Privacy for agencies

Built for agencies handling client data.

Client performance data, creative assets, and strategy notes shouldn't disappear into tools you can't explain to your client. Orbits handles client data with reviewed outputs, temporary media windows, transparent providers, and the regional controls you need to answer GDPR questions without panic.

Client dataNo blind auto-sendTemporary mediaRegional controlsProvider transparencyDeletion

Agency reality

The pain is not another blank dashboard.

You can't paste client performance data, creative assets, or strategy notes into tools without knowing where the data actually goes.

AI output risk isn't only privacy. It's also a wrong recommendation reaching a client without anyone reviewing it first.

UK and EU prospects ask about GDPR, region selection, subprocessors, retention, deletion, and whether client data trains models — usually right before signing.

Client data

Client data stays client data.

Orbits uses client data to run the workspace, generate reports, and produce approved outputs. We don't sell client data. We don't use it to train Orbits models.

Provider controls

Specific about AI subprocessors.

Where third-party AI providers process content, we route through business API products configured to disable training and minimize retention where the provider's controls support it. The current subprocessor list is published.

Regional processing

Pick a preferred region.

Choose your storage and processing region during onboarding where regional infrastructure is available. When a provider may process outside that region, we say so up front instead of burying it in terms.

Temporary media

Retention windows are explicit.

Free-tool uploads and generated assets have published retention windows. Cleanup jobs run automatically. The notice on every upload tells you exactly how long the file lives.

Workflow

The trust workflow agencies expect.

Pick a region at onboarding

Tell us where the agency operates and where you want client data to live. Regional options surface before you've configured anything else.

See providers up front

A plain-language subprocessor table covers hosting, storage, AI providers, email, analytics, and anything else that touches client data. No hunting through legal pages.

Review before sending

AI outputs stay in draft until a human approves the client-facing version. Scheduled reports queue as drafts; nothing auto-sends.

Export and delete on demand

Workspace export, project deletion, and account-wide deletion are self-serve. No support ticket required when procurement asks.

Positioning

What this page does not claim.

Orbits doesn't carry SOC 2, ISO 27001, or HIPAA certifications today. Where a control isn't certified, we describe the actual behavior so your procurement team can evaluate it on its merits. The strongest trust story is specific about what's true now and conservative about what's on the roadmap.

What's true now: reviewed outputs, temporary media handling, no selling client data, no training Orbits models on client data.
Provider terms are published verbatim so you can verify training and retention configurations, not assume them.
Use this page as your procurement checklist: data location, deletion, subprocessors, model privacy, human review.

Bring this page to your next procurement call.

Procurement teams ask the same six questions about AI tools. This page answers them in plain language so the conversation moves forward instead of escalating to a privacy review.

Start creating free Browse free tools