Privacy Policy

Last updated: 2026-04-10

Orba™ ("we," "us," or "our") operates the website getorba.com and related e-commerce services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, make a purchase, or interact with Orba™ in any capacity. Please read this policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by the terms described herein.

If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

1. Information We Collect

Orba™ collects information to provide you with a seamless shopping experience, process your orders, and improve our services. The types of information we collect include:

1.1 Personal Information You Provide

When you create an account, place an order, subscribe to our newsletter, or contact our support team, Orba™ may collect the following:

• Identity Information: Full name, username, and date of birth
• Contact Information: Email address, phone number, billing address, and shipping address
• Financial Information: Payment card details, billing information, and transaction history (note: full payment card numbers are processed by our secure payment processors and are not stored on Orba™ servers)
• Account Information: Login credentials, purchase history, wishlists, and product reviews
• Communication Information: Records of correspondence when you contact our customer support team, including chat transcripts, emails, and phone call summaries

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical and usage data, including:

• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths through our site
• Location Data: Approximate geographic location derived from your IP address
• Log Data: Server logs that record requests made to our website, including timestamps, HTTP methods, and response codes

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms, if you choose to link your account or log in via a social media service
• Payment processors and fraud prevention services
• Analytics providers and advertising partners
• Public databases and data aggregators for identity verification purposes

2. How We Use Your Information

Orba™ uses the information we collect for the following purposes:

2.1 Order Fulfillment and Service Delivery

• Processing and fulfilling your orders, including shipping, delivery, and returns
• Managing your account and providing customer support
• Sending transactional communications such as order confirmations, shipping updates, and receipts
• Processing payments and preventing fraudulent transactions

2.2 Improvement and Personalization

• Analyzing usage trends to improve our website, products, and services
• Personalizing your shopping experience with tailored product recommendations
• Conducting internal research and analytics to understand customer preferences

2.3 Marketing and Communications

• Sending promotional emails, newsletters, and special offers (with your consent where required by law)
• Displaying targeted advertisements on our website and third-party platforms
• Conducting surveys and soliciting feedback to improve Orba™ products and services

2.4 Legal and Compliance

• Complying with applicable laws, regulations, and legal processes
• Enforcing our Terms of Service and other agreements
• Protecting the rights, property, and safety of Orba™, our customers, and the public
• Detecting, preventing, and addressing fraud, security breaches, and technical issues

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, Orba™ processes your personal data in accordance with the General Data Protection Regulation (GDPR) and relies on the following legal bases:

• Performance of a Contract: Processing necessary to fulfill our contractual obligations to you, such as processing orders and delivering products
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, improving our services, and direct marketing, provided these interests are not overridden by your rights and freedoms
• Consent: Where you have given clear, affirmative consent for us to process your personal data for specific purposes, such as subscribing to marketing communications
• Legal Obligation: Processing necessary to comply with a legal obligation to which Orba™ is subject

3.1 Your Rights Under the GDPR

If the GDPR applies to you, you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you
• Right to Rectification: You may request that we correct inaccurate or incomplete personal data
• Right to Erasure: You may request that we delete your personal data, subject to certain legal exceptions
• Right to Restriction of Processing: You may request that we limit how we use your personal data
• Right to Data Portability: You may request to receive your personal data in a structured, commonly used, machine-readable format
• Right to Object: You may object to the processing of your personal data for direct marketing purposes or processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, please contact us at support@getorba.com. We will respond to your request within 30 days, as required by applicable law.

4. Your Rights Under the CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information. Orba™ is committed to honoring these rights.

4.1 Your California Privacy Rights

• Right to Know: You have the right to request that Orba™ disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which that information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share it
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. Orba™ does not sell personal information in the traditional sense; however, certain data-sharing activities with advertising partners may constitute a "sale" or "sharing" under the CCPA. You may opt out by contacting us or using the preference controls on our website
• Right to Non-Discrimination: Orba™ will not discriminate against you for exercising any of your CCPA rights
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to purposes necessary to provide the services you have requested

4.2 How to Submit a Request

To exercise your rights under the CCPA, you may submit a verifiable consumer request by emailing us at support@getorba.com with the subject line "CCPA Request." We will verify your identity before processing your request and will respond within 45 days, as required by law. You may also designate an authorized agent to make a request on your behalf.

4.3 Categories of Information Collected and Disclosed

In the preceding 12 months, Orba™ may have collected and disclosed for a business purpose the following categories of personal information as defined by the CCPA: identifiers, commercial information, internet or other electronic network activity information, geolocation data, and inferences drawn from the above categories.

5. Cookies and Tracking Technologies

Orba™ uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements.

5.1 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for the operation of our website. They enable core functionality such as shopping cart management, account authentication, and security features. These cookies cannot be disabled
• Performance and Analytics Cookies: These cookies collect information about how visitors use our website, including which pages are visited most often and whether users encounter error messages. This data helps Orba™ improve website performance and user experience
• Functional Cookies: These cookies allow our website to remember choices you make, such as your language preference, region, or display settings, to provide a more personalized experience
• Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They also help us measure the effectiveness of our advertising campaigns and limit the number of times you see a particular ad

5.2 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or customize your cookie preferences. You may also manage cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website and your ability to complete purchases.

5.3 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Orba™ currently does not respond to DNT signals, as there is no universally accepted standard for how to interpret them. However, you may opt out of tracking through the cookie preference controls described above.

6. Third-Party Services

Orba™ works with trusted third-party service providers to operate our business and deliver our services. These third parties may have access to your personal information only to the extent necessary to perform their functions and are contractually obligated to protect your data.

6.1 Categories of Third-Party Service Providers

• Payment Processors: We use third-party payment processors to securely handle credit card transactions and other payment methods. These processors are PCI-DSS compliant and do not share your financial information with Orba™ beyond what is necessary to complete transactions
• Shipping and Logistics Partners: We share your name, shipping address, and order details with our fulfillment and delivery partners to ship your orders
• Analytics Providers: We use services such as Google Analytics to understand how visitors interact with our website. These providers may collect data through cookies and similar technologies
• Email and Marketing Platforms: We use third-party platforms to send transactional and promotional emails, manage our mailing lists, and run marketing campaigns
• Customer Support Tools: We use third-party helpdesk and live chat software to manage customer inquiries and provide support
• Cloud Hosting and Infrastructure: Our website and data are hosted on secure cloud infrastructure provided by reputable third-party hosting services
• Fraud Prevention Services: We use third-party tools to detect and prevent fraudulent orders and unauthorized account access

6.2 Third-Party Links

Our website may contain links to third-party websites, plugins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Orba™ does not control these third-party websites and is not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

7. Data Security

Orba™ takes the security of your personal information seriously and implements a range of technical, administrative, and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

7.1 Security Measures

• Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard TLS/SSL encryption. Sensitive data at rest is also encrypted
• Access Controls: Access to personal information is restricted to authorized Orba™ employees, contractors, and agents who need the information to perform their duties. All personnel with access are subject to strict confidentiality obligations
• Infrastructure Security: Our servers are hosted in secure data centers with physical access controls, intrusion detection systems, and regular security audits
• Regular Testing: We conduct regular vulnerability assessments, penetration testing, and security reviews to identify and address potential threats
• Incident Response: We maintain an incident response plan to promptly address any data breach or security incident. In the event of a breach that affects your personal data, we will notify you and the relevant authorities as required by applicable law

7.2 Data Retention

Orba™ retains your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. When personal data is no longer needed, we securely delete or anonymize it. Specific retention periods vary depending on the type of data and the purpose of processing:

• Account Information: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations
• Transaction Records: Retained for a minimum of seven (7) years to comply with tax and accounting regulations
• Marketing Data: Retained until you unsubscribe or withdraw consent, after which we will cease processing within 30 days
• Log and Analytics Data: Typically retained for up to 26 months, after which it is aggregated or deleted

7.3 International Data Transfers

If you are accessing Orba™ from outside the country where our servers are located, your personal data may be transferred to, stored, and processed in a different jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to protect your personal data in accordance with this Privacy Policy and applicable law.

8. Children's Privacy

Orba™ does not knowingly collect, solicit, or maintain personal information from anyone under the age of 16 (or under the age of 13 in jurisdictions where that is the applicable threshold). Our website and services are not directed at children, and we do not intentionally market to minors.

If we become aware that we have collected personal information from a child without verification of parental consent, we will take immediate steps to delete that information from our servers. If you are a parent or guardian and believe that your child has provided Orba™ with personal information without your consent, please contact us immediately at support@getorba.com, and we will promptly remove the data.

9. Changes to This Privacy Policy

Orba™ reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will:

• Update the "Last updated" date at the top of this page
• Post the revised Privacy Policy on our website at getorba.com
• Notify you of material changes via email or a prominent notice on our website prior to the changes taking effect

We encourage you to review this Privacy Policy periodically to stay informed about how Orba™ is protecting your information. Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

Note: For significant changes that materially affect how we process your personal data, we will seek your renewed consent where required by applicable law, including the GDPR and CCPA.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or Orba™'s data practices, please do not hesitate to contact us:

• Email: support@getorba.com
• Website: getorba.com

When contacting us about a privacy-related matter, please include as much detail as possible so we can identify and address your concern promptly. We aim to respond to all inquiries within 30 days.

If you are located in the EEA and believe that Orba™ has not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities can be found on the European Data Protection Board website.

If you are a California resident and wish to exercise your rights under the CCPA, please email us at support@getorba.com with the subject line "CCPA Request."

Thank you for trusting Orba™ with your personal information. We are committed to protecting your privacy and ensuring transparency in everything we do.