Introduction
1.1 Orbis AI, LLC ("ORBIS," "we," "us") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use the ORBIS platform and visit orbis.restaurant.
1.2 By using ORBIS, you consent to the practices described in this Policy. If you do not agree, do not use the Services.
Information We Collect
We collect the following categories of information:
2.1 Account Information. Restaurant name, contact person name, email address, WhatsApp number, preferred language, and business address. Collected during onboarding.
2.2 Financial Documents. Supplier invoices (PDF, image, or text format) received in the Gmail inbox you authorize ORBIS to monitor. These are processed by ORBIS to generate financial reports and detect invoice discrepancies.
2.3 Gmail Access. We access your designated Gmail inbox via Google OAuth 2.0 solely to monitor incoming supplier invoices. We do not read personal emails, marketing messages, or any content unrelated to restaurant financial operations. We do not store Gmail credentials - access is maintained through OAuth tokens.
2.4 Review Data. Guest reviews from Google Business Profile, Yelp, and TripAdvisor, collected by ORBIS for sentiment analysis and response drafting. ORBIS also publishes reply text to your Google Business Profile on your behalf via the Google Business Profile API after you approve each response.
2.5 Staff Interactions. Questions asked by staff via WhatsApp, including query text and response. No personal staff data is collected beyond the WhatsApp number used to send the query.
2.6 Scheduling Data. Shift schedules, labor hours, and related operational data processed by ORBIS.
2.7 Reservation Data. Guest name, phone number, party size, date, and time collected by ORBIS during phone or WhatsApp reservations.
2.8 Usage Data. Technical data about how you interact with ORBIS, including timestamps of ORBIS interactions, WhatsApp message delivery status, and system logs.
How We Use Your Information
We use collected information solely to:
- Provide, maintain, and improve the ORBIS platform and its services
- Generate financial reports, detect invoice discrepancies, and send financial alerts
- Monitor and respond to guest reviews on your behalf
- Answer staff questions from your operational knowledge
- Optimize shift scheduling and labor cost analysis
- Process telephone reservations
- Communicate with you about your account, billing, and service updates
- Comply with legal obligations
AI Data Processing
4.1 ORBIS uses third-party AI services (Anthropic) to process your data. Your data is sent to Anthropic for analysis and is subject to Anthropic's data handling policies. ORBIS does not use your data to train AI models.
4.2 AI processing occurs in real-time and on-demand. Processed outputs (P&L reports, dispute emails, review responses, compliance reports) are stored in ORBIS's database.
4.3 Google API Compliance. ORBIS's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
4.4 Google OAuth Scopes. ORBIS requests the following Google OAuth scopes, each with a specific operational purpose:
- gmail.readonly - read incoming supplier invoice PDFs (Business Watchdog) and important professional emails for digest (Personal)
- gmail.send - send dispute emails to suppliers and accountant exports on user behalf, only after user approval
- calendar - read and create events for shift scheduling (Business) and personal scheduling (Personal)
- business.manage - read incoming Google Business Profile reviews and post approved responses on behalf of restaurant owner
4.5 Limited Use Commitments. Data received from Google APIs is governed by the following specific commitments:
- 4.5.1 We do not use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
- 4.5.2 We do not transfer Google user data to third parties except (a) as necessary to provide or improve the user-facing features described in this policy, (b) to comply with applicable law or valid legal process, or (c) as part of a merger, acquisition, or sale of assets with prior notice to users.
- 4.5.3 We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine-learning models. Specific AI processing of restaurant data to generate reply drafts, dispute emails, and operational summaries is performed via Anthropic's API under a no-training contractual commitment; Anthropic does not use this data to train its models.
- 4.5.4 No human at ORBIS reads Google user data except (a) with the operator's explicit consent in a support context, (b) for security or to investigate abuse, or (c) to comply with applicable law. All routine processing is automated.
Data Storage and Security
5.1 Storage. Your data is stored in Supabase cloud infrastructure. All data is encrypted in transit and at rest.
5.2 Access Controls. Access to client data is restricted to authorized ORBIS personnel on a need-to-know basis. Each client's data is logically separated in the database.
5.3 Retention. We retain your data for the duration of your subscription and for sixty (60) days following termination. After this period, data is permanently deleted unless you request earlier deletion or data export.
Data Sharing
6.1 We do not sell, rent, or trade your personal or business information to third parties.
6.2 We may share data with:
- Service providers who assist in delivering the ORBIS platform (Anthropic, Google Cloud, Meta Platforms (WhatsApp Business Cloud API), Supabase, Stripe (payment processing)) - only to the extent necessary to provide the Services
- Law enforcement or regulatory authorities when required by law or legal process
- In connection with a merger, acquisition, or sale of ORBIS assets, subject to confidentiality obligations
6.3 We may use anonymized, aggregated data that cannot reasonably identify you for product improvement and industry benchmarking.
Your Rights
7.1 Access. You may request a copy of all data ORBIS holds about your restaurant at any time.
7.2 Correction. You may request correction of inaccurate data.
7.3 Deletion. You may request deletion of your data. We will comply within thirty (30) days, except where retention is required by law.
7.4 Export. Upon termination, you may request export of all your data in standard formats (CSV, PDF, JSON).
7.5 Revoke Access. You may revoke any Google OAuth grant at any time at https://myaccount.google.com/permissions. Revoking Gmail OAuth disables invoice monitoring; revoking Calendar OAuth disables shift scheduling; revoking Google Business Profile OAuth disables review monitoring and reply posting. Revocation is effective immediately and ORBIS cannot retain access after revocation.
7.6 To exercise any of these rights, contact us at temo@orbis.restaurant.
7.7 Google Data Deletion. You may delete all Google-derived data (Gmail-extracted invoices, contacts, calendar events, review history) at any time via the in-app endpoint /account/delete-google-data or by contacting temo@orbis.restaurant. Deletion is processed within 24 hours.
Children's Privacy
8.1 ORBIS is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.
Changes to This Policy
9.1 We may update this Privacy Policy from time to time. Changes will be posted at orbis.restaurant/legal/privacy with an updated effective date. Continued use of ORBIS after changes constitutes acceptance.
Contact
10.1 For privacy-related inquiries: temo@orbis.restaurant
10.2 Orbis AI, LLC, 41 Wilson Avenue, 3G, Newark, NJ 07105