Privacy

Last updated: February 11, 2026
ORION.AI ("Orbital"), 20 rue du Sapeur Michel Jouan, 35000 Rennes. Contact: thomas@getorbital.ai

1. Data Collected and Purposes

Email, first and last name
Account management - Contract (Art. 6.1.b)

Password (hashed)
Authentication - Contract (Art. 6.1.b)

AI conversations
Service operation - Contract (Art. 6.1.b)

Activity logs
Security and audit - Legitimate interest (Art. 6.1.f)

Browsing data (Clarity)
Experience improvement - Consent (Art. 6.1.a)

2. Sub-processors

Google Cloud
Infrastructure - Europe

Anthropic — AI (Claude)
AI processingUS — SCCs, Zero Data Retention

OpenAI — AI (GPT)
AI processingUS — SCCs, Zero Data Retention

Logfire
Monitoring - Europe

Microsoft Clarity
AnalyticsUS — DPF, SCCs (consent only)

AI providers receive only your dataset metadata and messages — never the raw data from your databases. They are contractually bound not to reuse this data.

3. International Transfers

Transfers to the United States (Anthropic, OpenAI, Clarity) are governed by Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework, with TLS encryption in transit.

4. Retention

User account
Contract duration + 30 days

AI conversations
Contract duration

Activity logs
Rolling 12 months

4. Cookies

JWT (session) · Language
Essential to operation — no consent required

_clck · _clsk · CLID (Microsoft Clarity)
Analytics — consent required via cookie banner

5. Your Rights

You have the right to access, rectify, delete, restrict, port, and object to the processing of your personal data. Contact thomas@getorbital.ai — response within 1 month.As Orbital is a B2B tool, please first contact your organization's administrator for any account-related requests.You may also lodge a complaint with the CNIL: www.cnil.fr

6. Google API Services User Data

MatR integrates with Google APIs via OAuth 2.0 to allow users to connect their advertising and analytics accounts.
‍
Data Accessed:
‍
Google Ads API (adwords): campaign performance metrics, ad spend, impressions, clicks, conversions, and account structure data.
Google Analytics API (analytics.readonly): website traffic metrics, session data, conversion goals, and audience reports.No Google user profile data, Gmail data, or any other Google service data is accessed.
‍
Data Usage:

This data is used solely to provide analytics, reporting, and insights within the MatR platform, strictly on behalf of the authenticated user and their organization. It is never used to train AI/ML models, for advertising purposes, or for any use unrelated to the user's explicit request.
Data Sharing: Google API data is not sold or shared with third parties. It may transit through our infrastructure sub-processors (Google Cloud, Europe region) strictly for processing purposes.
‍
Data Storage & Protection:

Data is stored on Google Cloud Platform (Europe), encrypted at rest and in transit (TLS 1.2+). Access is restricted to authorized MatR personnel and automated processes strictly necessary for service delivery.
Data Retention & Deletion: Google API data is retained for the duration of the customer contract, then deleted within 30 days. Users may request deletion at any time by contacting thomas@itmatr.tech.
‍
MatR's use of Google API Services data complies with the Google API Services User Data Policy, including the Limited Use requirements.