Privacy Policy

1. Introduction

ORbit Surgical ("we," "our," or "us") operates the ORbit platform, including our web application and iOS mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and professional role. Accounts are provisioned by your facility administrator.

Operational Data

The Service records surgical workflow data including case milestones, timestamps, room assignments, and procedural information. This data is entered by authorized facility staff and is used for operational analytics and efficiency tracking.

Device Information

We collect device identifiers for push notification delivery and basic device information to ensure app compatibility.

Usage Data

We store user preferences such as display settings and notification preferences locally on your device using standard platform storage (UserDefaults on iOS).

3. How We Use Your Information

• Provide and maintain the Service, including real-time surgical workflow tracking
• Generate analytics and efficiency metrics for your facility
• Send push notifications for case updates, schedule changes, and system alerts
• Authenticate your identity and enforce access controls
• Improve and optimize the Service

4. Data Storage and Security

Your data is stored securely using Supabase (built on PostgreSQL) with row-level security policies that ensure users can only access data within their authorized facility. All data is transmitted over HTTPS/TLS encryption. We implement role-based access controls to limit data access to authorized personnel.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data with:

• Service providers: Supabase (database hosting), Apple Push Notification Service (push notifications), and Vercel (web hosting) — solely to operate the Service
• Your facility: Aggregated analytics and operational data are accessible to authorized administrators within your facility
• Legal requirements: When required by law, regulation, or legal process

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Facility administrators may request deletion of facility data. Upon account deletion, your personal information is removed, though de-identified analytics data may be retained.

7. Your Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and personal data
• Opt out of non-essential push notifications

To exercise these rights, contact your facility administrator or reach out to us directly.

8. Third-Party Tracking

We do not use third-party tracking, advertising SDKs, or analytics platforms that track users across apps or websites. We do not participate in cross-app or cross-site tracking.

9. Children's Privacy

The Service is designed for healthcare professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

ORbit Surgical
Email: contact@orbitsurgical.com