Data Processing Agreement (DPA)

Last updated: 17 June 2026

This DPA outlines Orbit obligations when processing personal data on behalf of customer organizations.

1. Roles

Customer is Controller; Orbit is Processor for customer content and collaboration data.

2. Processing Scope

Orbit processes data only under documented instructions, for providing and securing the service.

3. Security Measures

Orbit applies technical and organizational measures appropriate to risk, including access controls, transport encryption, and logging.

4. Subprocessors

Orbit may use vetted subprocessors for hosting, email, and payments. Equivalent data protection commitments apply.

5. Data Subject Rights Assistance

Orbit supports customer handling of data subject requests where required by law.

6. Incident Notification

Orbit notifies customers without undue delay after becoming aware of a personal data breach affecting customer data.

7. Return/Deletion

Upon termination, data is deleted or returned according to contractual terms and legal obligations.