Privacy Policy

Last updated: March 26, 2026 · Effective: March 26, 2026

1. Introduction

This Privacy Policy describes how Tatsuya Tajima ("we", "us", "our") collects, uses, and protects your personal information when you use the Orbit: LifeOS mobile application ("Orbit", "the App").

By using Orbit, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.

2. Information We Collect

2.1 Information You Provide

Account information: When you sign in using Apple Sign-In, we receive your Apple ID identifier and, if you choose to share it, your name and email address. You may also use the App anonymously without providing personal details.

Goal and progress data: Information you enter about your goals, including goal descriptions, target values, current measurements (such as body weight, exercise frequency, or other health-related metrics), daily action completions, weekly reflections, and mood ratings.

Coaching interactions: Messages you send through the Ask Orbit feature, including questions and context about your goals.

2.2 Information Collected Automatically

Usage data: How you interact with the App, including feature usage, session duration, and action completion patterns. This data is used to improve the App experience and is not sold to third parties.

Device information: Device model, operating system version, and app version, collected for compatibility and debugging purposes.

2.3 Sensitive Data

Some of the data you provide may be considered sensitive, including health-related information such as body weight, exercise habits, dietary information, and mental health indicators (mood ratings, stress levels). We process this data only to provide the App's core functionality and with your explicit consent.

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

Consent (Article 6(1)(a) GDPR): For processing health-related data and sending your data to AI service providers. You provide this consent when you create a goal and enter health-related information.

Performance of a contract (Article 6(1)(b) GDPR): For providing the Orbit service, managing your subscription, and generating personalized plans.

Legitimate interests (Article 6(1)(f) GDPR): For improving the App, ensuring security, and analyzing aggregated usage patterns. Our legitimate interest is to maintain and improve the quality of the service.

You may withdraw your consent at any time by deleting your account. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4. How We Use Your Information

We use your information for the following purposes:

• To provide the Orbit service: Generating personalized strategies, daily actions, weekly analyses, and AI coaching responses based on your goal data and progress.
• To process your data with AI services: Your goal descriptions, progress data, and coaching messages are sent to third-party AI service providers to generate personalized plans, analyses, and coaching responses. See Section 6 for details.
• To manage your subscription: Processing payments through Apple's In-App Purchase system and verifying your subscription status.
• To improve the App: Analyzing aggregated, anonymized usage patterns to improve features and user experience.
• To communicate with you: Sending push notifications related to your goals (which you can disable), and responding to support inquiries.

5. Data Storage and Security

Your data is stored in Google Firebase (Firestore), hosted on Google Cloud infrastructure. Primary data storage is located in the United States. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Third-Party AI Data Processing

Orbit uses third-party AI services to generate personalized content. This is a core part of how the App works.

What data is sent: Your goal descriptions, progress metrics, daily action data, constraint information, and coaching messages are sent to AI service providers to generate strategies, daily actions, weekly analyses, and coaching responses.

Which providers: We currently use OpenAI's API services. We may change or add providers in the future and will update this policy accordingly.

How your data is handled by AI providers: Data submitted through the OpenAI API is used solely to generate a response for you. Under OpenAI's API Data Usage Policy, data submitted through the API is NOT used to train or improve their AI models. Data is retained by OpenAI for up to 30 days for abuse and misuse monitoring, after which it is deleted.

What is NOT sent: Your Apple ID credentials, payment information, or device identifiers are never sent to AI providers.

For EEA/UK users: This data transfer to AI providers in the United States is carried out with your explicit consent (see Section 3) and subject to appropriate safeguards including the provider's data processing agreements and standard contractual clauses.

7. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We share your data only in the following circumstances:

• AI service providers: As described in Section 6, to provide core App functionality.
• Firebase / Google Cloud: For data storage and cloud function execution.
• Apple: Payment processing for subscriptions is handled entirely by Apple. We do not receive or store your payment details.
• Legal requirements: We may disclose your information if required by law, regulation, or legal process, or to protect the rights, property, or safety of our company, users, or others.

8. International Data Transfers

Your data is stored and processed in the United States, where our cloud infrastructure and AI service providers operate.

For EEA/UK users: We transfer data outside the EEA/UK based on:

• Your explicit consent for health-related data processing
• Standard Contractual Clauses (SCCs) with our cloud and AI service providers
• The service providers' participation in applicable data protection frameworks

For Japanese users: Cross-border transfers are conducted in compliance with Article 28 of the Act on Protection of Personal Information (APPI), based on the consent you provide when using the App and on our confirmation that receiving parties maintain appropriate data protection standards.

9. Your Rights

9.1 All Users

• Access: You can view all your goal data, progress history, and reflections within the App.
• Deletion: You can request deletion of your account and all associated data by contacting us at ttatsuw1124@gmail.com. We will process deletion requests within 30 days.
• Export: You may request a copy of your data in a portable format by contacting us at ttatsuw1124@gmail.com.
• Notifications: You can control push notification settings through your device's Settings app.

9.2 Additional Rights for EEA/UK Users (GDPR)

Under the General Data Protection Regulation, you also have the right to:

• Rectification: Request correction of inaccurate personal data.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Data portability: Receive your data in a structured, commonly used, machine-readable format.
• Withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
• Lodge a complaint: File a complaint with your local data protection authority.

To exercise these rights, contact us at ttatsuw1124@gmail.com. We will respond within 30 days (extendable by up to 60 days for complex requests, with prior notice).

9.3 Additional Rights for Japanese Users (APPI)

Under the Act on Protection of Personal Information, you have the right to:

• Disclosure: Request disclosure of personal information we hold about you.
• Correction: Request correction, addition, or deletion of inaccurate personal data.
• Cessation of use: Request that we cease using or delete your personal data if it was obtained improperly or is no longer necessary for the purpose of use.
• Cessation of third-party provision: Request that we stop providing your personal data to third parties.

To exercise these rights, contact us at ttatsuw1124@gmail.com. We will respond within a reasonable period in accordance with APPI requirements.

Purpose of use (APPI Article 21): We use your personal information for the purposes described in Section 4 of this policy. We will not use your information beyond these purposes without obtaining your prior consent.

10. Data Retention

• Active accounts: Your data is retained as long as your account is active.
• Completed goals: Data for completed goals is retained in your account history so you can review past achievements.
• Deleted accounts: Upon account deletion, all associated data is permanently removed from our systems within 30 days. Backups containing your data are purged within 90 days.
• Anonymous accounts: If you use the App anonymously and uninstall it, your data remains in our systems. Contact us at ttatsuw1124@gmail.com to request deletion.
• AI provider retention: Data sent to AI providers is retained by them for up to 30 days for abuse monitoring, then deleted.

11. Children's Privacy

Orbit is not directed at children under the age of 16 in the EEA/UK, or under the age of 13 in other regions. We do not knowingly collect personal information from children below these ages. If we become aware that we have collected data from a child below the applicable age, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at ttatsuw1124@gmail.com.

12. Cookies and Tracking Technologies

The App does not use cookies. We do not use third-party analytics SDKs or advertising trackers. Usage data is collected through Firebase Analytics with anonymized identifiers only.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will notify you through the App at least 30 days before the changes take effect. Minor changes (such as clarifications) take effect upon posting. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

14. Data Protection Contact

For EEA/UK users: If you have concerns about our data processing, you may contact us at ttatsuw1124@gmail.com.

For Japanese users: For inquiries regarding the handling of personal information, contact us at ttatsuw1124@gmail.com.

15. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Email: ttatsuw1124@gmail.com