Legal

Privacy Policy

Last updated: May 15, 2026

This Privacy Policy explains what data Orbitrage collects, why we collect it, how we use and share it, and the choices you have. By using Orbitrage you agree to the practices described below.

01 — Who we are

Orbitrage, Inc. operates orbitrage.ai and provides an OpenAI-compatible LLM gateway, routing engine, and telemetry dashboard. For the personal data we process about you, Orbitrage, Inc. acts as the data controller. You can reach us at support@orbitrage.ai.

02 — Information we collect

We collect the following categories of data:

  • Account identifiers — email, display name, and Google profile photo URL.
  • Authentication state — a session cookie issued by our Supabase auth provider.
  • API keys — stored only as a salted SHA-256 hash alongside an 8-character prefix.
  • Usage and routing data — model requests, token counts, latency, cost, and fallback chains.
  • Telemetry spans — optional OpenTelemetry data, which may include prompts and responses you choose to send.
  • Billing metadata — plan, credits, and spend. Payment details are handled by Razorpay.
  • Operational logs — standard server logs (IP address, user agent, timestamp) kept short-term.

03 — Google user data

When you use “Sign in with Google,” Orbitrage receives only your email address, display name, and profile picture URL. We adhere to the Google API Services User Data Policy, including its Limited Use requirements, and we do not transfer this data to third parties except as needed to provide the service.

04 — How we use your data

We process your data to run the service, bill you accurately, secure our systems, communicate with you, and improve routing quality through aggregated, non-identifying metrics. We do not train models on your prompts or responses.

05 — How we share data

Orbitrage does not sell personal data. We share data only with the providers needed to operate the service — Supabase, Google LLC, Razorpay, the LLM providers we route to (such as OpenAI, Anthropic, and Groq), and our hosting providers. We may also disclose data when legally required, or where necessary to protect the rights, property, or safety of Orbitrage, our users, or the public.

06 — Data retention

We keep profiles and API key hashes until you delete your account. Routing rows and telemetry spans are retained for the historical windows shown in your dashboard. Billing records are kept as required by applicable tax law. Server logs are typically retained for fewer than 30 days.

07 — Your rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to withdraw consent or lodge a complaint with a data protection authority. To exercise any of these rights, email support@orbitrage.ai; we respond within 30 days.

08 — Security

We protect your data with HTTPS everywhere, encryption at rest, row-level security, and hashed API keys compared in constant time. No system is perfectly secure, so we cannot guarantee absolute security — but if a breach affecting your data occurs, we will notify you without undue delay.

09 — Cookies & tracking

We use only first-party cookies that are strictly necessary: the Supabase session cookie and a theme preference cookie. We do not embed third-party advertising trackers.

10 — Children’s privacy

Orbitrage is not directed to anyone under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it.

11 — International transfers

Your data may be processed in countries other than your own. Where it is, we rely on Standard Contractual Clauses or equivalent safeguards approved by the relevant data protection authorities.

12 — Changes to this policy

We may update this policy from time to time. For material changes, we will notify you by email or through a notice in the dashboard. The “Last updated” date above reflects the latest revision.

13 — Contact

Orbitrage, Inc.
support@orbitrage.ai