Privacy Policy

We collect information you provide directly when you create an account, use our services, or communicate with us. This includes your name, email address, company name, billing information, and any content you upload or create within the platform.

We automatically collect certain technical information when you use OrchStack, including IP address, browser type, device information, operating system, referring URLs, and usage data such as pages visited, features used, and actions taken within the platform.

When you use the OrchStack platform to build and deploy agents, we process agent configuration data, workflow definitions, execution logs, and performance metrics. We do not access or store the content of your end-user conversations unless you explicitly enable logging.

We use your information to provide, maintain, and improve the OrchStack platform. This includes processing your requests, managing your account, providing customer support, sending service-related communications, and developing new features.

We use aggregated and anonymized usage data to understand how our platform is used, identify trends, measure performance, and improve our services. This data cannot be used to identify individual users.

We may use your contact information to send you marketing communications about OrchStack products and features, but only with your consent. You can opt out of marketing emails at any time by clicking the unsubscribe link.

Your data is stored in secure, SOC 2-compliant cloud infrastructure with encryption at rest (AES-256) and in transit (TLS 1.3). We maintain strict access controls and regularly audit our security practices.

Agent execution data and logs are retained according to your plan settings. You can configure retention policies from the Control dashboard. When data is deleted, it is permanently removed from all primary and backup systems within 30 days.

We implement industry-standard security measures including regular penetration testing, vulnerability scanning, employee security training, and incident response procedures.

OrchStack integrates with third-party LLM providers (such as OpenAI, Anthropic, and Google) to power agent capabilities. When your agents make LLM calls, the input and output data is processed by the selected provider according to their respective privacy policies.

We use third-party services for analytics, payment processing, email delivery, and infrastructure hosting. These providers are contractually bound to protect your data and may only use it to provide their services to us.

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data. You can exercise most of these rights directly from your account settings in the OrchStack dashboard.

You have the right to request a complete export of your data in a machine-readable format. You can also request deletion of your account and all associated data. We will process deletion requests within 30 days.

If you are located in the European Economic Area, you have additional rights under GDPR including the right to restrict processing, the right to object to processing, and the right to lodge a complaint with a supervisory authority.