Privacy Policy

1. Our Commitment to Privacy

ChatOrbit is designed to prioritize private, ephemeral conversations. The Service connects participants using peer-to-peer WebRTC technology so that messages flow directly between devices. When supported by both browsers, end to end encryption keeps message content accessible only to intended recipients.

2. Information We Collect

• Session metadata: We temporarily process session tokens, participant identifiers, countdown configuration, and connection status to coordinate joins and show who is connected.
• Signaling details: Our signaling server exchanges ICE candidates and WebSocket messages needed to establish a connection. These messages may include IP addresses and browser networking information.
• STUN/TURN authentication: Third-party relay services receive short-lived nonces (valid for 600 seconds) and IP addresses strictly to facilitate NAT traversal.
• Optional diagnostics: If you opt into client debugging, limited technical logs may be saved to your local device to troubleshoot connectivity issues.

3. How We Use Your Information

The information described above is used solely to facilitate peer-to-peer connections, authenticate legitimate access to STUN/TURN servers, monitor whether a session remains active, and protect the Service from abuse. We do not profile users or use data for advertising.

4. End-to-End Encryption

When supported, ChatOrbit negotiates AES-GCM encryption with keys derived from session tokens directly on users' devices. We do not receive these keys and cannot decrypt message content. If encryption is not available in one or both browsers, messages are transmitted unencrypted and the application alerts participants.

5. No Message Storage

Message content is never stored on our servers. Messages exist only in the memory of participating devices during an active session and disappear when the session ends or the application closes. This design means we cannot retrieve or provide message history to third parties, including law enforcement.

6. Data Sharing

We do not sell or rent information to third parties. Session metadata may be disclosed only when required by law or to protect the safety and security of users. Because we do not store message content, we cannot provide it in response to legal requests.

7. Data Retention

Session metadata and signaling data are retained only as long as needed to operate the Service or comply with applicable legal obligations. When a session ends or is manually deleted, related metadata is purged according to operational retention schedules. No message bodies or encryption keys are retained.

8. Compliance with Data Protection Laws

We strive to comply with applicable data protection laws, including the GDPR and CCPA. ChatOrbit collects only the data necessary to establish peer-to-peer sessions and does not use personal data for profiling. If you are in the European Union, you may request access to, rectification of, or deletion of identifiable data linked to a session by contacting us at privacy@chatorbit.com.

9. Security

We implement industry-standard security measures to protect signaling infrastructure, including secure WebSocket transport, hardened hosting environments, monitoring for abuse, and TURN server authentication using expiring nonces. You are responsible for securing your own device and ensuring it remains free of malware.

10. Third-Party Services

The Service relies on third-party STUN/TURN providers to relay traffic when direct connections are not possible. These providers see network-level information necessary to deliver the Service but do not have access to message content. We select reputable vendors and configure them with security best practices.

11. Your Choices

Participation in ChatOrbit is voluntary. You can end a session at any time, choose not to share a session token, or decline to use the Service. Clearing your browser storage will remove local diagnostic artifacts created by the application.

12. Changes to This Privacy Policy

We may revise this Privacy Policy to reflect changes in our practices or legal requirements. Updated policies will be posted on this page with a revised "Last updated" date. Continued use of ChatOrbit after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

Questions about this Privacy Policy or our data practices can be sent to privacy@chatorbit.com.