Privacy Policy

Your privacy matters to us. This Privacy Policy explains what personal information MiOrbit collects, how we use and store it, who we share it with, and what rights you have over your data. By using MiOrbit, you agree to the practices described in this policy.

This Privacy Policy is incorporated into and forms part of MiOrbit's Terms & Conditions. Capitalized terms not defined here have the meanings given in the Terms & Conditions.

1. Who We Are

MiOrbit (myorbit.space) is a professional networking platform for the space industry, operated by Helios Nexus Inc, a company incorporated in Delaware, USA.

For privacy-related questions or requests, contact us at: hello@myorbit.space

2. Information We Collect

We collect information in three ways: information you provide directly, information generated by your use of the platform, and information from third-party services.

2.1 Information You Provide

• Account information: email address, encrypted password, full name, and chosen callsign.
• Profile information: profile photo, cover image, bio, professional role, employer, location, skills, mission goals, and flight readiness status.
• User-generated content: Mission Log posts, comments, direct messages, event RSVPs, bookmarks, and any other content you upload or submit.
• NASA Force status: if you voluntarily set your NASA Force status (Candidate, Fellow, or Alumni) on your profile.
• Communications: messages you send to us via email or support channels.
• Giveaway and promotion entries: email address and callsign submitted for sweepstakes or promotional campaigns.

2.2 Automatically Collected Information

• Device and browser information: device type, operating system, browser type and version.
• IP address: collected for security, fraud prevention, and analytics purposes.
• Usage data: pages visited, features used, interactions with content, login timestamps, and session duration.
• Cookies and local storage: used for authentication, session management, and platform performance. See Section 7 for details.

2.3 Information from Third Parties

• Stripe: if you subscribe to Orbit Pro, Stripe processes your payment information. We receive a token, subscription status, and billing confirmation from Stripe. We do not store your full card number, CVV, or bank details on our servers.
• Supabase: our backend database and authentication provider. Account credentials and platform data are stored and managed through Supabase's secure infrastructure.
• Resend: our email delivery provider. We share your email address with Resend solely to send transactional emails (account verification, password reset, billing notifications) and, where opted in, the Mission Briefing newsletter.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Operate the Platform

• Create, authenticate, and manage your account.
• Display your profile, posts, and activity to other members as configured by your privacy settings.
• Enable direct messaging, event participation, group communities, and directory features.
• Process and manage your Orbit Pro subscription, including billing and cancellation.

3.2 To Communicate with You

• Send transactional emails: account verification, password reset, billing confirmations, and security alerts. These emails are necessary for the service and cannot be opted out of while your account is active.
• Send the Mission Briefing newsletter and platform announcements, where you have opted in. You may unsubscribe at any time.
• Respond to support requests, reports, and legal inquiries.

3.3 To Improve the Platform

• Analyze usage patterns and feature adoption to improve MiOrbit's functionality and user experience.
• Monitor platform performance, diagnose technical issues, and maintain security.
• Conduct internal research and analytics using aggregated, non-identifiable data.

3.4 To Protect the Community

• Detect, investigate, and prevent fraud, abuse, spam, and violations of our Terms & Conditions.
• Enforce our prohibited conduct policies.
• Comply with legal obligations and respond to lawful requests from authorities.

3.5 Legal Basis (for EEA/UK Users)

If you access MiOrbit from the European Economic Area (EEA) or United Kingdom, our legal bases for processing your personal data are: (a) contract performance — processing necessary to provide the MiOrbit service you have signed up for; (b) legitimate interests — analytics, security, fraud prevention, and platform improvement; (c) consent — newsletter communications and optional profile features; and (d) legal obligation — compliance with applicable law.

4. How We Store Your Data

All MiOrbit platform data is stored on Supabase's secure infrastructure, which provides:

• Encryption at rest and in transit (TLS/SSL).
• Role-based access controls limiting who can access data internally.
• Secure authentication and session management.
• Regular security updates and monitoring.

Payment data is processed and stored by Stripe, which is PCI DSS Level 1 certified — the highest level of payment security certification. We do not store payment card details on our own servers.

Email delivery is handled by Resend. We share only the minimum data necessary (email address and relevant content) for email delivery purposes.

Data is stored on servers located in the United States. If you are accessing MiOrbit from outside the US, your data will be transferred to and processed in the US. By using MiOrbit, you consent to this transfer.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:

• Account and profile data: retained for the duration of your account. Deleted within 30 days of account deletion request, subject to legal hold obligations.
• User-generated content: deleted upon account deletion. Certain content (e.g., posts in public groups) may be anonymized rather than deleted where removal would disrupt community context.
• Billing records: retained for 7 years after the last transaction to comply with financial record-keeping requirements.
• Security and abuse logs: retained for up to 12 months for fraud prevention and security purposes.
• Backup data: may persist in encrypted backups for up to 90 days after deletion before being purged.

You may request deletion of your account and personal data at any time. See Section 9 for instructions.

6. Who We Share Your Information With

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We share limited data only in the following circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating MiOrbit, strictly for the purposes described in this policy:

• Supabase — database hosting, authentication, and backend infrastructure.
• Stripe — payment processing for Orbit Pro subscriptions.
• Resend — transactional email and newsletter delivery.

All service providers are contractually bound to use your data only as directed by us and in accordance with this Privacy Policy.

6.2 Other Members

Your public profile information (name, callsign, bio, profile photo, mission goals, NASA Force status if set, and public posts) is visible to other MiOrbit members and, depending on your settings, to the general public. Direct messages are private and visible only to the participants.

6.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of MiOrbit, our users, or the public.

6.4 Business Transfer

If Helios Nexus Inc is acquired, merged, or transfers all or part of its assets (including MiOrbit), your personal data may be transferred as part of that transaction. We will notify affected users via email and a platform notice at least 30 days before any such transfer takes effect, and the acquiring party will be required to honor this Privacy Policy.

7. Cookies and Tracking

MiOrbit uses cookies and similar technologies to operate the platform. We do not use third-party advertising cookies or invasive tracking technologies.

7.1 Essential Cookies

These are required for the platform to function and cannot be disabled:

• Authentication cookies: keep you logged in across sessions.
• Security tokens: protect against CSRF and session hijacking.
• Session preferences: remember your in-session settings.

7.2 Performance Cookies

These help us understand how the platform is used and improve it:

• Usage analytics: aggregate, anonymized data on which features are used and how.
• Error tracking: helps us identify and fix technical issues.

7.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in and using core platform features. Disabling performance cookies will not affect your ability to use MiOrbit but will limit our ability to improve the platform.

8. Newsletter and Marketing Communications

If you subscribe to the Mission Briefing newsletter or opt in to platform announcements, we will send you periodic emails about space industry news, MiOrbit updates, community highlights, and relevant opportunities.

You may unsubscribe at any time by:

• Clicking the unsubscribe link in any newsletter email.
• Updating your notification preferences in your account settings.
• Emailing hello@myorbit.space with the subject line 'Unsubscribe'.

Transactional emails (account verification, billing receipts, security alerts, password resets) are not marketing communications and cannot be unsubscribed from while your account is active, as they are necessary for the service.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right to access: request a copy of the personal data we hold about you.
• Right to correction: request correction of inaccurate or incomplete data.
• Right to deletion: request deletion of your account and personal data. Submit requests to hello@myorbit.space or through your account settings.
• Right to portability: request your data in a machine-readable format.
• Right to object: object to certain types of processing, including direct marketing.
• Right to restrict processing: request that we limit how we use your data in certain circumstances.

To exercise any of these rights, contact us at hello@myorbit.space. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and share, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at hello@myorbit.space.

EEA and UK Residents (GDPR/UK GDPR)

If you are located in the EEA or UK, you have the rights described above under GDPR. You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.

10. Age Restriction

MiOrbit is a professional platform intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18.

If we become aware that a user under 18 has created an account or submitted personal information, we will take prompt steps to delete that account and all associated data. If you believe a minor has created an account on MiOrbit, please contact us immediately at hello@myorbit.space.

11. Security

We take the security of your personal data seriously. Our security measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Supabase's enterprise-grade authentication and access control infrastructure.
• Stripe's PCI DSS Level 1 certified payment processing.
• Regular review of access permissions and security configurations.
• Immediate investigation and notification procedures for suspected data breaches.

While we implement industry-standard security practices, no system is 100% secure. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

12. Third-Party Links and Services

MiOrbit may contain links to third-party websites, platforms, or services — including NASA Force resources, space industry news sites, event pages, and partner organizations such as Inspired24. This Privacy Policy applies only to MiOrbit. We are not responsible for the privacy practices of any third-party sites or services and encourage you to review their privacy policies independently.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our platform, data practices, or legal requirements. When we make material changes, we will:

• Update the 'Last Updated' date at the top of this document.
• Notify active users via email at least 14 days before the changes take effect.
• Post a notice on the platform.

Your continued use of MiOrbit after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you should stop using MiOrbit and may delete your account.

14. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

• Email: hello@myorbit.space
• Subject line for privacy requests: 'Privacy Request'
• Platform: myorbit.space/support

Helios Nexus Inc — myorbit.space

We aim to respond to all privacy-related inquiries within 30 days.