Privacy First · Local-First

Your privacy
lives in your phone.

OrbiTome is designed to know as little as possible about you. Here you'll find exactly what we collect, why, and for how long.

Last updated: 30 June 2026 · Version 5.1

🔒 Event history: only on your device
💨 Cloud data: auto-deleted after 2 hours
👻 Ghost Mode: invisible on the public map
🚫 No selling of data to third parties
Index

Who is responsible for your data

The data controller for personal data is the developer of OrbiTome. For any privacy question, you can contact us at the address indicated in the Contact.

This policy applies to the OrbiTome mobile app available on Google Play Store (Android) and on App Store (iOS), as well as related services such as the universal link orbitome.com/join/….


What we collect and why

OrbiTome collects the data necessary for the app to work, keeping it to the bare minimum. Here is the full picture:

Data type
Where it's stored
Purpose
Phone number
☁️ Cloud (Firebase)
Unique identifier for OTP login and contact matching
Profile photo (optional)
☁️ Cloud (Firebase)
Displaying your public profile to friends
Location (GPS)
☁️ Temporary cloud
Creating events on the map; deleted within 2 hours of the event
Event history
📱 Local only (SQLite)
Your personal "Vault"; it never leaves the device
Phone contacts
📱 Local only (SQLite)
Synced locally in SQLite; numbers are matched against Firebase to find your friends already on OrbiTome and, likewise, to make you findable by your contacts who use the app — like common messaging apps. No public directory; you are never shown to anyone who doesn't already have your number. Your address book is never uploaded to the cloud
Tags/Groups
📱 Local only (SQLite)
Managing private lists (e.g. "Five-a-side"); never shared
Advertising data (AdMob)
🔗 Third party (Google)
Showing relevant ads; see third-party section
Usage data (Analytics)
🔗 Third party (Google)
App performance analysis; anonymized
User blocks (user_blocks)
☁️ Cloud (Firebase)
Anti-stalking protection: keeps the mutual block relationship. Automatically deleted when the account is deleted
Passwords / Private messages
🚫 Not collected
OrbiTome does not collect or store this type of data

Local vs Cloud: the double vault

OrbiTome uses a hybrid architecture designed with privacy as the starting point, not as an afterthought.

📱

The Vault — Local Database (SQLite)

Your event history, your contacts, and your personal tags are stored on your smartphone and are not transmitted to our servers in readable form. You can export the local database as an encrypted file (AES-256) to Google Drive or another personal storage app via the native Share Sheet, accessible only with your recovery code.

☁️

The Temporary Whiteboard — Cloud (Firestore)

Only the data needed for real-time sync travels to the cloud: public profile, event location, and status. Each item has an expires_at set to 2 hours from the start of the event. An automatic Cloud Function handles hourly cleanup. Our servers are not a permanent record of where you've been.

👻
🔎

Contact filter: on your device

Ghost events appear only to your invitees, other events only to your contacts: this filtering happens directly on each OrbiTome user's device, not on a server. Your event history stays only on your phone.

Ghost Mode

When you enable Ghost Mode, the event's visibility is set to "tag" (private): the event disappears from the public map and is accessible only to the people you have explicitly invited via link. The "Ghost Mode Active" label is visible in the interface while in use.

⚠️

Security of local contacts

The user's contacts are stored exclusively on the local device, in unencrypted storage (SQLite). On devices with root or jailbreak access, phone numbers could be accessible to third-party applications with elevated privileges. OrbiTome disables Android Auto Backup (via the flag android:allowBackup="false" in the manifest) to prevent extraction of clear-text data via ADB backup. We recommend not using the app on rooted devices.


Who else touches your data

OrbiTome integrates the following third-party services. Each has its own privacy policy; we provide links so you can review them directly.


What the stores require (Google Play and App Store)

OrbiTome is distributed on Google Play Store (Android) and on App Store (iOS). Google and Apple, as store operators, collect some store-level information regardless of our choices:

This data is managed directly by Google according to its own privacy policies. OrbiTome has no direct access to the data collected by the store's systems.


How long we keep your data

Data
Duration
How to delete it
Event data (cloud)
⏱ 2 hours after the event
Automatic deletion via TTL and Cloud Function
Public profile (cloud)
Until account deletion
Profile → Settings → Delete account (also deletes all created live events and user blocks)
Local history (SQLite)
Until uninstall
Privacy & Vault → "Cancella dati locali" rimuove tutti i dati SQLite; o disinstalla l'app
User blocks (user_blocks)
Until account deletion
Automatically deleted by the Cloud Function onUserDeleted when the account is deleted
Encrypted backup
Until manually removed
Delete the file from iCloud Drive or Google Drive manually
AdMob/Analytics data
Per Google policy (typically 14 months)

You're in control

If you reside in the European Union or the EEA, you have the following rights under Regulation (EU) 2016/679 (GDPR):

👁️
Access
You can request a copy of all the personal data we hold about you.
✏️
Rectification
You can correct your profile data directly from the app at any time.
🗑️
Deletion
You can delete your account and all associated data from the Profile screen. Deletion removes your profile, created live events, and user blocks, both in the cloud and locally.
📦
Portability
You can export your local history as an encrypted file (AES-256) via the backup feature.
🚫
Objection
You can object to processing for advertising purposes by disabling AdMob in your device settings, or by disabling Firebase Analytics in the app settings.
⚖️
Complaint
You can lodge a complaint with the competent data protection authority.

To exercise any of these rights, write to privacy@orbitome.com or use the features built into the app directly.


Use by minors

OrbiTome is intended for users aged 13 or older (or the minimum age required by applicable local law). We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided personal data, please contact us immediately so we can proceed with deletion.


Got questions?

For any request regarding privacy, the management of your data, or to exercise your rights, you can contact us:

✉️

Privacy Email

Write to us at privacy@orbitome.com — we'll respond within 30 days, as required by the GDPR.

We reserve the right to update this policy to reflect changes in our services or in the law. In case of substantial changes, we will notify you via in-app notification or email. The current version is always available at this address.