Privacy Policy

Last updated: May 2026

1. Information we collect

We collect the information you provide directly: name, email, optional profile photo, timezone, preferred language, and all the content you create inside the platform (projects, tasks, comments, wikis, attachments, time entries). If you subscribe to a paid plan we also store your billing country and the subscription identifier issued by the payment provider.

2. How we use your information

We use your information to operate the service, authenticate you, send operational notifications (deadline reminders, assignments, configurable digests), and protect the platform from abuse. We do not use it for ad profiling and we do not share it with ad networks.

3. Storage and security

Your data is stored on our own servers. Passwords are hashed with bcrypt; refresh tokens are rotated with compromise detection. All connections use TLS 1.2+. Sensitive tokens (API keys, SCIM) are stored only as SHA-256 hashes.

4. Data sharing

We do not sell your personal information. We share it with third parties only when strictly necessary to operate the service:

• Payment processing: Mercado Pago (primary provider for LATAM), Paddle (when activated, international) or Stripe (fallback). They receive your email, country and plan; they never receive your password or full card details — checkout runs on the provider's own domain.
• Push notifications: Firebase Cloud Messaging (Google) receives the device token and the notification payload.
• Optional integrations: Slack, GitHub, Microsoft Teams, Google Calendar — only when you or your organization admin enables them.
• SSO/SAML: your corporate Identity Provider, only if your organization configures SSO.

5. Your rights

You can access, correct, or delete your information at any time from your account settings. To exercise GDPR rights (access, portability, erasure, rectification) write to us at privacy@orkestra.team.

6. Retention

We retain your information while your account is active. When you delete your account, personal data is removed or anonymized as appropriate. Organization administrators may configure additional retention policies for tasks, comments and audit logs.

7. Contact

For privacy inquiries, write to us at privacy@orkestra.team.