Privacy Policy

Last updated: May 12, 2026

1. Introduction

Orchest HQ ("Orchest," "we," "us," or "our") operates the orchesthq.com website and the Orchest HQ platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, and password when you create an account.
  • Organization information: company name and team details when setting up a workspace.
  • Payment information: billing details processed through our third-party payment processor. We do not store your full payment card details.
  • Connected services: when you connect third-party services (such as Slack, GitHub, or Google), we receive access tokens and profile information necessary to operate the integration.
  • Knowledge base content: documents, code, and other content you choose to sync into the knowledge base for use by your AI agents.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, interaction patterns, timestamps, and referring URLs.
  • Device and browser data: IP address, browser type, operating system, and device identifiers.
  • Cookies and similar technologies: we use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process your AI agent requests, including sending content to large language model (LLM) providers to generate responses.
  • Authenticate your identity and manage your account.
  • Facilitate integrations with third-party services you connect.
  • Send transactional emails (account verification, password resets, usage alerts).
  • Monitor and analyze usage and trends to improve the Service.
  • Detect, prevent, and address technical issues and security threats.
  • Comply with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share information with:

  • LLM providers: conversation content and knowledge base excerpts are sent to third-party AI model providers (such as OpenAI or Anthropic) to generate agent responses. These providers process data under their own terms and data processing agreements.
  • Service providers: trusted third parties that assist in operating our Service, such as hosting, email delivery, payment processing, and analytics.
  • Legal requirements: if required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law. Knowledge base content and conversation history are deleted upon account deletion.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security assessments. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Third-Party Integrations

The Service allows you to connect third-party accounts (Slack, GitHub, Google, etc.). When you authorize these integrations, we access only the data necessary to operate the integration as described during the authorization process. You can revoke access at any time from your dashboard settings or the third-party service's settings.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information.
  • Object to or restrict processing of your personal information.
  • Data portability — receive a copy of your data in a structured format.
  • Withdraw consent where processing is based on consent.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

10. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at: privacy@orchesthq.com