Orbital Chat GDPR Statement

 
Orbital Chat is a software service that lets you talk and collaborate with colleagues, through voice calls, screen sharing, link sharing and other collaboration activities.
 
In order to provide our services, we must retain and process certain pieces of data about our users. We are committed to ensure that not only is this done in a fully GDPR-compliant way, but also in a way that we would want our own personal data to be handled.
 
This means that we only retain and process data that we need to provide and improve our service. This document details what data we store and how we use it as well as information about the third parties to whom we send data to help us provide our service.
 

What data we store about you

We store data about you that enables us to provide our service. For instance, we store your name, profile picture, and chat messages that you send to other users, as well as things like your email address to identify your user account.
 
We also store data about actions you perform in the app. This enables us to provide customer support, and also lets us know at an aggregated level how our users are using our product. This lets us know what people like and don’t like about our product in order that we can improve it.
 

Where we store data

Our primary data storage and web servers reside with Firebase.

Firebase

We store the first type of data mentioned above (user profile, chat, etc.) in their servers.
Specifically, from the list in their Privacy Policy, we use the following services:
Cloud Firestore
Cloud Functions for Firebase
Cloud Storage for Firebase
Firebase Authentication
Firebase Platform
Firebase Realtime Database
Google Analytics for Firebase
Data security
Data is only made available to the users who need it. For example, chat messages areonly available to the recipient of the message, whereas people’s positions with thegalaxy are available to everyone within the galaxy.
As a company, our staff have restricted access to various pieces of data in our primary and third-party systems. We operate on the principle of least privilege, which is that staff members only have access to the smallest amount of data required to do their job. This means that we do not carry out practices such as downloading lists of users onto employee laptops – this is a prime example of the kinds of things that GDPR was intended to solve.

Third parties

We also use other third parties to provide various services, such as customer support and audio calls. We ensure that all of our third parties are fully GDPR compliant.

Twilio Programmable Video

Twilio provides our screen sharing functionality.
Twilio records and stores:
an anonymous user ID in order to connect you to the right people
information about screen sharing sessions, such as time and duration in order to bill Orbital
Twilio processes:
total time the service is used for

Twilio SendGrid

We use SendGrid for our transactional emails. Transactional emails are emails such as galaxy invites, welcome emails, etc. These are not marketing emails and are required for us to provide our service.
SendGrid records and stores:
your email address so we know where to send emails
your name as given when you sign up so we know how to address you
SendGrid processes:
whether emails are opened to help us ensure emails are being delivered
whether links in emails are clicked to help us ensure email content is working correctly

Crisp Chat

Crisp chat allows us to chat directly with our users via a chat box both on the website and the galaxy interface in order to provide help and support.
Crisp Chat records and stores:
an anonymous user ID
your email address so we can send help & support messages to your email if you go offline
your name so we know how to address you
chat messages that you send to us for help & support so we can help you better

Mixpanel

Mixpanel is an analytics service that helps us understand how people use Orbital and help individual users. For instance, we count the number of times people create pins so we know if the feature is useful to people.
Mixpanel records and stores:
your email address so we know who you are
actions you take, such as creating a pin or moving your marker so that:
we know if features are working well
we can provide better support if there is a problem
Mixpanel processes:
user actions to give us insights into how Orbital is used
user actions to aggregate actions such as knowing how many active users we have

Agora

Agora provides our audio chat services.
Twilio records and stores:
an anonymous user ID in order to connect you to the right people
information about sessions, such as time and duration in order to bill Orbital
Twilio processes:
total time the service is used for for billing
total time for each audio call so we know how much audio different teams are using

Mailchimp

Mailchimp keeps a list of all users who have opted into marketing communications.
Mailchimp records and stores:
your email address
your marketing preferences
Mailchimp processes:
whether emails are opened or links are clicked to help us determine which email content people are most interested in

Deletion of data

You can request your account to be deleted at https://app.orbital.chat/account
When you do this, we will delete all your data from our primary systems as described above, and request all third parties to delete your data. They will perform this according to their own terms (as described in the links above).
With third parties, there is often there is a processing lag between the deletion request and the actual deletion of the data.
If you wish to receive a copy of the data that we store about you, please send an email to our designated Data Controller, Tom Hicks at [email protected]. These requests may take up to 30 days to be processed, and we may require some extra information to verify your identity should you make a request.