Privacy Policy

InOrbit — Last updated: March 16, 2026

Micah Giszack ("we," "us," or "our"), based in the United States, built InOrbit as a commercial application. This Privacy Policy explains how we collect, use, and protect your information when you use InOrbit ("the App").

By using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

1. Privacy by Design

InOrbit is designed to minimize data exposure. Your device sends messages directly to AI models via OpenRouter — they do not pass through our server. Our server handles account authentication and API key provisioning only. It never receives your messages, conversations, or AI responses. We do not read, review, or moderate your content. There is no admin dashboard or content moderation tooling built into InOrbit.

2. Data on Your Device

Your conversations and settings are stored on your device. Message content is sent directly to OpenRouter for AI responses and is never sent to our server.

Data Type	Details	Stored Where
Messages	Text you send in conversations ("Worlds") and AI-generated replies	On your device (sent directly to OpenRouter for AI responses)
Conversation Settings	World names, participant configurations, AI Contacts, and preferences	On your device
Profile (My Card)	Display name, personal context ("About You"), and response preferences you optionally provide. When enabled, this information is included in system prompts sent to OpenRouter to personalize AI responses.	On your device
Participant Photos	Avatar images you select for AI participants from your photo library	On your device only — never uploaded to our servers
Credit Balance	Cached balance data from OpenRouter (usage amount, spending limit, account tier), refreshed periodically	On your device
API Logs	Request and response data from AI model calls (opt-in, off by default)	On your device; synced to iCloud if sync is enabled
On-Device AI	Some features (world naming, story generation) can use Apple Intelligence on your device. No data is sent externally for on-device processing. Story mode also supports optional online generation via OpenRouter.	Processed on your device when using on-device mode

System Voice text-to-speech uses your device's built-in speech engine. If you enable optional Cloud Voice, the selected message text is sent directly from your device to OpenRouter/model providers to generate AI speech, may use OpenRouter credits, and does not pass through our server.

3. Data on Our Server

Our backend, hosted on Railway, stores a minimal set of data to support account authentication:

Data Type	Details	Purpose
Anonymous Identifier	An opaque, anonymous token generated by Sign in with Apple — not your Apple ID, name, or email	Account authentication
Apple Refresh Token	An encrypted token issued by Apple during sign-in, used to revoke your Apple credential if you delete your account (required by Apple Technical Note TN3194)	Account deletion compliance
API Key	If you use the API key provisioned at sign-up: the key itself (encrypted at rest, stored for re-delivery if you reinstall the app) and usage metadata (spend amount, model usage) visible to us via OpenRouter	Key provisioning and recovery

We do not collect or store:

Message content, conversation history, or world configurations
Your name or email address (Sign in with Apple may transmit an email during authentication, but we discard it and do not store it)
Location data
Your phone contacts or address book information (InOrbit's "Contacts" feature stores AI character profiles on your device and in iCloud — not your real-world contacts)
Browsing history or tracking identifiers
Financial or payment information

4. iCloud Sync

InOrbit supports iCloud sync via Apple's CloudKit private database. iCloud sync is off by default. You must explicitly enable it in the App's Settings (and restart the app) for sync to activate.

When enabled, your Worlds, messages, participants, contacts, settings, and API logs (if logging is enabled) are synced across your devices. This data is encrypted by Apple and accessible only with your Apple ID. We have no access to your iCloud data.

5. How Your Data Is Used

Authenticate your account using an anonymous token from Sign in with Apple.
Generate AI responses — your device sends messages directly to OpenRouter's API. Our server is not involved in AI generation.
Personalize AI responses — when enabled, your My Card profile information (display name, personal context, response preferences) is included in system prompts sent to AI models via OpenRouter.
Display credit balance — the App queries OpenRouter's key information API to show your remaining balance and usage.
Sync across your devices — when you enable iCloud sync, Apple's CloudKit syncs your data to your other devices.

We do not use your data for advertising, profiling, or selling to third parties. We do not review, moderate, or monitor your content.

6. Third-Party Services

InOrbit relies on the following third-party services to function. We require that each third-party service provider handling user data provides the same or equal protection of that data as described in this Privacy Policy.

OpenRouter (openrouter.ai) — Conversation content is sent to AI language models (e.g., Claude, Gemma, Llama, Mistral) via OpenRouter's API to generate responses. Your device sends this data directly — it does not pass through our server. InOrbit also queries OpenRouter's key information API to display your credit balance, and fetches model availability and pricing for usage estimates. If you enable optional Cloud Voice, selected message text is sent directly to OpenRouter/model providers to generate AI speech. If you use the API key provisioned at sign-up, we can see usage metadata (such as spend amount and which models were used) but not your message content. OpenRouter's privacy policy governs their handling of this data.
Apple Intelligence (FoundationModels) — Some features (world naming, story generation) can use Apple's on-device language model. When using on-device mode, processing happens entirely on your device; no data is sent to Apple or any third party. Story mode also supports optional online generation via OpenRouter, in which case story content is sent to OpenRouter like any other conversation.
Apple iCloud (CloudKit) — When you enable iCloud sync, your Worlds, messages, and settings are synced across your devices via Apple's CloudKit private database. This data is encrypted by Apple and only accessible with your Apple ID. We have no access to your CloudKit data. Apple's privacy policy governs their handling of iCloud data: apple.com/privacy.
Railway (railway.app) — Hosts our backend infrastructure. Server-side data is stored on Railway in accordance with their privacy policy.
GoatCounter (goatcounter.com) — Our website (micah.chat) uses GoatCounter for privacy-friendly, cookie-free page view analytics. GoatCounter collects approximate location (country level from IP, which is not stored), browser and screen size information, and the referring page. It does not use cookies or track users across sites. GoatCounter does not collect data from the InOrbit app itself — only from the micah.chat website. GoatCounter's privacy policy governs their handling of this data.

7. Data Storage and Security

Server-side data is stored on infrastructure provided by Railway and processed by automated systems. On-device data is stored locally using Apple's SwiftData framework. We implement the following safeguards:

Encrypted connections (HTTPS/TLS) for all data in transit
Authentication via Apple's signed identity tokens
Provisioned API keys encrypted at rest on the server; custom API keys stored only in your device's Keychain
All AI interactions sent device-to-OpenRouter, bypassing our server
iCloud data encrypted end-to-end by Apple's infrastructure (when sync is enabled)
Credit balance data cached locally on your device, never transmitted to our server

InOrbit's server is hosted in the United States. If you are located outside the United States, your authentication data is transferred to and processed in the United States.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention and Deletion

We retain server-side data for as long as your account is active. On-device data (messages, Worlds, settings, photos) can be deleted at any time using the "Delete All Worlds" option in the App's settings.

You can delete your account and all server-side data directly in the App under Settings > Account Deletion > Delete Account, or via the web at micah.chat/inorbit/delete-account. You will be asked to verify your identity with Apple before deletion proceeds. Upon deletion:

Your anonymous profile, API key, and Apple refresh token are permanently removed from our server.
All local data on your device is also cleared.
Deletion is irreversible.
Data already transmitted to third-party AI providers (Section 6) is subject to their respective retention policies.
iCloud data (synced Worlds, messages, and settings) is removed when you delete your account or turn off iCloud for InOrbit. Propagation across Apple's servers may take up to 30 days.

You may also contact us at [email protected] to request account deletion.

9. Children's Privacy

InOrbit is not intended for children under the age of 13. InOrbit requires Sign in with Apple, which includes Apple's own age verification. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Delete your account and server-side data in-app (Settings > Account Deletion), and your on-device data via the App's settings.
Withdraw consent by discontinuing use of the App.

To exercise any of these rights, contact us at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact:

Micah Giszack
[email protected]