← Back to Legal Documents

Trust Orbit — Privacy Policy

Effective date: July 9, 2026

Company: Kenneth Steven Zamora Cabezas, an individual (no separate legal entity currently formed), organized under the laws of Costa Rica ("Trust Orbit," "we," "us," or "our")

Contact: [email protected]

1. Introduction

This Privacy Policy explains what information Trust Orbit collects, why we collect it, who can see it, how long we keep it, and what choices you have — including an important disclosure about what happens to your data if you delete your account. It applies to your use of the Trust Orbit app.

2. Information We Collect

Account information. Email address and password (handled through Supabase Auth, our authentication provider), username, optional full name, and optional avatar photo.

Financial-adjacent ledger data (not actual payments). When you use the app, we collect the "charges" you or your friends create — who owes whom, for what, and how much — along with paid/confirmed status and timestamps. We also collect group and "settle up" data if you use group expense features. To be clear: this is a record of what you tell us happened; no actual money or payment card/bank transaction data passes through Trust Orbit, because payments happen entirely outside the app.

Trust score and reputation data. We calculate and store your trust score, tier label, badges, and streaks based on your confirmed-payment history within the app.

Payment method details you choose to add. If you optionally add your own bank account, SINPE number, or similar payment details (with a free-text label) so friends know how to pay you, we store that information.

Social graph data. Friend requests, accepted friends, and blocks (including who you've blocked — this is never shared with the blocked user).

Device and notification data. If you enable push notifications, we collect a device push token so we can deliver reminders to you. We do not require this — it's optional and controllable in your settings.

Referral data. If you use or generate a referral/invite code, we track that usage to attribute referrals.

We do not collect biometric data. If you enable app-lock with Face ID or fingerprint, that authentication happens entirely on your device using your phone's own operating system biometric APIs. Trust Orbit's servers never receive, see, transmit, or store any biometric data — your face or fingerprint data never leaves your device and is never known to us.

We do not currently use AI to process your personal data. Trust Orbit does not run your data through AI/machine-learning systems as part of the live product.

We do not sell your data or use it for ad targeting, and we have no relationships with data brokers.

3. How We Use Your Information

We use the information above to:

4. Who Can See Your Information

Visibility in Trust Orbit is deliberately limited and feature-specific:

5. Third-Party Service Providers

We use Supabase (which provides our database, backend infrastructure, and authentication) to store and process the data described above on our behalf. Supabase acts as our data processor/infrastructure provider — it does not use your data for its own advertising or marketing purposes. We do not otherwise sell, rent, or share your personal information with data brokers or advertisers.

6. Data Retention and Account Deletion — Please Read This Section Carefully

You can delete your account at any time from within the app. Here's exactly what happens when you do, because it's a little different from a typical "delete everything" flow:

In practice, this means: deleting your account removes your personal identity from the platform, but it does not retroactively erase your transaction history's effect on other users' accounts.

If you have questions or concerns about this before deleting your account, contact us at [email protected].

7. Your Rights

Depending on where you live, you may have rights to access, correct, export, or request deletion of your personal information, and to object to or restrict certain processing. To exercise these rights:

We'll respond to requests within a reasonable time and as required by applicable law.

8. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect your information, including relying on Supabase's infrastructure security and access controls. However, no method of transmission or storage is 100% secure, and we can't guarantee absolute security.

9. Children's Privacy

Trust Orbit is intended for users 15 and older. We do not knowingly collect personal information from anyone under 15. If we learn we've collected information from someone under 15, we'll delete it. Users between 15 and the age of majority in their jurisdiction should only use Trust Orbit with a parent's or legal guardian's permission.

10. International Data Transfers

Your information may be stored and processed in countries other than your own. Our infrastructure provider, Supabase, currently hosts our database and backend in the United States (AWS region us-east-2).

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you in the app or by email before they take effect. The "Effective date" at the top of this document will reflect the latest revision.

12. Governing Law

This Policy is governed by the laws of Costa Rica, without regard to conflict-of-law principles.

13. Contact Us

Questions, concerns, or requests about this Privacy Policy? Reach us at [email protected].