bound to standards consistent with the Australian Privacy Principles.
  • Vercel — static hosting for the Orbrey app and marketing site.
  • Cloudflare — hosts our Model Context Protocol bridge at mcp.orbrey.com if you connect an AI assistant such as Claude or ChatGPT to your account.
  • Stripe — payment processing for paid subscriptions. Stripe receives your billing email and card details; we never see your card number. Card data never touches our database (Stripe Checkout / SAQ-A scope).
  • Resend — delivers transactional emails (verification, password reset, household invitations, billing receipts).
  • Sentry — crash reporting and, when an error occurs, a redacted session replay so we can reproduce the issue. All text is masked and media is blocked before replays leave your browser; IP addresses are scrubbed before events are sent.
  • OpenAI — powers our parsing and meal-planning AI features. We send the content you submit (recipe text, meal-planning constraints) for inference; we do not send your identifying account information.
  • Open-Meteo — looks up weather forecasts for your household. Your approximate latitude / longitude is sent directly to Open-Meteo by your browser; your account identity is not sent.
  • Google Places — if you type an address into an event we proxy the autocomplete query to Google. We do not send your identity.

Optional integrations (only if you connect them)

  • Google, Apple, Microsoft (calendar sync) — only if you connect their calendar service. We exchange OAuth tokens and read your selected calendars.
  • Expo — if you install a future Orbrey mobile app, Expo's services handle build distribution and push-notification delivery.

Analytics & advertising tools (only after you opt in)

The following tools load only after you accept non-essential cookies via our consent banner. If you reject, none of them load and no data is sent. You can withdraw consent at any time from Settings → Privacy → Cookie preferences; once withdrawn, these tools stop running on subsequent page loads (note: previously-captured events are not retroactively recalled from the vendor).

  • PostHog (product analytics) — measures which features you use and where you encounter friction. Hosted in the United States; input fields are masked by default so we never see what you type.
  • Meta (Facebook) Pixel (advertising measurement) — tells Meta when you take a conversion-worthy action so we can measure the effectiveness of Facebook / Instagram advertising we run.
  • Google Ads (advertising measurement) — tells Google when you take a conversion-worthy action so we can measure the effectiveness of Google advertising we run.

Fonts are self-hosted; no external font CDN sees your requests.

Legal Requirements

We may disclose your data if required to do so by law, court order, or governmental authority, or to protect the rights and safety of Orbrey, its users, or the public.

Business Transfers

If Orbrey is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will provide notice before your data is subject to a different privacy policy.

4. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide you with the service. If you close your account, we will delete your personal data and household content within 30 days, except where we are required to retain it for legal or financial compliance purposes (such as billing records, which are retained for up to 7 years).

Backup retention: Backups containing your data may persist for up to 7 days after deletion as part of our point-in-time-recovery backup window, and are then purged automatically by our database provider.

Audit metadata: For accountability reasons we retain limited audit metadata about who performed certain actions (e.g. who approved a destructive household action) even after their account is deleted. Their identifier is replaced with NULL; the action record itself is kept so the remaining household members can review their own history.

You can delete your account at any time from Settings → Danger Zone. Deletion is permanent and cannot be undone.

5. Security

We take the security of your data seriously. Orbrey uses industry-standard measures to protect your information:

  • All data is encrypted in transit using TLS
  • Data at rest is encrypted by our hosting provider (Supabase) at the database level
  • OAuth tokens and CalDAV credentials are additionally encrypted at the column level — only server-side code can decrypt them
  • Passwords are never stored in plain text
  • Row-Level Security policies are enforced at the database itself, so users can only read their own household's data
  • Service-role keys never reach the browser

No method of transmission over the internet or method of electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data, including data we have derived about your usage (cook-log ratings, recipe recommendations, future analytics-driven suggestions). Most user-supplied content (recipes, meal plans, household profile) is editable in-app; for derived data, contact us.
  • Deletion — request deletion of your personal data (subject to legal obligations)
  • Portability — request your data in a machine-readable format (you can also self-serve via Settings → Export data)
  • Objection — object to certain types of processing, including AI-derived inferences

To exercise any of these rights, contact us at privacy@orbrey.com. We will respond within 30 days.

7. Cookies

Orbrey uses two categories of cookies:

  • Essential cookies — required for authentication and session management. These are always set; disabling them in your browser will prevent you from staying signed in.
  • Non-essential cookies — set by the analytics and advertising tools listed in section 3. These are only set after you accept them via our consent banner; you can change your decision at any time from Settings → Privacy → Cookie preferences.

8. Children's Privacy

Orbrey is not intended for direct use by children under 13. The kid member role within a household is a designation a parent or guardian may apply to a household member they manage on the child's behalf; data captured against that profile (including dietary preferences and allergies) is entered by the parent or guardian under their parental authority and the household's lawful basis. We do not knowingly enable account creation or independent app use by children under 13. If you believe a child under 13 has created an account independently, contact us at privacy@orbrey.com and we will delete the account and associated data without delay.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of Orbrey after changes take effect constitutes your acceptance of the revised policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or how your data is handled, please contact us:

Email: privacy@orbrey.com