Privacy Policy
Last Updated: April 2026
1. Introduction
OrbitOS ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our SaaS workspace platform ("Service").
This Policy is governed by the Protection of Personal Information Act 4 of 2013 ("POPIA") of South Africa. By accessing or using OrbitOS, you consent to the practices described in this Privacy Policy.
2. Definitions
- POPIA:The Protection of Personal Information Act 4 of 2013.
- Data Subject:An individual who accesses or uses the Service.
- Workspace:The organizational environment created within OrbitOS.
- Processing:Any operation or activity concerning Personal Information, as defined in POPIA.
3. Information We Collect
We collect only the Personal Information necessary to provide our Service, in accordance with the data minimization principle under POPIA.
3.1 Account Information
Full name, email address, role designation (Owner or Member), and workspace association.
3.2 Usage Data
Tasks and projects created, modified, or assigned; activity timestamps and audit logs; workspace interactions and collaborations; user-generated content within the platform.
3.3 Technical Information
IP address (collected for security and abuse prevention), browser type, device information, operating system, and access times.
4. Purpose and Legal Basis
We process Personal Information only for specific, explicitly defined purposes and where we have a lawful basis under POPIA.
4.1 Purposes of Processing
To provide and maintain the Service; to authenticate users and secure accounts; to facilitate workspace collaboration; to send transactional communications; to improve platform functionality; and to comply with legal obligations.
4.2 Lawful Basis
Our processing is based on Consent, Contractual Necessity, Legitimate Interest (for security and improvement), and Legal Obligation.
5. How We Share Information
5.1 Within Your Organization
Workspace Owners and Members can see your name, email, associated tasks, and activity within the shared Workspace.
5.2 Third-Party Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Firebase (Google) | Auth & Database | USA |
| Vercel | Hosting & Infrastructure | USA |
| Resend | Transactional Email | USA |
| Upstash | Security & Rate Limiting | United States |
6. Data Security
We implement appropriate technical and organizational measures to safeguard Personal Information against loss, unauthorized access, or disclosure:
- Encryption in transit (TLS/SSL) and at rest
- Role-based access controls (RBAC)
- Secure authentication via Firebase
- Regular security assessments and monitoring
7. Data Retention
We retain Personal Information only for as long as necessary to fulfill the purposes for which it was collected. Upon account deletion, we will delete or anonymize your information within 30 days, except where retention is required for legal obligations.
8. Your Rights Under POPIA
As a Data Subject, you have the right to access, correct, delete, or object to the processing of your Personal Information. You also have the right to withdraw consent and to lodge a complaint with the Information Regulator of South Africa.
To exercise these rights, email feedback@miraistack.co.za.
Contact Information
For questions regarding this policy, please contact our Information Officer: Mirai Stack (Pty) Ltd
feedback@miraistack.co.za