Fjord Studio ("we", "us", "our") values your privacy. This Privacy Policy ("Policy") explains how we collect, use, and protect personal information when you use the Orbit mobile application ("Orbit" or "the app").
Orbit is a personal-relationship CRM that helps you remember to stay in touch with friends and family. You add contacts, log interactions, set reminders, and can request AI-generated suggestions and message drafts.
This Policy explains what personal data Orbit collects, why, who processes it on our behalf, how long we keep it, your rights, and how to contact us. Orbit is available globally, including in the EU/EEA, so the EU General Data Protection Regulation (GDPR) applies. For users in the EU/EEA, Fjord Studio is the data controller. You can contact us any time at orbit.app.support@gmail.com.
When you create an account, we collect and store:
Why: to create and operate your account, sign you in, show your profile, enforce subscription entitlements, and run app features.
Legal basis (GDPR): performance of our contract with you (Art. 6(1)(b)).
Public @handle: your chosen @handle is stored in a registry that maps the handle to your account identifier and is readable by any signed-in Orbit user so the app can check whether a handle is available. Do not choose a handle you consider sensitive.
For each person you add, we store the information you enter:
Why: these are the core features of Orbit — they let you remember details about people and remind you to reach out.
Legal basis: performance of our contract with you (Art. 6(1)(b)).
Note on sensitive data: free-text notes and life events can contain special-category data (for example health or grief information) about you or the people you add. You decide what to enter. Please only record what you are comfortable storing, and only information you have a lawful basis to keep about others (see Section 3).
If you choose to import contacts, Orbit requests the READ_CONTACTS permission and reads, from your device address book, the display name, phone number, and email address of the contacts you select, plus a device contact lookup key. Selected contacts become contact records in Orbit (name and phone number are saved; the lookup key is stored so the app can recognise the source contact).
Importing is entirely optional — you can use Orbit by adding contacts manually and never grant this permission.
Why: to let you quickly add people you already know.
Legal basis: your consent (the Android permission prompt), and our legitimate interest in providing import functionality (Art. 6(1)(a)/(f)).
When you ask Orbit to generate a nudge, draft a message, or improve a message you wrote, the request is sent through our secure Google Cloud Function, which forwards a limited payload to our AI providers (Anthropic and/or OpenAI — see Section 4). The payload contains only:
The contact's phone number, email, avatar, job, birthday, life events, and relationship type are not sent to the AI providers.
Why: to generate the suggestion or draft you requested.
Legal basis: performance of our contract with you (Art. 6(1)(b)).
We store a daily AI-usage counter on your account to enforce free/Premium limits. We do not store your prompts, your contacts' details, or the AI's responses on our servers; the generated text is returned to your device and not saved by our backend.
We use Firebase Analytics (Google Analytics for Firebase) to understand how the app is used. We log events such as: app open, sign-up/sign-in (with method: email or Google), sign-out, contact added (with relationship type), interaction logged (with type), AI nudge generated/viewed, paywall shown/dismissed, subscription started, onboarding completed, and contact import started/completed (with a count). The AI nudge events include a contact identifier parameter. Firebase Analytics also automatically collects standard device and usage data, including an app-instance identifier, app version, device type, and approximate location derived from IP address.
Why: to measure feature usage and improve the app.
Legal basis: our legitimate interest in improving Orbit (Art. 6(1)(f)).
We use Firebase Crashlytics to receive automatic crash reports. These include crash stack traces, device model/OS, and a Crashlytics installation identifier. We do not attach your name, email, or user ID to crash reports.
Why: to detect and fix crashes.
Legal basis: our legitimate interest in app stability (Art. 6(1)(f)).
If you buy Orbit Premium, the purchase is handled by Google Play Billing. Google processes your payment; Orbit only reads the purchase state and a purchase token (used to confirm the purchase on your device) and records your resulting Premium status. Orbit never sees your card or payment details.
Why: to provide and manage your subscription.
Legal basis: performance of our contract with you (Art. 6(1)(b)).
Some data is kept locally on your device to run features: a home-screen widget cache (up to 3 contacts' name and status) and reminder/notification data (contact name, phone number, reminder/message text) held while reminders are scheduled and shown. Local app data is excluded from Android cloud backup and device-transfer.
Orbit lets you store information about other people (your friends and family). If you are in the EU/EEA, you remain responsible for the personal data you record about others and for having a lawful basis to do so. Please:
We act as the processor of this data on your behalf for the purpose of operating the app, and as controller for the limited platform-level data described above.
We do not sell your personal data and do not share it for advertising. We share data only with the service providers ("processors") that power Orbit:
| Provider | Role | What it receives |
|---|---|---|
| Google Firebase / Google Cloud (Google) | Authentication, database, serverless functions, analytics, crash reporting | Your account identity and password (Auth); all profile and contact data you create (Cloud Firestore); the AI request relay (Cloud Functions); usage events and automatic device data (Analytics); crash reports (Crashlytics) |
| Anthropic (Claude) | AI generation (model: Claude Haiku 4.5) | At AI-generation time only: the contact's name, days since last contact, up to 5 of your notes, up to 5 recent interaction notes, an optional topic, and (for "improve") your draft message text |
| OpenAI (GPT) | AI generation / automatic fallback (model: GPT-5.4 nano) | The same AI payload as Anthropic. OpenAI is used as an automatic fallback if the primary provider is unavailable, so a single AI request may be processed by Anthropic, OpenAI, or both |
| Google Play Billing (Google) | Subscription payments | Payment and subscription transaction data (handled entirely by Google Play) |
| Resend (Resend, Inc.) | Transactional email delivery | Your email address and the one-time verification code, at the moment we send you an account-verification email (sent from verify@fjordstudio.app). Nothing else about your account or contacts is shared |
API keys for Anthropic, OpenAI, and Resend are stored securely in Google Cloud Secret Manager and are never embedded in the app.
We may also disclose data if required by law, to enforce our terms, or to protect the rights, safety, or property of our users or others.
Orbit's AI relay (Cloud Function) runs in the EU (europe-west1). Other Google Firebase services (Firestore, Analytics, Crashlytics) and our AI providers (Anthropic and OpenAI) may process data on servers located outside the EU/EEA, including in the United States. Where data is transferred outside the EU/EEA, it is protected by appropriate safeguards such as the EU Standard Contractual Clauses and/or the providers' participation in recognised transfer frameworks, as offered by Google, Anthropic, and OpenAI in their respective data-processing terms.
Under GDPR (and similar laws) you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability. You can exercise most of these directly in the app:
To make any other privacy request — including access, correction, portability, or full erasure — contact orbit.app.support@gmail.com. We will respond within the timeframes required by law.
If you are in the EU/EEA and believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection supervisory authority.
You can also withdraw the contacts permission at any time in your device's Android settings; this stops further contact imports but does not delete contacts you have already imported.
We use Google Firebase's managed infrastructure. Data in transit is encrypted using HTTPS/TLS. Access to your database records is restricted by Firebase Security Rules so that, in normal operation, only you (when signed in) can read or write your own profile and contacts. AI provider keys are held in Google Cloud Secret Manager.
No system is perfectly secure, but we take reasonable technical and organisational measures to protect your data.
Orbit is not directed to children. It is intended for users aged 13 and over. We do not knowingly collect personal data from children under 13. Where your country sets a higher minimum age of digital consent (for example 16 in some EU countries), users below that age should only use Orbit with the consent of a parent or guardian. If you believe a child under 13 has provided us with personal data, contact us at orbit.app.support@gmail.com and we will delete it.
We may update this policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you in the app. Continued use of Orbit after an update means you accept the revised policy.
Fjord Studio
Email: orbit.app.support@gmail.com
Fjord Studio is a trading name of Langsæter Labs (org. no. 937939493, Norway), the data controller for Orbit.
Last updated: 4 July 2026