Privacy Policy

This Privacy Policy explains how Orbit ("we," "us," or "our") collects, uses, and shares information when you use our mobile and web applications and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

• Legal entity: [GINIT]
• Contact email: [support@ginit.in]

Information We Collect

We collect the following categories of information:

• Account Information: Name, email address, and profile photo when you sign in (e.g., via Google Sign-In/Firebase Auth).
• User-Generated Content (UGC): Messages, posts, images, comments, and other content you create or upload.
• Device and App Identifiers: Firebase App Instance ID, Firebase Cloud Messaging (FCM) token, and similar identifiers.
• Usage Data and Analytics: Screens visited, in-app events, and interaction data (via Firebase Analytics/Remote Config, where enabled).
• Crash and Diagnostics: Crash logs, stack traces, device model/OS version, and app version (via Firebase Crashlytics).
• Local Storage: Preferences and cached data stored on your device (e.g., using SharedPreferences or local caches).
• Notifications Data: Your opt-in status and messaging tokens used to send push notifications (via Firebase Cloud Messaging).
• App Links and External Links: Information about opening deep links (app_links) and when you open external URLs (url_launcher). We do not collect your general browsing history.

We do not intentionally collect: precise geolocation, contacts, SMS, call logs, payment information, or health data. Photos and images you choose to upload are treated as UGC.

How We Use Information

• Provide and operate the Service, including authentication, chat, feeds, and other features you request.
• Send push notifications you opt into and manage delivery (via Firebase Cloud Messaging).
• Monitor performance, diagnose issues, and improve reliability (Crashlytics, Analytics).
• Personalize content and features (e.g., groups/feeds you join, Remote Config feature flags).
• Enforce our Terms of Use, moderate content, and ensure the security and integrity of the Service.

Legal Bases (where applicable)

• Consent: For notifications, analytics where required, and Google Sign-In authorization.
• Contract: To provide core functionality you request by creating an account and using the app.
• Legitimate Interests: Security, fraud prevention, and service improvement.

Sharing and Third Parties

We share information with service providers that help us operate the Service:

• Google Firebase: Authentication, Cloud Firestore (database), Analytics, Crashlytics, Cloud Messaging, Remote Config.
• Supabase: Backend functions and related processing.

We do not sell your personal information. We may disclose information if required by law, to protect rights and safety, or with your consent.

Data Retention

• Account and Profile: Kept until you delete your account or after a period of inactivity [define period].
• UGC: Retained until you delete it or your account is removed; may persist in backups for up to [define period].
• Crash/Analytics: Retained according to provider defaults (typically up to 24 months) or as configured by us.
• Notification Tokens: Removed when invalidated or upon logout.

Your Choices and Rights

• Access, correction, deletion, portability, and objection/restriction rights may apply depending on your location.
• To request account deletion or exercise your rights, contact us at [delete@ginit.in].
• Notifications: You can disable in app and in your device settings.

International Transfers

Data may be processed in countries other than your own where our service providers operate. We rely on standard contractual clauses and similar safeguards offered by those providers.

Security

We protect your information through encryption in transit (HTTPS/TLS), access controls, and least-privilege practices. No method of transmission or storage is completely secure.

Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us to request deletion.

Third-Party SDKs

• Firebase Analytics: Usage analytics and events.
• Firebase Crashlytics: Crash diagnostics and performance.
• Firebase Authentication: Account sign-in and identity management.
• Cloud Firestore: Storage of profiles, messages, posts, and related data.
• Firebase Cloud Messaging: Push notifications and delivery data.
• Firebase Remote Config: Feature flags and configuration.
• Google Sign-In: Identity, email, profile photo (if provided).
• Supabase: Serverless functions and messaging integration.
• SharedPreferences/cache: Local settings and cached items.
• url_launcher/webview_flutter: Opens external links and in-app web pages; we do not collect your general browsing history.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version here and update the "Last updated" date above. Your continued use of the Service constitutes acceptance of the updated policy.

Contact Us