Back to Home

Security at Orbit

Your code is yours. We built Orbit to keep it that way.

Security Philosophy

Local-first

Your code lives on your machine, not our servers

Privacy by design

We minimize data collection, not maximize it

Transparency

We tell you exactly what data goes where

Your control

You decide what's shared, synced, or kept local

Your Code Stays Local

Orbit is a desktop app — your projects live on your computer, not in the cloud. Code is NOT uploaded to Orbit servers by default. You control what gets synced or shared. Even AI features process locally when possible.

What we DON'T do

  • Store your code on our servers
  • Train AI models on your code
  • Share your code with third parties
  • Access your projects without permission

How AI Features Work

AI agents need to see code to help — here's how that works transparently:

When you use AI features

Code context is sent to AI providers (OpenAI, Anthropic) to generate responses. These providers have their own privacy policies — we use API access that doesn't train on your data.

Bring your own keys

Use your own API keys for full control over your AI provider relationship.

Local models

Support for local and self-hosted models is on our roadmap for maximum privacy.

What's sent to AI

  • The file(s) you're working on
  • Relevant context from your project
  • Your prompts and questions

What's NOT sent

  • Your entire codebase
  • Files you're not actively working with
  • Personal information

What Data We Collect

Account data

  • Email address
  • Name (optional)
  • Payment info (if subscribed)

Usage analytics (optional)

  • Feature usage patterns
  • Crash reports
  • Performance metrics
  • No code content, no project names

What you can opt out of

  • Analytics collection
  • Crash reporting
  • Any non-essential data sharing

Infrastructure

Encryption in transit

All network traffic uses TLS 1.3

Encryption at rest

Sensitive data encrypted at rest

Authentication

Secure auth with industry-standard protocols

Access controls

Strict internal access policies

Cloud infrastructure

Hosted on SOC 2 compliant infrastructure

Compliance

Current

  • GDPR compliant (data deletion, export, consent)
  • CCPA compliant

In Progress

  • SOC 2 Type II (in progress)
  • HIPAA (on roadmap for enterprise)

We're a young company building toward enterprise-grade compliance. SOC 2 certification is actively in progress.

Enterprise Security

For companies evaluating Orbit:

SSO

SAML/OIDC support

Coming soon

Self-hosted option

Deploy Orbit on your infrastructure

Coming soon

Audit logs

Track activity across your organization

Coming soon

Custom data residency

Choose where data is stored

Enterprise plan

Security review

We complete your security questionnaire

Available

Contact us for enterprise security discussions.

Security Researchers

We welcome responsible disclosure of security vulnerabilities.

  • Report vulnerabilities via our contact form
  • We aim to respond within 48 business hours
  • We don't pursue legal action against good-faith researchers

Security Questions?

Contact us with any security questions.

We're happy to discuss security with your team. Enterprise customers get dedicated security support.

Ready to try Orbit?

Security-first development environment. Your code stays yours.

Join the WaitlistPrivacy Policy

Built with security in mind

From local-first architecture to transparent AI, security isn't an afterthought — it's foundational.

Get Started FreeTerms of Service