How we collect, use, share, and protect personal information, and the rights you have over it.
This Privacy Policy explains how Orbit SA (Pty) Ltd ("Orbit", "we", "us", or "our") handles personal information when you visit our website, create an account, or use the Orbit platform and mobile apps (together, the "Services"). We are committed to protecting personal information in line with the Protection of Personal Information Act, 2013 ("POPIA") in South Africa, and, where it applies, the EU and UK General Data Protection Regulation ("GDPR").
Please read this policy together with our Terms of Service.
Orbit is an AI-powered sales communication and field CRM platform. We provide businesses ("Customers") with tools to make and receive calls, send and receive WhatsApp, SMS and email messages, manage leads and field sales activity, and use AI assistance across those channels.
Orbit SA (Pty) Ltd is a company registered in the Republic of South Africa under registration number 2026/426620/07. For any privacy question, or to reach our Information Officer, contact admin@orbitsa.co.za.
Depending on the data involved, we act in one of two capacities under POPIA and the GDPR:
If you are an end-customer of a business that uses Orbit and you want to access, correct, or delete your information, please contact that business directly, since they control that data. We will support them in responding to your request.
Name, business name, email address, phone number, role, login credentials, and the subscription plan and billing details associated with your account. Card payments are processed by our payment provider; we do not store full card numbers on our systems.
When the Services are used to communicate, we process the content and metadata of those communications, including voice calls and call recordings, call transcripts, WhatsApp and SMS messages, emails sent and received through connected mailboxes, timestamps, phone numbers, and delivery status. This may include personal information about the people being contacted.
Where a Customer enables the Orbit mobile app for its sales representatives, we process device information and, with the representative's consent, location and presence data used for lead discovery, route context, and tracking-health features. Reps are shown when tracking is active.
Log data, IP address, browser and device type, pages viewed, actions taken in the app, and diagnostic and performance information we use to keep the Services secure and reliable.
If you connect an external account (for example a Google or Microsoft mailbox and calendar), we receive information from that provider in line with the permissions you grant. We also receive limited information from our telephony, messaging, and payment providers to deliver the Services.
We use personal information to:
Where we act as Responsible Party, we rely on one or more of the following justifications recognised by POPIA (and the corresponding lawful bases under the GDPR):
Where we act as Operator, the Customer is responsible for establishing a lawful basis for the processing they instruct us to perform.
The Services can record calls and store message content on behalf of Customers. Where a Customer enables recording, Orbit supports playing a recording notice to the other party. Customers are responsible for configuring notices and for obtaining any consent required by law in the jurisdictions where they and their contacts are located. We process recordings and messages as an Operator on the Customer's instructions.
Orbit uses AI models to transcribe calls, draft summaries and replies, and surface insights. To provide these features, relevant content may be sent to trusted AI sub-processors for processing. We contract with these providers to process data only to deliver the service and not to train their public models on Customer content, except where a Customer separately opts in. AI output can be inaccurate or incomplete and should be reviewed by a person before it is relied on.
We do not sell personal information. We share it only as needed to run the Services, with categories of recipients including:
We may also share information in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards. A current list of sub-processors is available on request at admin@orbitsa.co.za.
Some of our providers process data outside South Africa or your country. Where personal information is transferred across borders, we take steps required by POPIA and the GDPR to ensure it receives an adequate level of protection, including contractual safeguards with the recipients.
We keep personal information for as long as needed to provide the Services and for the purposes described in this policy, and then for as long as required to meet legal, tax, and accounting obligations or to resolve disputes. Customer content is retained for the life of the Customer's account and deleted or returned after termination in line with our agreement, unless we are required to keep it for longer.
We maintain appropriate technical and organisational measures to protect personal information, including encryption in transit, access controls, tenant isolation, and monitoring. No system is perfectly secure, but we work to protect your data and to notify affected parties and the regulator of any compromise as required by law.
Subject to law, you have the right to:
To exercise any of these rights, email admin@orbitsa.co.za. We may need to verify your identity before responding. If your request concerns data held by a Customer for whom we act as Operator, we will refer you to that Customer.
We only send you marketing communications where the law allows, and you can opt out at any time using the unsubscribe link in the message or by contacting us. Customers who use Orbit to send marketing to their own contacts are responsible for complying with the direct marketing rules that apply to them, including POPIA and any applicable electronic communications laws.
Our website and app use cookies and similar technologies to remember your preferences (such as light or dark theme), keep you signed in, and understand how the site is used. You can control cookies through your browser settings. Disabling some cookies may affect how the site works.
The Services are intended for business use and are not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will take appropriate steps to delete it.
We may update this policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you. Continuing to use the Services after an update means you accept the revised policy.
For any privacy question or to reach our Information Officer, email admin@orbitsa.co.za.
If you are not satisfied with how we have handled your personal information, you may lodge a complaint with the Information Regulator (South Africa), whose contact details are published at inforegulator.org.za. If the GDPR applies to you, you may also complain to your local data protection authority.