Privacy Policy

XORB ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the XORB mobile application and related services. Please read this policy carefully. By using XORB, you agree to the practices described herein.

1. Information We Collect

1.1 Information You Provide Directly (Zero PII Transmission)
XORB processes all astrological calculations (date, time, and location of birth) entirely on your local device. We do not transmit, store, or sell your personal birth data on any external servers (including Firebase or our own backend). Your data is yours. To delete your data, simply uninstall the application. You may also optionally provide a display name and birth profiles for friends and family members, which are equally bound by this strict on-device-only policy.

1.2 Authentication Data
If you choose to link your account via Apple Sign-In or Google Sign-In, we receive only your anonymized user identifier and email address as provided by those platforms. We do not receive your Apple or Google passwords.

1.3 Automatically Collected Data
We and our service partners automatically collect certain non-personal technical information, including: device type and operating system version, app version, session duration, feature interaction events, crash logs and performance diagnostics, and subscription status. This data is collected in anonymized and aggregated form and cannot be used to identify you individually.

2. Local-First Architecture

XORB operates under an uncompromising "Local-First" architecture. All complex astrological calculations — including VSOP87D planetary positions, ELP2000-82 lunar resolution, and Placidus house cusp computation — are executed entirely on your device's CPU. Your name, exact birth time, and exact birth coordinates are never transmitted to XORB servers, Google Firebase, or any analytics provider. Your core astrological profile is encrypted and stored locally using your device's secure storage (iOS Keychain / Android Keystore). Because we hold zero PII (Personally Identifiable Information) on our servers, data deletion is instantly achieved by uninstalling the application from your device.

3. How We Use Your Information

We use the information we collect to:
• Deliver, personalize, and improve the XORB application
• Execute on-device astrological calculations and generate your birth chart, transit forecasts, and synastry analysis
• Manage your subscription and process payments via Apple App Store or Google Play
• Monitor app stability, diagnose crashes, and measure performance
• Comply with legal obligations and enforce our Terms of Service
• Communicate service updates or respond to support inquiries

We do not use your data for advertising profiling, data brokerage, or any purpose beyond what is described in this policy.

4. Third-Party Data Processors

XORB engages the following trusted third-party processors, each bound by data processing agreements and their own privacy policies:

• Google Firebase (Google LLC) — App analytics, crash reporting (Firebase Crashlytics), and cloud messaging. Firebase processes anonymized usage events. Data is processed in the United States under Google's Standard Contractual Clauses for EU transfers.

• RevenueCat, Inc. — Subscription management and in-app purchase verification. RevenueCat processes your subscription status and anonymized device identifier. No birth data is shared.

• Apple Inc. / Google LLC — Platform-native cloud synchronization (iCloud / Google Drive) for encrypted profile backups. This data is governed exclusively by Apple's and Google's respective privacy policies.

• Google BigQuery (Google LLC) — Aggregated, anonymized analytics data pipeline for internal product improvement. No PII is transmitted to BigQuery.

XORB does not sell, rent, share, or trade your personal data with any third party for marketing or commercial purposes.

5. Cloud Synchronization & Backups

To enable seamless device migration, your encrypted profile data may be synchronized via Apple iCloud or Google Drive. This synchronization uses platform-native encryption and is managed entirely by Apple or Google. XORB does not operate independent cloud databases for storing your Personally Identifiable Information (PII) and cannot access this synchronized data.

6. Data Retention

Local profile data is retained on your device until you delete the application or use the "Delete Account" function. Anonymized analytics event data processed by Firebase is retained for a maximum of 14 months per Google's standard data retention settings. Subscription data held by RevenueCat is retained in accordance with RevenueCat's data retention policy (typically 3 years for compliance purposes). Upon account deletion, all locally stored data is permanently erased ("Nuclear Wipe"), and any associated diagnostic identifiers are revoked within 30 days.

7. Your Rights & Data Control

7.1 Rights for All Users
Regardless of your location, you have the right to access the data you have provided, export your astrological history, delete your account and all associated data, and correct inaccurate data by editing your profile.

7.2 EU / EEA Users — GDPR Rights
If you are located in the European Union or European Economic Area, you have additional rights under the GDPR including: Right of Access (Art. 15), Right to Rectification (Art. 16), Right to Erasure (Art. 17), Right to Restriction of Processing (Art. 18), Right to Data Portability (Art. 20), Right to Object (Art. 21), and the right to lodge a complaint with your local supervisory authority.

7.3 California Users — CCPA Rights
If you are a California resident, you have rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. XORB does not sell personal information. To exercise your CCPA rights, contact us at legal@x-orb.com.

8. Children's Privacy (COPPA)

XORB is not directed to children under the age of 13 (or 16 for users in the EU). We do not knowingly collect personal information from children. If we become aware that a child under the applicable age has provided us with personal information without parental consent, we will take immediate steps to delete that information. If you believe we may have collected data from a child, please contact us at legal@x-orb.com.

9. Data Security

We implement industry-standard technical and organizational measures to protect your information, including on-device encryption via platform Keychain/Keystore, encrypted transit (TLS 1.3) for all network communications, and access controls limiting staff access to operational data. However, no method of electronic storage or transmission is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated through an in-app notification with an updated effective date. Your continued use of XORB after such changes constitutes acceptance of the revised policy.

11. Contact & Data Controller

XORB is the data controller for the purposes of this Privacy Policy.

For privacy-related inquiries, data access requests, or to exercise your rights, please contact us:

General Privacy Inquiries: support@x-orb.com
GDPR/CCPA & Legal Requests: legal@x-orb.com
Website: https://x-orb.com/privacy

We will respond to all verifiable requests within 30 days (or within the timeframe required by applicable law).