Privacy Policy

InOrbit — Last updated: February 19, 2026

Micah Giszack ("we," "us," or "our"), based in the United States, built InOrbit as a commercial application. This Privacy Policy explains how we collect, use, and protect your information when you use InOrbit ("the App").

By using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

1. Privacy by Design

InOrbit is designed to minimize data exposure. For foreground conversations, your device sends messages directly to AI models via OpenRouter — they do not pass through our server. When background features are enabled (such as Maestro Mode or scheduled world activity), our server generates AI responses on your behalf and stores the resulting messages to maintain conversation continuity (see Section 3). We do not read, review, or moderate your messages. There is no admin dashboard or content moderation tooling built into InOrbit.

2. Data on Your Device

For foreground conversations, your message content is stored on your device and sent directly to OpenRouter for AI responses — it does not pass through our server. When background features are enabled (such as Maestro Mode), messages are sent through and stored on our server to maintain conversation state (see Section 3). Message content is never viewed or accessed by any person. We may access limited server-side metadata (such as timestamps and message counts) for debugging or abuse prevention.

If you are signed into iCloud, your Worlds, messages, participants, and settings are automatically synced across your devices via Apple's CloudKit private database. This sync is managed entirely by Apple and encrypted end-to-end — we have no access to your iCloud data.

Data Type	Details	Stored Where
Messages	Text you send in conversations ("Worlds") and AI-generated replies	On your device (sent directly to OpenRouter for AI responses)
Conversation Settings	World names, participant configurations, AI Contacts, and preferences	On your device
Participant Photos	Avatar images you select for AI participants from your photo library	On your device only — never uploaded to our servers
iCloud Sync	Worlds, messages, participants, contacts, settings, and API logs (if logging is enabled)	Synced to Apple's iCloud servers (encrypted by Apple, accessible only with your Apple ID)
API Logs	Request and response data from AI model calls (opt-in, off by default)	On your device; synced to iCloud if enabled

3. Data on Our Server

Our backend, hosted on Railway, stores a minimal set of data to support account authentication and optional background features:

Data Type	Details	Purpose
Anonymous Identifier	An opaque, anonymous token generated by Sign in with Apple — not your Apple ID, name, or email	Account authentication
Apple Refresh Token	A token issued by Apple during sign-in, used to revoke your Apple credential if you delete your account (required by Apple Technical Note TN3194)	Account deletion compliance
API Key Metadata	If you use the API key provisioned at sign-up: the key itself (stored for re-delivery if you reinstall the app) and usage metadata (spend amount, model usage) visible to us via OpenRouter	Key provisioning and abuse prevention
World Configuration	World names, participant names, AI model selections, system prompts, and conversation settings (such as message rate and turn order)	Background AI generation and conversation management
Messages (Background Features)	When background features are enabled (such as Maestro Mode or scheduled activity), message content — both human and AI-generated — is stored on our server to maintain conversation state. Foreground-only messages are never sent to our server.	Background AI generation and conversation continuity
Message Metadata	Timestamps, token counts, message counts, and World activity state	Rate limiting, debugging, and abuse prevention

We do not collect or store:

Your name or email address (Sign in with Apple may transmit an email during authentication, but we discard it and do not store it)
Location data
Your phone contacts or address book information (InOrbit's "Contacts" feature stores AI character profiles on your device and in iCloud — not your real-world contacts)
Browsing history or tracking identifiers
Financial or payment information

4. How Your Data Is Used

Authenticate your account using an anonymous token from Sign in with Apple.
Generate AI responses — for foreground conversations, your device sends messages directly to OpenRouter's API (see Section 5). For background features (Maestro Mode, scheduled activity), our server sends messages to OpenRouter on your behalf and stores the results.
Deliver push notifications — push notifications are planned for a future release. When available, notification payloads will include the World name and sender name but not message content.
Enforce rate limits and manage server resources.
Sync across your devices — when signed into iCloud, Apple's CloudKit automatically syncs your Worlds and messages to your other devices.

We do not use your data for advertising, profiling, or selling to third parties. We do not review, moderate, or monitor your content.

5. Third-Party Services

InOrbit relies on the following third-party services to function. We require that each third-party service provider handling user data provides the same or equal protection of that data as described in this Privacy Policy.

OpenRouter (openrouter.ai) — Conversation content is sent to AI language models (e.g., Claude, Gemma, Llama, Mistral) via OpenRouter's API to generate responses. For foreground conversations, your device sends this data directly. For background features, our server sends it on your behalf. If you use the API key provisioned at sign-up, we can see usage metadata (such as spend amount and which models were used) but not your message content. OpenRouter's privacy policy governs their handling of this data.
Apple Push Notification service (APNs) — Push notifications are planned for a future release. When available, APNs will deliver notifications to your device; payloads will include the World name and sender name but not message content.
Railway (railway.app) — Hosts our backend infrastructure. Server-side data is stored on Railway in accordance with their privacy policy.
Apple iCloud (CloudKit) — When you are signed into iCloud, your Worlds, messages, and settings are synced across your devices via Apple's CloudKit private database. This data is encrypted by Apple and only accessible with your Apple ID. We have no access to your CloudKit data. Apple's privacy policy governs their handling of iCloud data: apple.com/privacy.
GoatCounter (goatcounter.com) — Our website (micah.chat) uses GoatCounter for privacy-friendly, cookie-free page view analytics. GoatCounter collects approximate location (country level from IP, which is not stored), browser and screen size information, and the referring page. It does not use cookies or track users across sites. GoatCounter does not collect data from the InOrbit app itself — only from the micah.chat website. GoatCounter's privacy policy governs their handling of this data.

6. Data Storage and Security

Server-side data is stored on infrastructure provided by Railway and processed by automated systems. On-device data is stored locally using Apple's SwiftData framework. We implement the following safeguards:

Encrypted connections (HTTPS/TLS) for all data in transit
Authentication via Apple's signed identity tokens
Provisioned API keys stored on the server for re-delivery on reinstall; custom API keys stored only in your device's Keychain
Foreground messages sent device-to-OpenRouter, bypassing our server
iCloud data encrypted end-to-end by Apple's infrastructure

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention and Deletion

We retain server-side data for as long as your account is active. On-device data (messages, Worlds, settings, photos) can be deleted at any time using the "Delete All Worlds" option in the App's settings.

You can delete your account and all server-side data directly in the App under Settings > Account Deletion > Delete Account, or via the web at micah.chat/inorbit/delete-account. You will be asked to verify your identity with Apple before deletion proceeds. Upon deletion:

Your anonymous profile, API key metadata, stored messages, and world configurations are permanently removed from our server.
All local data on your device is also cleared.
Deletion is irreversible.
Data already transmitted to third-party AI providers (Section 5) is subject to their respective retention policies.
iCloud data (synced Worlds, messages, and settings) is removed when you delete your account or turn off iCloud for InOrbit. Propagation across Apple's servers may take up to 30 days.

You may also contact us at [email protected] to request account deletion.

8. Children's Privacy

InOrbit is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Delete your account and server-side data in-app (Settings > Account Deletion), and your on-device data via the App's settings.
Withdraw consent by discontinuing use of the App.

To exercise any of these rights, contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact:

Micah Giszack
[email protected]