Privacy Policy

• Information you provide: name, business email address and phone number, account credentials and settings, and the content of your communications with us.
• Information collected automatically: Internet Protocol (IP) address, device and browser characteristics, and usage information, collected through cookies and similar technologies (see our Cookie Notice).
• Operational telemetry: non-content usage, diagnostic, and performance data, such as feature-usage counts, performance metrics, and error information.

We collect this information from:

• you, when you provide it directly;
• your device or browser, through cookies and similar technologies;
• your Customer organization, in connection with account administration and use of the Services;
• our service providers; and
• publicly available business-contact sources, such as company websites, professional networking sites, and business directories.

Where we do not collect personal information directly from you, the categories generally are business-contact details (such as name, business email address, business phone number, employer, and job title), account-administration information, and communications related to the Services.

Some personal information (such as account registration details and authentication credentials) is necessary to create and maintain an account, provide and secure the Services, authenticate users, respond to requests, and meet our legal obligations. Where we request such information and you do not provide it, we may be unable to create or administer your account or provide the relevant feature, support, or response.

We use personal information to provide, secure, and operate the Services; create and manage accounts and communicate about the Services; provide support; monitor and improve the Services using non-content operational telemetry; detect and prevent fraud, abuse, and security incidents; and comply with legal obligations and establish or defend legal claims. We use publicly available business-contact information to respond to business inquiries, manage Customer and prospective-Customer relationships, and send business communications where permitted by law; you may opt out of marketing communications at any time using the unsubscribe link or by contacting info@orbitcrm.ai.

If you are in the European Economic Area or the United Kingdom, the laws we rely on to use your information are: performing our contract with you; our legitimate interests in operating, securing, and improving the Services, managing our business relationships, and preventing misuse; your consent where we ask for it (for example, for non-essential cookies or marketing); and compliance with our legal obligations. You can contact us at info@orbitcrm.ai for more detail on any of these. Outside the European Economic Area, the United Kingdom, and Switzerland, we rely on similar legal grounds to process personal information, including the need to provide the Services, our legitimate interests in operating and improving our business, your consent where we request it, and compliance with legal obligations. Customer Data that we process only on a Customer's behalf is outside this Policy and is governed by the applicable Customer agreement and Data Processing Addendum.

We do not currently use personal information covered by this Policy to make solely automated decisions, within the meaning of Article 22 of the GDPR, that produce legal or similarly significant effects. We also do not use it for targeted advertising or covered profiling, as those terms are defined under applicable law.

We do not use the records you keep in the Services, such as your contacts, accounts, and deal data, to train, fine-tune, or improve artificial-intelligence models, and we do not sell those records, in each case as those terms are defined under applicable law. These records are Customer Data, which we process on a Customer's behalf under the applicable Customer agreement and our Data Processing Addendum; we would use Customer Data to train or improve artificial-intelligence models only under a separate signed agreement with that Customer.

For other personal information covered by this Policy, we likewise do not currently use it to train, fine-tune, or improve artificial-intelligence models. We may use de-identified and aggregated usage information to operate, evaluate, and improve the Services and their features, and where we de-identify information we maintain and use it only in de-identified form and do not attempt to re-identify it, except as reasonably necessary to test that our de-identification is effective. If we later use personal information to train or improve artificial-intelligence models, we will do so only after providing appropriate notice and obtaining any consent or authorization required by law. We evaluate any such artificial-intelligence features against our privacy and security obligations and applicable law before deploying them.

We do not sell personal information or share it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act. We disclose personal information only:

• to service providers and processors that support the Services (such as hosting, security, analytics, support, and incident-response providers) and are bound by confidentiality and data-protection obligations; for Customer Data we process on a Customer's behalf, we use a subset of these providers, identified in our sub-processor list at orbitcrm.ai/legal/subprocessors;
• to our professional advisers (such as lawyers, accountants, and auditors) under confidentiality obligations;
• to administrators within your Customer organization, for administration, auditing, and reporting;
• as required for legal compliance, lawful requests, and to protect rights, property, and safety; and
• in connection with a merger, acquisition, financing, reorganization, or sale of assets, as reasonably necessary for that transaction and subject to appropriate confidentiality or data-protection terms.

We use essential cookies and similar technologies, and do not use advertising or marketing cookies. We use analytics and other non-essential technologies only where permitted by law or after obtaining any required consent; where consent is required, those technologies are disabled unless and until enabled by the user. Our Cookie Notice at orbitcrm.ai/legal/cookies describes the categories of cookies and similar technologies we use, their purposes and duration, the providers involved where applicable, and how you can manage your preferences. We honor recognized opt-out preference signals, such as Global Privacy Control (GPC), where required by law, by treating them as a request to opt out of any sale or sharing of personal information or processing for targeted advertising, even though we do not currently engage in such processing. Because there is no common standard for "Do Not Track" browser signals, we do not respond to them. Where we rely on consent for non-essential technologies, you may withdraw that consent through any cookie or preference controls we make available in the Services or by contacting us.

We maintain an information security program with administrative, technical, organizational, and physical safeguards designed to protect personal information against unauthorized or unlawful access, use, alteration, disclosure, loss, or destruction, appropriate to the nature of the information we process. Our safeguards are designed to align with industry-standard practices for services of this type. We maintain internal policies, limit access to personal information to authorized personnel who require it for the purposes described in this Policy, and review our privacy and security practices periodically. Although no method of transmission or storage can be guaranteed to be completely secure, we take reasonable and appropriate measures to protect personal information in light of the risks and the nature of the information.

Where we are responsible for personal information covered by this Policy and become aware of a breach of security leading to its accidental or unlawful destruction, loss, or alteration, or its unauthorized disclosure or access, we will investigate, take steps aimed at mitigating resulting risks where appropriate, and, where required by law, notify affected individuals or other parties. Security obligations for Customer Data are governed by the applicable Customer agreement and our Data Processing Addendum.

For security-related questions or to report a potential vulnerability, you may contact us at security@orbitcrm.ai or at the postal address in Section 12.

We retain personal information for as long as reasonably necessary for the purposes described above and to meet our legal and recordkeeping obligations, after which we delete or de-identify it. Customer Data is governed by the applicable Customer agreement and our Data Processing Addendum. We generally retain personal information as follows:

The Services are hosted in the United States, and your information may be processed here and in other countries where we or our service providers operate, as described in our sub-processor list. If you are in the European Economic Area, the United Kingdom, or Switzerland and we transfer your information to a country without an applicable adequacy decision, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses and the UK equivalent. We also implement technical and organizational measures designed to protect personal information during and after transfer. You may contact us at info@orbitcrm.ai for more information about these safeguards or to obtain a copy or description of the relevant transfer mechanism, where legally required.

Depending on where you live, you may have rights to confirm whether we process your personal information; to access, correct, delete, or obtain a portable copy of it; to receive a list of the specific third parties to whom we disclosed personal information, or categories of third parties where applicable, as required by law; to opt out of any sale, sharing, targeted advertising, or covered profiling; to limit the use and disclosure of sensitive personal information; to restrict or object to processing where applicable; to withdraw consent where processing is based on consent; and, under the GDPR, UK GDPR, or other applicable law, to lodge a complaint with a supervisory authority, in each case where we engage in the relevant processing and the applicable conditions are met. To exercise a right, you may email us at info@orbitcrm.ai or submit a request through our privacy request form at orbitcrm.ai/legal/privacy-request. We may ask for information reasonably necessary to verify your identity and process the request, will respond within the time required by law, and will not discriminate against you. Authorized agents must provide proof that you have given them signed permission to submit the request, and we may require you to verify your identity directly with us unless prohibited by law. Where the law provides a right of appeal, you may appeal a denied request by emailing info@orbitcrm.ai with the subject line "Privacy Appeal."

European Economic Area, United Kingdom, and Switzerland. Where the GDPR or UK GDPR applies, you have the right to request access to your personal information, to request its rectification or erasure, to request restriction of processing, to object to processing (including where we rely on legitimate interests), and to request data portability, in each case where the relevant conditions are met. You also have the right to withdraw consent at any time where we rely on consent, and to lodge a complaint with a supervisory authority.

California. This section, together with the table under "U.S. state privacy disclosures" below, is our notice at collection for California residents. We do not sell or share personal information in the sense of disclosing it to third parties for their own independent marketing purposes, and have not done so in the preceding twelve (12) months. The categories of personal information we collect, the categories of sources, the business or commercial purposes for which we collect and use each category, the categories of third parties to whom we disclose each category, and our retention periods are set out in that table and in Sections 1, 2, 4, and 7. We may collect account log-in credentials, which may be sensitive personal information; we use and disclose such information only to provide, secure, and administer the Services, and not for any purpose that gives a right to limit its use or disclosure under California law, and we do not use or disclose sensitive personal information to infer characteristics about you. Because we do not use sensitive personal information for additional purposes, we do not offer a separate right to limit its use or disclosure. Under California's "Shine the Light" law, we do not disclose personal information to third parties for their direct marketing purposes.

U.S. state privacy disclosures. In the preceding twelve (12) months, we collected and disclosed the following categories of personal information for the business purposes described below. We do not sell personal information, share it for cross-context behavioral advertising, process it for targeted advertising, or use it for profiling that produces legal or similarly significant effects, as those terms are defined under applicable law.

Other jurisdictions. Where Canadian or other regional privacy laws apply, we handle personal information in accordance with those laws, including by providing any additional rights and protections they require. You may contact us at info@orbitcrm.ai with any question or complaint.

The Services are intended for use by organizations and their adult representatives. We do not direct the Services to children and do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will post the updated version and revise the Effective Date above. If we make material changes, we will provide notice through the Services, by email, or by another legally sufficient method before the changes take effect where required by law.

Intelligent Systems LLC, 790 N Milwaukee St, Ste 302 #309812, Milwaukee, WI 53202. Email: info@orbitcrm.ai.

If you have a question or concern about how we handle personal information, you may contact us at info@orbitcrm.ai, and we will review and respond to complaints in accordance with applicable law.

As of the Effective Date, we do not believe we are required under Article 27 of the GDPR or the UK GDPR to designate a representative in the European Union or the United Kingdom, because we do not offer the Services to individuals in those regions or monitor their behavior in the sense of the GDPR or UK GDPR. If our obligations change, we will comply with applicable requirements and update this Privacy Policy as needed.