Privacy Policy

Last updated: January 2025

1. Introduction

Orchesity ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered backend generation platform.

By using Orchesity, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, password (hashed), and profile details
  • Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
  • Project Data: API prompts, generated code, framework preferences, and deployment configurations
  • Usage Data: Credits consumed, API calls, generation history, and feature usage

2.2 Automatically Collected Information

  • Device Information: IP address, browser type, operating system, and device identifiers
  • Log Data: Access times, pages viewed, API endpoints accessed, and error logs
  • Cookies: Session cookies for authentication and preferences (see Cookie Policy)

3. How We Use Your Information

  • Provide, maintain, and improve our AI generation services
  • Process payments and manage subscriptions
  • Generate backend code based on your prompts using AI models (OpenAI, Anthropic, Google)
  • Analyze usage patterns to improve model performance and accuracy
  • Send service updates, security alerts, and support messages
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations and enforce our Terms of Service

4. AI Model Providers

Orchesity uses third-party AI providers (OpenAI, Anthropic, Google Gemini) to generate code. Your prompts and project context are sent to these providers for processing. We have data processing agreements with all providers to ensure:

  • Your data is not used to train their models without explicit consent
  • Data is encrypted in transit and at rest
  • Providers comply with GDPR, CCPA, and SOC 2 Type II standards
  • Data retention is limited to 30 days for troubleshooting purposes

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Service Providers: Stripe (payments), AWS (hosting), Redis (caching), PostgreSQL (database)
  • AI Providers: OpenAI, Anthropic, Google (for code generation only)
  • Legal Requirements: When required by law, subpoena, or to protect our rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

6. Data Security

We implement industry-standard security measures:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • JWT-based authentication with HTTP-only cookies
  • Regular security audits and penetration testing
  • Role-based access control (RBAC) for internal systems
  • SOC 2 Type II compliance (Enterprise tier)

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your account and data (within 30 days)
  • Portability: Export your project data in JSON format
  • Object: Opt-out of marketing communications
  • Restrict: Limit how we process your data

To exercise these rights, contact privacy@orchesity.com

8. Data Retention

  • Account Data: Retained while your account is active, deleted 30 days after account closure
  • Generated Code: Stored for 90 days (Free), 1 year (Starter/Pro), indefinitely (Enterprise)
  • Logs: Retained for 90 days for security and troubleshooting
  • Payment Records: Retained for 7 years for tax compliance

9. International Transfers

Your data may be transferred to and processed in the United States and other countries. We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for EU/UK users.

10. Children's Privacy

Orchesity is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be notified via email. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy questions or to exercise your rights: