Skip to main content

Privacy Policy

Last Updated: November 29, 2025

Our Commitment

At Orion, we are committed to protecting your privacy and ensuring the security of your data. This policy explains how we collect, use, and protect your information.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company/organization name
  • Phone number (optional)
  • Billing address
  • Payment information (processed securely by Stripe)
1.2 Usage Data

We automatically collect:

  • Log data (IP address, browser type, access times)
  • Device information
  • Usage patterns and feature interactions
  • Performance metrics
1.3 Asset Tracking Data

Data you upload to track assets:

  • Asset information (names, descriptions, serial numbers)
  • GPS location data (if enabled)
  • Asset images and documents
  • Assignment and maintenance records
  • User activity within your organization

2. How We Use Your Information

2.1 Service Delivery

We use your information to:

  • Provide and maintain the Service
  • Process payments and billing
  • Send service-related notifications
  • Provide customer support
  • Improve and optimize the Service
2.2 Communications

We may send you:

  • Account notifications (required)
  • Billing reminders
  • Service updates and new features
  • Security alerts
  • Marketing communications (you can opt-out)
2.3 Analytics and Improvements

We analyze usage data to:

  • Understand how users interact with the Service
  • Identify and fix issues
  • Develop new features
  • Improve user experience

3. Data Security

3.1 Security Measures

We implement comprehensive security measures:

  • Multi-Tenant Isolation: Each organization's data is completely isolated in separate database schemas
  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Control: Role-based access control (RBAC) with 5 permission levels
  • Authentication: Secure password hashing (Argon2), brute-force protection
  • File Storage: AWS S3 with encrypted buckets and signed URLs
  • Input Validation: SQL injection prevention, XSS protection, CSRF tokens
  • Monitoring: 24/7 security monitoring and regular audits
3.2 Payment Security

Payment processing is handled by Stripe (PCI-DSS compliant). We never store credit card information on our servers.

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We will never sell your personal information or asset data to third parties.

4.2 Third-Party Service Providers

We share data with trusted partners who help us provide the Service:

  • Stripe: Payment processing
  • AWS: Cloud infrastructure and file storage
  • Email Service: Transactional emails (AWS SES)

All third parties are contractually obligated to protect your data.

4.3 Legal Requirements

We may disclose information if required by law, court order, or to:

  • Protect our legal rights
  • Enforce our Terms of Service
  • Protect user safety
  • Prevent fraud or abuse

5. Data Retention and Deletion

5.1 Active Accounts

We retain your data as long as your account is active.

5.2 Cancelled Subscriptions

When you cancel your subscription:

  • Data is retained for 60 days
  • You can reactivate by logging in during this period
  • After 60 days, all data is permanently deleted
  • Backups are purged according to our retention schedule
5.3 Right to Deletion

You can request immediate data deletion by contacting support. We will delete your data within 30 days of verification.

6. Your Rights

6.1 Access and Export

You have the right to:

  • Access all your data through the dashboard
  • Export your data in standard formats (CSV, JSON)
  • Request a complete data package
6.2 Correction and Update

You can update your information at any time through your account settings.

6.3 Data Portability

You can export your data and transfer it to another service.

6.4 Object to Processing

You can opt-out of marketing communications while still using the Service.

7. Cookies and Tracking

7.1 Essential Cookies

We use essential cookies for:

  • Authentication (session management)
  • Security (CSRF protection)
  • Preferences (language, timezone)
7.2 Analytics

We use anonymized analytics to improve the Service. You can opt-out through your browser settings.

8. International Data Transfers

Our servers are located in the UK (AWS London region). By using the Service, you consent to data processing in the UK.

9. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect information from children.

10. GDPR Compliance

For users in the EU/UK, we comply with GDPR requirements:

  • Legal basis for processing: Contract performance and legitimate interests
  • Data Protection Officer: dpo@orion-asset-tracking.com
  • Right to lodge a complaint with supervisory authority

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be notified via email. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or to exercise your rights:

  • Privacy Team: privacy@orion-asset-tracking.com
  • Data Protection Officer: dpo@orion-asset-tracking.com
  • General Support: support@orion-asset-tracking.com
Privacy Summary

Key points about your privacy:

  • We never sell your data
  • Full data isolation - your data is completely separate from other organizations
  • Industry-leading security - encryption, access control, monitoring
  • You own your data - export or delete anytime
  • 60-day grace period - reactivate after cancellation
  • GDPR compliant - full rights protection for EU/UK users
Back to Home Terms of Service