1. Introduction
This Privacy Policy applies to the ORBIT Chrome Extension ("ORBIT", "we", "our", or "us"), available on the Chrome Web Store. ORBIT is designed to help SaaS founders and digital creators manage customer comments, detect refund risk, and generate AI-powered replies on supported product platforms.
By installing or using ORBIT, you agree to the terms described in this policy. If you do not agree, please uninstall the extension.
2. Information We Access
ORBIT accesses the following information solely to provide its core functionality:
- Page content on supported platforms (e.g., AppSumo, Gumroad) โ specifically comment text visible on product pages you actively visit.
- Your product configuration โ product name, product description, and support email address that you enter into ORBIT's settings panel. This data is stored only in your browser's local storage (
chrome.storage.local). - Authentication state โ if you sign in to ORBIT, your Firebase authentication token and user ID are stored locally to maintain your session and credit balance. We never store your password.
- Subscription status โ if you activate a paid plan, ORBIT stores your subscription state and account linkage needed to verify paid access through Paddle and ORBIT's backend services.
3. Data Collection & Processing Summary
The following table summarizes all data collected, processed, or stored by ORBIT:
| Data Type | How Collected | Purpose | Stored Where | Shared With |
|---|---|---|---|---|
| Email & Name | Google Sign-in or Email registration | Authentication and account management | Firebase Auth / Firebase Firestore | Google Firebase only |
| User ID | Firebase Authentication | Session and subscription management | Firebase Auth / Firebase Firestore | Google Firebase only |
| Page Content (comments) | Content Script on supported platforms | AI reply generation only | Not stored by ORBIT | Google Gemini API transiently for generating the requested reply |
| Extension Settings | User input in the extension | Extension functionality | Browser local storage only | Nobody |
| Auth Token | Firebase Authentication | Session management | Browser local storage only | Nobody |
| Subscription Status | Paddle checkout/webhook via ORBIT backend | Feature access control and subscription verification | Firebase Firestore / ORBIT backend | Paddle for billing only |
| Webhook Notification Data | User-enabled webhook feature | Optional external notifications | Not stored by ORBIT unless saved as extension setting | User-provided webhook endpoint such as Slack |
4. Local Processing & Data Security
โก Core Privacy Commitment: All comment analysis, sentiment scoring, and Refund Risk Score calculations are performed locally within your browser or via direct, encrypted API calls made from your device. ORBIT does not operate its own AI infrastructure that stores or logs your customers' comment data.
Specifically:
- AI reply generation is performed via a secure, direct API call to Google Gemini from your browser, or through ORBIT's Cloudflare Worker proxy. The proxy forwards your request and immediately returns the response โ it does not persist comment content or generated replies.
- ORBIT does not build a database of your customers' comments on our servers.
- ORBIT does not log IP addresses associated with processed comments.
- All settings and preferences are saved exclusively in your browser's local storage and never transmitted to ORBIT's servers.
5. Sharing & Sale of Data
We do not sell, rent, or trade your personal data to third parties. Period. We will never monetize your data or your customers' data in any way.
We may share limited, non-personal information only in the following circumstances:
- Service providers: We use Google Firebase for authentication and Google Gemini for AI generation. These providers have their own privacy policies and are bound by data processing agreements.
- Subscription billing: Payment and subscription metadata are shared with Paddle solely to process billing events and verify access to paid features.
- Legal compliance: We may disclose information if required by law or to protect the rights and safety of users, provided we are legally compelled to do so.
6. Limited Use Policy
ORBIT's access to page content is strictly limited and purposeful:
- ORBIT only reads data on supported product pages (currently AppSumo and Gumroad) where you have explicitly navigated to. It does not read data on any other websites.
- ORBIT reads comment text only to provide the AI reply and risk-scoring features you have requested. The data is not used for profiling, advertising, or any secondary purpose.
- ORBIT does not track your browsing history, collect URLs outside supported platforms, or spy on your activity in any way.
- ORBIT never reads or accesses any form fields, passwords, payment details, or personally identifiable information beyond what is described in Section 2.
This extension complies with the
Chrome Web Store's Limited Use Policy and Google's requirements for extensions
that request storage, authentication access, and limited host permissions.
7. Third-Party Services
ORBIT integrates with the following third-party services. Each operates under its own privacy policy:
- Google Firebase โ Authentication and user account management. Firebase Privacy Policy
- Google Gemini API โ AI text generation. Comment text is sent to Gemini to generate a reply draft. Gemini API Terms
- Paddle โ Subscription billing and payment processing. Paddle Privacy Policy
- Slack Webhooks โ Optional user-configured notifications. Data is sent only when the user enables webhook notifications and provides a webhook URL.
- Cloudflare Workers โ Serverless proxy for managed AI requests. Requests are not logged or stored. Cloudflare Privacy Policy
8. Data Retention & Deletion
Since ORBIT stores settings and authentication data locally in your browser, you have full control over your data at all times:
- You can clear all ORBIT data by uninstalling the extension. Chrome will remove all associated local storage.
- You can sign out of ORBIT at any time from the extension popup. This clears your authentication token from local storage.
- You can cancel or manage your subscription through Paddle or by contacting ORBIT support.
- If you created a Firebase account with ORBIT, you may request account deletion by contacting us at the email address below.
9. Children's Privacy
ORBIT is not directed toward children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy periodically. Any changes will be reflected by updating the "Last Updated" date at the top of this page. We encourage you to review this policy from time to time. Continued use of ORBIT after changes constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please reach out to us: