This Privacy Policy describes how Orqestr ("Orqestr, " "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the Orqestr platform, website, and related services (the "Service"). By using the Service, you agree to the practices described in this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Name
- Password (stored as a cryptographic hash, never in plain text)
- Workspace and organization details (name, slug, member roles)
1.2 Content and Configuration Data
When you use the Service, we store the content you provide, including:
- Agent configurations (system prompts, model selections, parameters)
- Task descriptions, inputs, and metadata
- Knowledge items and artifacts created by you or generated by agents
- Schedule and trigger configurations
- Project settings (orchestration rules, approval policies)
1.3 Usage and Execution Data
We automatically collect data about how the Service is used:
- Run execution data (inputs, outputs, messages exchanged between agents, token counts, cost)
- Activity logs (task creation, status changes, agent invocations, integration usage)
- Usage metrics (runs per period, tokens consumed, costs incurred)
1.4 Payment Information
Payments are processed by our payment partner, Paddle. We do not directly collect or store credit card numbers or bank account details. We receive from Paddle:
- Paddle customer ID and subscription ID
- Subscription status and plan information
- Transaction history and billing period data
1.5 Integration Credentials
When you connect third-party services, we store the credentials needed to access those services on your behalf:
- OAuth access tokens and refresh tokens
- API keys and authentication tokens
- MCP server URLs and connection metadata
All integration credentials are encrypted at rest using AES-256-GCM encryption. Raw credentials are never exposed in API responses.
1.6 BYOK API Keys
If you enable Bring Your Own Key (BYOK) mode, your OpenRouter API key is encrypted using AES-256-GCM and stored in our database. The key is only decrypted at the moment of making an LLM API call and is never logged or displayed. Only a masked preview is shown in the user interface.
1.7 Cookies and Tracking
We use the following cookies and similar technologies:
| Cookie / Technology | Purpose | Type |
|---|---|---|
| Session cookie | Authentication and session management | Essential |
| lastVisited | Remember your last visited project for navigation | Functional |
| PostHog | Product analytics and usage insights | Analytics |
Analytics cookies (such as PostHog) are only used with your consent where required by applicable law. You can manage your cookie preferences at any time through the cookie consent banner displayed when you first visit the Service.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process your Content through AI models to generate Outputs as directed by your agent configurations
- Manage your account, subscriptions, and billing
- Send transactional emails (verification, password reset, invitations, usage alerts)
- Monitor and enforce usage limits, spending caps, and plan restrictions
- Detect and prevent fraud, abuse, and security threats
- Improve and develop new features for the Service
- Provide customer support
3. Legal Basis for Processing (EEA/UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data on the following legal bases:
- Contract performance — to provide the Service as agreed in our Terms of Service (account management, task execution, billing).
- Legitimate interest — to improve the Service, prevent abuse, and ensure security, where our interests are not overridden by your rights.
- Legal obligation — to comply with applicable laws (e.g., tax and accounting requirements).
- Consent — for analytics cookies (PostHog), where required by applicable law. You may withdraw consent at any time.
4. How We Share Your Information
We do not sell your personal information. We share your data only in the following circumstances:
4.1 Third-Party Service Providers (Sub-processors)
We use the following services to operate the platform. Each processes data strictly for the purposes described:
| Provider | Purpose | Data Shared |
|---|---|---|
| OpenRouter | LLM inference (AI model execution) | Agent prompts, task content, conversation messages |
| Paddle | Payment processing and subscription management | Email, billing details, transaction data |
| Resend | Transactional email delivery | Email address, email content |
| Pipedream | Managed integration connectors | Integration credentials, action parameters |
| PostHog | Product analytics and logging | Usage events, anonymized interaction data |
| Tavily | Web search for agents | Search queries |
| DigitalOcean | Infrastructure hosting | All data (as infrastructure provider) |
4.2 Connected Third-Party Services
When you connect integrations (e.g., GitHub, Slack, Notion via MCP or Pipedream), your agents interact with those services using the credentials you provide. The data exchanged depends on the actions your agents perform and is governed by the respective third party's privacy policy.
4.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption at rest — Integration credentials and BYOK API keys are encrypted using AES-256-GCM.
- Encryption in transit — All data transmitted between your browser and our servers is encrypted via TLS/HTTPS.
- Password security — Passwords are stored as cryptographic hashes; plain-text passwords are never stored.
- API key security — API keys are stored as SHA-256 hashes. The raw key is shown only once at creation and cannot be retrieved afterward.
- Credential isolation — MCP tool calls are isolated with timeouts and error boundaries to prevent cascading failures.
While we take reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
- Account data — Retained for as long as your account is active. After account deletion, data is removed within 30 days.
- Activity logs and run data — Retained according to your subscription plan's log retention period. Older logs are automatically pruned. Detailed run step messages and run outputs beyond the retention window are cleared while summary records are preserved.
- Usage records — Retained for billing and accounting purposes as required by law.
- Integration credentials — Deleted when you disconnect the integration or delete your account.
7. International Data Transfers
The Service is hosted on infrastructure located in the United States. If you access the Service from outside the United States, your data will be transferred to, stored, and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms where required by applicable data protection laws.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of inaccurate or incomplete data.
- Deletion — Request deletion of your personal data, subject to legal retention requirements.
- Portability — Request your data in a structured, commonly used, machine-readable format.
- Objection — Object to processing based on legitimate interest.
- Restriction — Request that we restrict processing of your data in certain circumstances.
- Withdraw consent — Where processing is based on consent, you may withdraw it at any time.
To exercise these rights, contact us at [email protected]. We will respond within 30 days (or the timeframe required by applicable law). We may request verification of your identity before fulfilling your request.
8.1 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and share, the right to delete your information, and the right to opt out of the sale of personal information. We do not sell personal information as defined by the CCPA.
9. Children's Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information. If you believe a child has provided us with personal data, please contact us at [email protected].
10. AI Data Processing
A core function of the Service is processing your Content through third-party large language models (LLMs) via OpenRouter. With respect to Content you submit to the Service, you are the data controller and Orqestr acts as a data processor, processing such Content on your behalf in accordance with your instructions (i.e., your agent configurations, task definitions, and integration settings).
When an agent executes a task:
- Your agent prompts, task content, knowledge items, and conversation history are sent to the selected LLM provider for inference.
- We do not use your Content to train our own models. Data processing by third-party LLM providers is governed by their respective privacy policies and data processing agreements.
- In BYOK mode, LLM requests are made using your own API key. The data processing relationship for those requests is between you and the LLM provider.
- Agent Outputs (generated text, artifacts) are stored in our database and associated with your tasks. They are subject to the same retention policies as other Content.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: [email protected]