Privacy Policy

Last updated: 2026-03-31

At Orba, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at getorba.com, place an order, or interact with our services in any way. By using our website and services, you agree to the collection and use of information in accordance with this policy.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

1. Information We Collect

Orba collects information from you in several ways when you interact with our website and services. The types of information we collect include:

1.1 Personal Information You Provide

When you create an account, place an order, subscribe to our newsletter, or contact our support team, we may collect the following personal information:

• Identity Information: Full name, username, and date of birth
• Contact Information: Email address, phone number, billing address, and shipping address
• Financial Information: Payment card details, billing information, and transaction history (note: full payment card numbers are processed by our secure payment processors and are not stored on Orba servers)
• Account Information: Username, password (encrypted), order history, wishlists, and account preferences
• Communication Information: Any messages, reviews, feedback, or correspondence you send to us through our website, email, or customer support channels

1.2 Information Collected Automatically

When you visit getorba.com, we automatically collect certain information about your device and your usage of our website, including:

• Device Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers
• Usage Information: Pages visited, time spent on pages, click patterns, referring URLs, exit pages, and navigation paths through our website
• Location Information: Approximate geographic location based on your IP address
• Log Data: Server logs that record your interactions with our website, including access times, error logs, and request details

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social Media Platforms: If you interact with us through social media or use social login features, we may receive profile information from those platforms
• Analytics Providers: Aggregated and individual usage data from analytics services
• Payment Processors: Transaction confirmation and fraud prevention data
• Advertising Partners: Information about your interactions with our advertisements on other platforms
• Public Databases: Information from publicly available sources for fraud prevention and identity verification purposes

2. How We Use Your Information

Orba uses the information we collect for a variety of purposes, all aimed at providing you with the best possible shopping experience and maintaining the security and integrity of our services. Specifically, we use your information to:

2.1 Fulfill Orders and Provide Services

• Process and fulfill your orders, including shipping, delivery, and returns
• Manage your Orba account and provide customer support
• Send order confirmations, shipping updates, and delivery notifications
• Process payments and refunds
• Verify your identity for security and fraud prevention purposes

2.2 Improve and Personalize Your Experience

• Personalize your shopping experience by displaying products and content relevant to your interests
• Analyze usage trends and website performance to improve our website design, product offerings, and services
• Conduct research and analysis to better understand our customers' needs and preferences
• Test new features and functionality on our website

2.3 Marketing and Communications

• Send promotional emails, newsletters, and special offers about Orba products and services, where you have opted in to receive such communications
• Display targeted advertisements on our website and on third-party platforms
• Administer contests, promotions, surveys, and other site features
• Send you important administrative messages regarding your account, our policies, or changes to our terms

2.4 Legal and Security Purposes

• Detect, prevent, and address fraud, unauthorized access, and other illegal activities
• Enforce our Terms of Service and other agreements
• Comply with applicable laws, regulations, legal processes, and governmental requests
• Protect the rights, property, and safety of Orba, our customers, and the public

3. Cookies and Tracking Technologies

Orba uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content. By using our website, you consent to the use of cookies in accordance with this policy.

3.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and supply information to website owners.

3.2 Types of Cookies We Use

• Essential Cookies: These cookies are strictly necessary for the operation of our website. They enable core functionality such as shopping cart management, account authentication, and security features. You cannot opt out of essential cookies as our website cannot function properly without them.
• Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether users encounter error messages. This data helps us improve the performance and usability of our website. We use services such as Google Analytics for this purpose.
• Functionality Cookies: These cookies allow our website to remember choices you make, such as your language preference, region, or login details, and provide enhanced, personalized features.
• Advertising and Targeting Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They also help us measure the effectiveness of our advertising campaigns. These cookies may be placed by third-party advertising partners.

3.3 Managing Your Cookie Preferences

You can manage your cookie preferences at any time through your browser settings. Most web browsers allow you to control cookies through their settings, including the ability to block or delete cookies. Please note that disabling certain cookies may affect the functionality of our website and your ability to use some features.

Additionally, you can opt out of interest-based advertising by visiting the following resources:

• Digital Advertising Alliance: optout.aboutads.info
• Network Advertising Initiative: optout.networkadvertising.org
• European Interactive Digital Advertising Alliance: youronlinechoices.eu

3.4 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. At this time, Orba does not respond to DNT signals, as there is no universally accepted standard for how companies should respond to such signals. However, you can manage your tracking preferences using the cookie management options described above.

4. Third-Party Services

Orba works with trusted third-party service providers to operate our business and deliver our services to you. These third parties may have access to your personal information only to perform specific tasks on our behalf and are obligated to protect your information in accordance with this Privacy Policy and applicable law.

4.1 Categories of Third-Party Service Providers

• Payment Processors: We use secure third-party payment processors to handle all financial transactions. Your payment information is transmitted directly to these processors using industry-standard encryption and is not stored on Orba servers.
• Shipping and Logistics Partners: We share your name, shipping address, and contact information with our shipping carriers to fulfill and deliver your orders.
• Cloud Hosting and Infrastructure Providers: Our website and data are hosted on secure cloud infrastructure provided by reputable third-party hosting services.
• Analytics Services: We use analytics platforms such as Google Analytics to understand how visitors interact with our website and to improve our services.
• Email and Communication Services: We use third-party email service providers to send transactional emails, marketing communications, and customer support correspondence.
• Advertising and Marketing Platforms: We work with advertising networks and social media platforms to deliver targeted advertisements and measure campaign performance.
• Fraud Prevention Services: We use third-party tools to detect and prevent fraudulent transactions and unauthorized account access.
• Customer Support Tools: We use third-party helpdesk and live chat platforms to provide efficient customer support.

4.2 Third-Party Links

Our website may contain links to third-party websites, products, or services that are not owned or controlled by Orba. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party websites you visit before providing them with your personal information.

4.3 Social Media Features

Our website may include social media features, such as share buttons or embedded content from platforms like Facebook, Instagram, Twitter, and Pinterest. These features may collect your IP address and the page you are visiting, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policies of the respective social media platforms.

5. Data Security

Orba takes the security of your personal information seriously. We implement a comprehensive range of technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

5.1 Security Measures We Employ

• Encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols. Sensitive data stored on our servers is encrypted at rest.
• Access Controls: Access to personal information is restricted to authorized Orba employees, contractors, and agents who need the information to perform their job duties. All personnel with access to personal data are subject to strict confidentiality obligations.
• Secure Payment Processing: All payment transactions are processed through PCI DSS-compliant payment processors. Orba does not store full credit card numbers on our servers.
• Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security risks.
• Incident Response: We maintain an incident response plan to quickly address any potential data breaches or security incidents. In the event of a breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law.
• Data Minimization: We collect and retain only the personal information that is necessary for the purposes described in this Privacy Policy.

5.2 Your Role in Data Security

While we take extensive measures to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We encourage you to take steps to protect your personal information, including:

• Using a strong, unique password for your Orba account
• Not sharing your account credentials with others
• Logging out of your account after each session, especially on shared or public devices
• Keeping your browser and operating system up to date
• Contacting us immediately at support@getorba.com if you suspect any unauthorized access to your account

6. Data Retention

Orba retains your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The specific retention period depends on the nature of the information and the purpose for which it was collected:

• Account Information: Retained for as long as your account is active and for a reasonable period thereafter in case you decide to reactivate your account, unless you request deletion.
• Order and Transaction Data: Retained for a minimum of seven (7) years to comply with tax, accounting, and legal obligations.
• Marketing Preferences: Retained until you withdraw your consent or unsubscribe from marketing communications.
• Website Usage Data: Typically retained in an aggregated or anonymized form for analytics purposes for up to twenty-six (26) months.
• Customer Support Records: Retained for up to three (3) years after the resolution of your inquiry to improve our services and for quality assurance.

When your personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

7. Your Rights and Choices

Orba respects your rights regarding your personal information. Depending on your location and applicable laws, you may have the following rights:

7.1 General Rights

• Right to Access: You have the right to request a copy of the personal information we hold about you.
• Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information.
• Right to Deletion: You have the right to request that we delete your personal information, subject to certain legal exceptions.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal information under certain circumstances.
• Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
• Right to Opt Out of Marketing: You can opt out of receiving marketing communications from Orba at any time by clicking the "unsubscribe" link in our emails or by contacting us at support@getorba.com.

To exercise any of these rights, please contact us at support@getorba.com. We will respond to your request within the timeframe required by applicable law, typically within thirty (30) days.

8. GDPR Compliance — Rights for European Economic Area (EEA) Residents

If you are a resident of the European Economic Area (EEA), the United Kingdom, or Switzerland, Orba is committed to complying with the General Data Protection Regulation (GDPR) and applicable local data protection laws. This section outlines additional information and rights specific to you.

8.1 Legal Bases for Processing

Under the GDPR, we process your personal data based on one or more of the following legal bases:

• Performance of a Contract: Processing is necessary to fulfill our contractual obligations to you, such as processing your orders and delivering products.
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, and marketing our products, provided these interests do not override your fundamental rights and freedoms.
• Consent: Where you have given us explicit consent to process your personal data for specific purposes, such as subscribing to our newsletter or accepting non-essential cookies.
• Legal Obligation: Processing is necessary to comply with a legal obligation to which Orba is subject, such as tax reporting or responding to lawful government requests.

8.2 Your GDPR Rights

In addition to the general rights listed above, EEA residents have the following specific rights under the GDPR:

• Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests. If you object, we will cease processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Right to Object to Direct Marketing: You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data violates the GDPR.
• Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you.

8.3 International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA that may not provide the same level of data protection as your home country. When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Transfers to countries that have been deemed to provide an adequate level of data protection by the European Commission
• Other legally recognized transfer mechanisms as appropriate

You may request a copy of the safeguards we use for international data transfers by contacting us at support@getorba.com.

8.4 Data Protection Officer

If you have any questions or concerns about our GDPR compliance or the processing of your personal data, you may contact us at support@getorba.com. We will direct your inquiry to the appropriate team member responsible for data protection matters.

9. CCPA Compliance — Rights for California Residents

If you are a resident of California, United States, Orba is committed to complying with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section provides additional disclosures and outlines your rights under California law.

9.1 Categories of Personal Information Collected

In the preceding twelve (12) months, Orba has collected the following categories of personal information from consumers, as defined by the CCPA:

• Identifiers: Name, email address, postal address, phone number, IP address, and account name
• Customer Records Information: Name, address, telephone number, and financial information (such as payment card details)
• Commercial Information: Records of products purchased, obtained, or considered, and other purchasing or consuming histories
• Internet or Other Electronic Network Activity Information: Browsing history, search history, and information regarding your interaction with our website
• Geolocation Data: Approximate location based on IP address
• Inferences: Inferences drawn from the above categories to create a profile reflecting your preferences, characteristics, and behavior

9.2 How We Use and Disclose Personal Information

We use the categories of personal information listed above for the business and commercial purposes described in Section 2 of this Privacy Policy. We may disclose your personal information to the categories of third-party service providers described in Section 4 for business purposes.

9.3 Sale and Sharing of Personal Information

Orba does not sell your personal information in the traditional sense of the word. However, under the broad definition of "sale" and "sharing" under the CCPA and CPRA, certain activities such as sharing data with advertising partners for targeted advertising purposes may be considered a "sale" or "sharing" of personal information. You have the right to opt out of such activities.

9.4 Your CCPA Rights

As a California resident, you have the following rights under the CCPA and CPRA:

• Right to Know: You have the right to request that Orba disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collecting the information, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request that Orba delete the personal information we have collected about you, subject to certain legal exceptions.
• Right to Correct: You have the right to request that Orba correct inaccurate personal information that we maintain about you.
• Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information to purposes that are necessary to perform the services or provide the goods you have requested.
• Right to Non-Discrimination: Orba will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different level or quality of goods or services, or suggest that you will receive a different price or quality of goods or services because you exercised your rights.

9.5 How to Exercise Your CCPA Rights

To exercise your rights under the CCPA, you may submit a verifiable consumer request by:

• Emailing us at support@getorba.com with the subject line "CCPA Request"
• Visiting our website at getorba.com and using our privacy request form

You may also designate an authorized agent to submit a request on your behalf. We may require verification of your identity before fulfilling your request. We will respond to your verifiable consumer request within forty-five (45) days of receipt. If we require additional time, we will inform you of the reason and the extension period in writing, up to a maximum of ninety (90) days total.

9.6 Financial Incentive Programs

From time to time, Orba may offer financial incentives, such as discounts or loyalty rewards, that may require the collection of personal information. Participation in these programs is entirely voluntary, and you may opt out at any time. The value of any financial incentive is reasonably related to the value of the personal information provided.

10. Children's Privacy

Orba is committed to protecting the privacy of children. Our website and services are not intended for, directed at, or designed to attract children under the age of sixteen (16). We do not knowingly collect, use, or disclose personal information from children under the age of sixteen (16).

If you are a parent or guardian and believe that your child has provided personal information to Orba without your consent, please contact us immediately at support@getorba.com. If we become aware that we have inadvertently collected personal information from a child under the age of sixteen (16), we will take prompt steps to delete such information from our records.

For residents of the European Economic Area, we comply with the age requirements set forth in the GDPR and applicable local laws regarding the processing of personal data of minors. For residents of California, we comply with the CCPA's provisions regarding the personal information of minors, including the requirement to obtain opt-in consent before selling or sharing the personal information of consumers under the age of sixteen (16).

11. Changes to This Privacy Policy

Orba reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes to this Privacy Policy, we will take the following steps:

• Update the "Last updated" date at the top of this page
• Post the revised Privacy Policy on our website at getorba.com
• For material changes that significantly affect how we handle your personal information, we will provide prominent notice on our website or send you a direct notification via email prior to the changes taking effect

We encourage you to review this Privacy Policy periodically to stay informed about how Orba is protecting your information. Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

Important: If you do not agree with any changes to this Privacy Policy, you should discontinue your use of our website and services and contact us to request the deletion of your personal information.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal information, or Orba's privacy practices, please do not hesitate to contact us. We are here to help and will respond to your inquiry as promptly as possible.

• Email: support@getorba.com
• Website: getorba.com

When contacting us about a privacy-related matter, please include as much detail as possible so we can identify and address your concern efficiently. For requests related to your rights under the GDPR or CCPA, please specify the nature of your request and provide sufficient information for us to verify your identity.

We aim to respond to all privacy-related inquiries within thirty (30) days of receipt. If your request is complex or we receive a high volume of requests, we may need additional time and will notify you accordingly.

Thank you for trusting Orba with your personal information. We are committed to maintaining that trust by handling your data responsibly, transparently, and in accordance with applicable laws.