Privacy policy.

Orbitrage, Inc. (“Orbitrage”, “we”, “us”) operates the website at orbitrage.xyz and provides an OpenAI-compatible LLM gateway, routing engine, and telemetry dashboard. We act as the data controller for the personal data described in this policy.

Questions about this policy or your data can be sent to support@orbitrage.xyz.

We keep the surface area small. The categories below are the only personal data we hold.

• Account identifiers. Email address, display name, and (if you sign in with Google) your Google profile photo URL. These are written to a profiles row when your account is first created.
• Authentication state. A session cookie issued by our auth provider (Supabase) after you sign in. We never see or store your Google password.
• API keys. Keys you generate to call the router are stored as a salted SHA-256 hash plus an 8-character prefix index. The raw key is shown to you once at creation and never persisted.
• Usage and routing data. For each API call: the requested model, the routed model, tier, token counts, latency, cost, fallback chain, and routing signals. Stored in routing_steps.
• Telemetry spans. If you point an OpenTelemetry SDK (e.g. Traceloop) at our endpoint, we receive and store the spans you emit — which may include LLM prompts, responses, tool calls, and your chosen service_name. Sending telemetry is entirely opt-in and per-request.
• Billing metadata. Plan, remaining credits, total spend. Card numbers and bank details are handled by Razorpay and never reach our servers.
• Operational logs. Standard server logs (IP, user agent, timestamp) kept short-term for abuse prevention and debugging.

When you choose “Sign in with Google”, we request only the basic sign-in scopes (openid, email, profile). From those scopes we receive:

• your Google account email address;
• your display name;
• your profile picture URL.

We use this information only to create and identify your Orbitrage account, populate your dashboard avatar, and contact you about your account. We do not request access to Gmail, Drive, Calendar, Contacts, or any other Google service.

Orbitrage's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties except as necessary to provide or improve the service, do not use it for advertising, and do not allow humans to read it unless you give explicit consent, it is needed for security purposes, or it is required by law.

You can disconnect Orbitrage at any time from your Google account permissions page.

We process the data above for the following purposes:

• Run the service. Authenticate requests, route LLM calls to the right model, render your dashboard, enforce free-tier limits.
• Bill correctly. Track per-call cost so we can show remaining credits and take payment for usage you actually consumed.
• Secure the platform. Detect abuse, rate-limit bad actors, investigate incidents.
• Communicate. Send transactional emails (password resets, receipts, security notices). We do not send marketing email unless you opt in.
• Improve routing quality. Use aggregated, non-identifying metrics (e.g. average cost per tier) to evaluate model performance. We do not train models on your prompts or responses.

Where required by law, our legal bases are: performance of contract (running the service you signed up for), legitimate interests (security, fraud prevention, aggregated analytics), and consent (telemetry opt-in, marketing email).

Orbitrage does not sell personal data. We share data only with the sub-processors required to operate the service:

• Supabase— authentication and Postgres database. Stores your profile, API key hashes, routing rows, and telemetry spans.
• Google LLC— OAuth sign-in only.
• Razorpay— payment processing. Receives your name, email, and payment details directly; Orbitrage receives only a tokenised transaction reference.
• LLM providers (OpenAI, Anthropic, Groq, and similar) — when you issue a request, the prompt content and your routed model selection are forwarded to the provider that serves the response. Each provider applies its own privacy policy to the inference call.
• Hosting and infrastructure providers used to run our application and edge proxy.

We may also disclose data when required by law, to enforce our terms, or to protect the rights, property, or safety of Orbitrage, our users, or the public.

We hold your data only as long as your account is active. Specifically:

• Profile and API key hashes — until you delete your account.
• Routing rows and telemetry spans — retained for the rolling window shown in your dashboard so that historical charts and audits work. Older rows may be aged out.
• Billing records — retained as long as required by applicable tax and accounting law.
• Server logs — short-term (typically under 30 days) unless an incident requires longer retention.

When you delete your account, we delete or anonymise associated data within a reasonable window, except where longer retention is legally required.

Subject to local law (including GDPR and the CCPA where applicable), you have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete information;
• request deletion of your account and data;
• export your data in a portable format;
• object to or restrict certain processing;
• withdraw consent for any consent-based processing;
• lodge a complaint with your local data protection authority.

To exercise any of these rights, email support@orbitrage.xyz from the address on your account. We respond within 30 days.

Orbitrage applies industry-standard safeguards: HTTPS everywhere, encryption at rest in our database, row- level security on every multi-tenant table, hashed API keys with constant-time comparison, and least-privilege service role usage on the backend. No system is ever completely secure, and we cannot guarantee absolute security, but we will notify affected users without undue delay if a breach affecting personal data occurs.

We use a small number of first-party cookies that are strictly necessary to operate the site — primarily the Supabase session cookie that keeps you signed in and a theme preference cookie that remembers light or dark mode.

We do not embed third-party advertising trackers. Any analytics we use are limited to aggregated traffic measurement and do not profile individual users for advertising purposes.

Orbitrage is not directed to anyone under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Orbitrage operates globally. Your data may be processed in countries other than the one where you live, including the United States and the European Union. Where required, we rely on Standard Contractual Clauses or equivalent safeguards approved by relevant data protection authorities.

We may update this policy from time to time. The “Last updated” date at the top of this page indicates when the latest revision took effect. If we make material changes, we will notify you by email or through a prominent notice in the dashboard before the changes take effect.

Questions, requests, or concerns about privacy can be addressed to:

Orbitrage, Inc.
support@orbitrage.xyz