Orbit Mobile App
This policy explains how Orbit handles your data — what is collected, what stays on your device, and what your organization controls.
1. Overview
Orbit is a mobile application developed by NavyBits that enables customer support agents to manage conversations, contacts, and campaigns through Orbit server. This policy explains what data Orbit collects, how it is used, and your rights regarding that data.
2. Data We Collect
2.1 Account and Authentication Data
- Email address and password — entered at login and transmitted securely to your organization's configured Orbit server. Not stored or accessible by NavyBits.
- Access and refresh tokens — stored locally on your device using encrypted secure storage and used to maintain your session.
- User profile — your name, email, role, and team memberships are fetched and stored locally on-device.
2.2 Device Data
- Device identifier — a randomly generated UUID is created on first launch and stored in encrypted on-device storage. This identifier is used to register your device for push notifications and is shared with your server.
2.3 Push Notification Data
- Orbit integrates OneSignal to deliver push notifications. OneSignal may collect your device's push token, device type, OS version, and language/locale settings. Please refer to OneSignal's Privacy Policy for details.
- Push notifications are initiated by your Orbit server and delivered via OneSignal.
2.4 Media and Files
- When you use the camera, microphone, or photo library to send media within conversations, the captured media is transmitted directly to your Orbit server.
- With your permission, received media files may be saved to your device's photo library.
2.5 Conversation and Contact Data
- Messages, contact records, campaign data, and notification history are fetched from and stored on Orbit server.
2.6 Server Configuration
- The URL and name of Orbit server are stored locally on your device for convenience.
3. Data We Do Not Collect
NavyBits does not:
- Track your in-app behavior or usage patterns
- Access the content of your conversations or contact data
- Share data with third parties for advertising purposes
- Collect precise location data — location permission is declared due to an included SDK requirement; Orbit does not use or access your location
4. How Data Is Used
| Data | Purpose |
|---|---|
| Authentication credentials | Verify identity with your organization's tenant |
| Auth tokens | Maintain your login session securely on-device |
| Device identifier | Register for push notifications |
| Push notification token | Deliver real-time notifications from your server |
| Camera / microphone / photo library | Send and receive media in conversations |
5. Third-Party Services
Orbit uses the following third-party service:
| Service | Purpose | Privacy Policy |
|---|---|---|
| OneSignal | Push notification delivery | onesignal.com/privacy_policy |
No advertising, analytics, or crash reporting SDKs are included in Orbit.
6. Data Storage and Security
- Auth tokens are stored in device-encrypted secure storage (iOS Keychain / Android Keystore).
- User profile and server configuration are stored in AsyncStorage, which is sandboxed to the app and not accessible to other apps.
- All communication with Orbit server occurs over HTTPS.
- NavyBits does not have access to your stored credentials or session data.
7. Permissions
Orbit requests the following device permissions:
| Permission | Reason |
|---|---|
| Camera | Capture photos and videos to send in conversations |
| Microphone | Record audio messages |
| Photo Library (read) | Attach photos and videos from your library |
| Photo Library (write) | Save received media to your device |
| Notifications | Receive push notifications for new messages and events |
| Internet | Connect to Orbit server |
Permissions are requested only when first needed. You may revoke any permission through your device's system settings. Revoking a permission disables the associated feature but does not affect other app functionality.
8. Data Retention
- Data stored locally on your device — tokens, user profile, and server configuration — persists until you sign out or uninstall the app.
- Signing out clears all auth tokens from secure storage.
9. Children's Privacy
Orbit is intended for use by business professionals aged 18 and above. Orbit is not designed for or directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). NavyBits does not knowingly collect data from minors. If you believe a minor has used Orbit, please contact us at info@navybits.com.
10. Your Rights
As Orbit data is stored and processed on Orbit Server, most data rights requests — including access, rectification, deletion, and portability — should be directed to your organization's administrator.
For any data stored by NavyBits or related to push notification identifiers, you may contact us at info@navybits.com to request access, correction, or deletion.
11. Changes to This Policy
NavyBits may update this privacy policy from time to time. Material changes will be communicated through an in-app notice or an updated effective date on this page. Continued use of Orbit after changes constitutes acceptance of the updated policy.
12. Contact
For privacy-related inquiries: