Privacy Policy

InOrbit — Last updated: February 6, 2026

Micah Giszack ("we," "us," or "our"), based in the United States, built InOrbit as a commercial application. This Privacy Policy explains how we collect, use, and protect your information when you use InOrbit ("the App").

By using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

1. Privacy by Design

InOrbit is designed to minimize data exposure. Your conversations and content are processed automatically by our infrastructure provider (Railway) to enable the AI chat experience. We do not read, review, or moderate your messages. There is no admin dashboard or content moderation tooling built into InOrbit. We may access message metadata (such as timestamps and message counts) for debugging or abuse prevention, but we do not access message content.

2. Data on Your Device

Most of your data stays on your device and is never sent to our servers. Your message content is never viewed or accessed by any person. We may access limited server-side metadata (such as timestamps and message counts) for debugging or abuse prevention.

Data Type	Details	Stored Where
Messages	Text you send in conversations ("Worlds") and AI-generated replies	On your device (sent directly to OpenRouter for AI responses)
Conversation Settings	World names, participant configurations, and preferences	On your device
Participant Photos	Avatar images you select for AI participants from your photo library	On your device only — never uploaded to our servers

3. Data on Our Server

Our backend, hosted on Railway, stores a minimal set of data to support account authentication and optional background features:

Data Type	Details	Purpose
Anonymous Identifier	An opaque, anonymous token generated by Sign in with Apple — not your Apple ID, name, or email	Account authentication
Device Token	Apple Push Notification service (APNs) token	Delivering push notifications
API Key Metadata	If you use the API key provisioned at sign-up: a hash of the key and usage metadata (spend amount, model usage) visible to us via OpenRouter	Key provisioning and abuse prevention

We do not collect or store:

Your name or email address (Sign in with Apple may transmit an email during authentication, but we discard it and do not store it)
Location data
Contacts or address book information
Browsing history or tracking identifiers
Financial or payment information

4. How Your Data Is Used

Authenticate your account using an anonymous token from Sign in with Apple.
Generate AI responses — your device sends conversation context directly to OpenRouter's API (see Section 5). Messages are not routed through our server for foreground chat.
Deliver push notifications — when enabled, notification payloads sent through Apple's Push Notification service may include the World name and sender name.
Enforce rate limits and manage server resources.

We do not use your data for advertising, profiling, or selling to third parties. We do not review, moderate, or monitor your content.

5. Third-Party Services

InOrbit relies on the following third-party services to function:

OpenRouter (openrouter.ai) — Your device sends conversation content directly to AI language models (e.g., Claude, Gemma, Llama, Mistral) via OpenRouter's API to generate responses. This data does not pass through our server. If you use the API key provisioned at sign-up, we can see usage metadata (such as spend amount and which models were used) but not your message content. OpenRouter's privacy policy governs their handling of this data.
Apple Push Notification service (APNs) — Delivers push notifications to your device. Notification payloads may include the World name and sender name in addition to your device token.
Railway (railway.app) — Hosts our backend infrastructure. Server-side data is stored on Railway in accordance with their privacy policy.

6. Data Storage and Security

Server-side data is stored on infrastructure provided by Railway and processed by automated systems. On-device data is stored locally using Apple's SwiftData framework. We implement the following safeguards:

Encrypted connections (HTTPS/TLS) for all data in transit
Authentication via Apple's signed identity tokens
API keys stored as hashes on the server, never in plaintext
Foreground messages sent device-to-OpenRouter, bypassing our server

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention and Deletion

We retain server-side data for as long as your account is active. On-device data (messages, Worlds, settings, photos) can be deleted at any time using the "Delete All Worlds" option in the App's settings.

To request deletion of your server-side data (anonymous profile, device tokens, and API key metadata), contact us at micah@micah.chat. Upon deletion:

Your anonymous profile, device tokens, and API key metadata are permanently removed from our server.
Deletion is irreversible.
Data already transmitted to third-party AI providers (Section 5) is subject to their respective retention policies.

8. Children's Privacy

InOrbit is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at micah@micah.chat and we will promptly delete it.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Delete your server-side data by contacting us, and your on-device data via the App's settings.
Withdraw consent by discontinuing use of the App.

To exercise any of these rights, contact us at micah@micah.chat.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact:

Micah Giszack
micah@micah.chat