Legal · Privacy

Privacy Policy

Last updated · May 19, 2026

The short version. Orbit does not require an account. The people you add, the contacts you log, your notes and photos — everything that describes your social life — are stored only on your iPhone. We never see them. Orbit uses two third-party SDKs: AppsFlyer (to measure which marketing channel brought you to the app) and Firebase Cloud Messaging (so notifications can reach your device). Neither of them sees who's in your circle.

1. What stays on your iPhone

The substance of Orbit — your declared layers, the people you add, every contact you log, photos, notes, layer snapshots — is stored locally in Orbit's app sandbox on your iPhone, protected by iOS's standard complete-until-first-user-authentication file protection. No copy of this data is uploaded to a server we operate. We do not have one.

Specifically, we do not collect:

The names, photos, or notes you attach to people in Orbit.
Your contact history (who you logged, when, of what type).
Any signal that would reveal a real person's identity to us.
Your iOS contacts, calendar, messages, microphone, camera, or location.

2. What does leave the device, and why

Three categories of network activity exist, none of which carry information about your relationships:

Install attribution (AppsFlyer). When Orbit launches for the first time, it sends an install event so we can measure which marketing channel brought you in. Details below.
Push notification registration (Firebase Cloud Messaging). If you enable notifications, your iPhone is issued an APNs token, which is registered with Firebase so we can deliver notifications such as the weekly Reality Check reminder. The token is a device-level identifier — not a person identifier.
Standard App Store telemetry. Apple itself collects information you can review under iOS Settings → Privacy & Security → Analytics & Improvements. This is not under Orbit's control.

3. Third-party services

Two third parties are involved:

AppsFlyer — privacy policy
AppsFlyer is an install attribution and uninstall measurement SDK. It receives standard device-level identifiers (IDFV, and IDFA only if you grant the iOS tracking prompt), aggregated install and session events, and Apple SKAdNetwork postbacks. AppsFlyer does not receive the names of people in your circle, your contact logs, your notes, your photos, your email, or any data that could identify the relationships you track. You may decline the iOS tracking prompt and Orbit continues to function normally — AppsFlyer falls back to SKAdNetwork-only attribution.
Firebase Cloud Messaging (from Google) — privacy policy
Firebase Cloud Messaging is Google's push delivery infrastructure. When you enable notifications, Orbit registers your device with Firebase so that scheduled messages — such as the weekly Reality Check reminder — can be routed to your phone. Firebase receives a device-level push token; it does not receive your contact log, the people you added, or any other relationship content. If notifications are off, no registration takes place.

4. AppTrackingTransparency (iOS tracking prompt)

On first launch (or the first time Orbit needs to track), iOS will show you a system prompt asking whether Orbit may track your activity across other companies' apps and websites. If you choose Allow, AppsFlyer receives your device's IDFA in addition to the non-identifying signals above. If you choose Ask App Not to Track, AppsFlyer does not receive the IDFA, and attribution falls back to Apple's privacy-preserving SKAdNetwork. The app's core features — your circle, logging contacts, Reality Check, Stats — work identically either way. You can change your decision at any time in iOS Settings → Privacy & Security → Tracking → Orbit.

5. What we never do

No accounts, no sign-up, no email, no password, no Apple ID linkage.
No advertising inside the app. No ad networks. No targeted ads.
No general-purpose analytics SDK reading your screen views, the people you tap on, or which insights you look at.
No selling, sharing, or licensing of any data — relationship-related or otherwise — to any third party, ever.

6. Children

Orbit is intended for adults — it asks honest questions about your relationships that benefit from adult perspective. We do not knowingly collect any personal information from children under 13. If a parent or guardian believes that a child has used Orbit in a way they object to, please contact us at boytik@actvox.dev and we will respond promptly.

7. Your rights

Because we do not associate any data with you on a server, there is no personal account on our side to access, export, or delete. The relationship data Orbit stores about your life lives on your device, and you control it directly inside the app:

Export. In Settings → Data → Export to JSON, Orbit writes a complete dump of everything it knows about your circle to a JSON file you can share, email, or back up.
Delete one item. Archive or delete a person from the person detail view. Their contacts are deleted with them.
Wipe everything. Settings → Data → Erase all data. This deletes every person, contact, photo, snapshot, and setting in the app. Or uninstall Orbit from your iPhone — local data is removed with the app.

8. App Lock

Orbit can lock its own UI behind Face ID, Touch ID, or your device passcode (Settings → Privacy → App Lock). When enabled, the app prompts you to authenticate after backgrounding for the configured timeout. The lock is enforced locally by iOS's LocalAuthentication framework — no biometric data ever leaves your device.

9. Security

Network traffic between Orbit and AppsFlyer / Firebase is protected by standard TLS (HTTPS). The local Core Data store and on-disk photos are protected by iOS file protection at the completeUntilFirstUserAuthentication level. Orbit does not implement custom cryptography, and the app declares ITSAppUsesNonExemptEncryption = false in its Info.plist.

10. International users

Orbit is available globally on the App Store. AppsFlyer and Firebase may process data on servers outside your home country, including in the European Economic Area and the United States. Both vendors operate under data-protection frameworks documented in their own privacy policies, linked in section 3. Because Orbit itself collects no personal data, the cross-border question is entirely scoped to those vendors.

11. Changes to this policy

If we change this policy, we will update the date at the top of this page. If the change is material — meaning it expands what data leaves the device, or it changes who receives it — we will mention the change inside the app on next launch. Continuing to use Orbit after a change means you accept the updated policy.

12. Contact

Privacy questions, concerns, or correction requests: boytik@actvox.dev. We read everything.