Privacy Policy

Last updated: February 8, 2026

1. Information We Collect

We collect information you provide directly: account details (name, email, password), organization information, and configuration preferences. We also collect data from integrated third-party services (Slack, Microsoft Teams) that you explicitly authorize, limited to team structures and project metadata.

2. How We Use Your Information

We use collected information to: provide and maintain the Service, analyze project ownership and orphan risks, send notifications and alerts, generate reports and analytics, improve the Service, and communicate with you about your account.

3. Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies. All data is encrypted in transit (TLS) and at rest. Integration credentials are encrypted using AES-256 before storage. We implement multi-factor authentication and CAPTCHA protection.

4. Third-Party Services

We integrate with third-party services for specific functionality: Supabase (authentication and database), Sentry (error monitoring), Resend (email delivery), Google Analytics (usage analytics), and hCaptcha (bot protection). Each service has its own privacy policy governing their use of data.

5. Data Sharing

We do not sell your personal data. We share data only with: the third-party service providers listed above (to operate the Service), when required by law, or with your explicit consent. Organization data is isolated through multi-tenant architecture.

6. Your Rights (GDPR / CCPA)

You have the right to: access your personal data, correct inaccurate data, request deletion of your data, export your data in a portable format, object to data processing, and withdraw consent at any time. Account deletion is available in Settings > User > Security.

7. Cookies

We use essential cookies for authentication and session management. Analytics cookies are used only with your consent via our cookie consent manager. You can manage your cookie preferences at any time through the cookie consent banner that appears on your first visit, or by clearing your browser cookies.

8. Data Retention

We retain your account data for as long as your account is active. Organization data (employees, teams, projects) is retained according to your organization's subscription. Upon account deletion, personal data is removed within 30 days. Aggregated, anonymized analytics may be retained indefinitely.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top of this page indicates when this policy was last revised.

10. Contact

For privacy-related questions or to exercise your data rights, contact our Data Protection Officer at privacy@orkhest.com. See also our Terms of Service.