Privacy Policy

2. Data Collection and Usage

We collect and process personal data, including: names, email addresses, organization names and usage metrics (e.g., usage time, frequency of platform usage).

We use personal data and associated metadata solely for analytics to improve our platform and marketing purposes.

We do not use your uploaded historical sales data for any purpose (including, without limitation, model training, external analytics, marketing, or disclosure to third parties).

We process this data based on the necessity to perform our contract with you and our legitimate interest in improving our services.

3. Data Sharing and Third Parties

We do not share, sell, or transfer your personal data to any third party. All collected data remains strictly within OrionCast AB.

4. Data Security

We take data security seriously and have implemented the following measures:

• All customer data is encrypted both during transmission (TLS/SSL) and when stored.
• Data is securely managed on cloud platforms with the highest security standards.
• Access to production environments and model code is restricted to authorized personnel only.

We comply with the General Data Protection Regulation (GDPR).

5. Data Retention and Deletion

We retain your personal data for as long as necessary, or until you request deletion. If you request deletion, your data will be promptly and permanently removed from our systems.

6. Cookies

We use a minimal number of cookies to ensure the website functions correctly and to improve your user experience. We do not use cookies for advertising, profiling, or behavioral tracking.

• Session Cookie (Authentication): A strictly necessary cookie used by our system (Flask-Login) to keep you logged in during your visit and to secure your session. This is typically deleted when you close your browser.
• Language Preference (lang): A functional cookie that remembers your preferred language (Swedish or English) across the website and dashboard. This cookie is stored for up to one year.

You can choose to disable cookies through your browser settings; however, please note that doing so will prevent you from logging in or using the service's core features.

7. Your Rights and Controls

You may at any time:

• Request access to the data we hold about you.
• Request correction or deletion of your data.

Please contact us directly at support@orioncast.ai for any data-related inquiries or requests.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

8. Age Restrictions

You must be at least 16 years old to use our platform. We do not knowingly collect or solicit personal information from children under the age of 16. If you are under 16, please do not use our Service or submit any personal information to us. If we become aware that we have collected personal information from a child under the age of 16, we will take steps to delete such information as soon as possible.

9. International Data Transfers

We do not intend to transfer your data outside the European Union. Where third-party infrastructure or service providers are used, we aim to keep personal data within the EU/EEA whenever possible.

10. Updates to this Policy

We may update this policy periodically. Any significant changes will be communicated clearly on our website.

For questions, please contact us at support@orioncast.ai

11. Account Data

To create and administer user accounts, we process account-related information such as email address, display name, company affiliation, country (if provided), password hashes, login timestamps, admin permissions, and project access or sharing metadata.

We use this information to authenticate users, manage permissions, secure accounts, and provide access to the relevant company workspace and forecasting data.

12. Contact Forms

If you contact us through the website, we process the information you submit, such as your name, email address, phone number, company, role, and message.

We use this information to respond to your inquiry, follow up on demo or partnership requests, and send relevant confirmations or replies.

13. Third-Party Providers

We use selected third-party service providers where necessary to operate the service, for example for email delivery and technical infrastructure. These providers process data only on our behalf and only for the purposes required to deliver the service.

For example, contact form emails, password reset emails, and certain service communications may be sent through Mailgun or equivalent email delivery infrastructure.

14. Shopify Integration

If you connect a Shopify store to OrionCast, we process integration data such as shop domain, access credentials or tokens, connection settings, imported product references, and synchronization metadata or logs.

We use this data to import and synchronize relevant Shopify information into your company workspace, support forecasting workflows, and troubleshoot integration issues.

15. CRM and Admin Data

Within our admin and CRM workflows, we may process business contact and relationship data such as company names, contact persons, email addresses, phone numbers, internal notes, ownership, status history, activity entries, and qualification or suitability fields.

This information is used for customer administration, sales follow-up, onboarding, support, and internal coordination. Access is restricted to authorized users with the relevant permissions.

16. Security Measures and Rate Limiting

We use a range of technical and organizational safeguards, including encrypted transport (TLS/SSL), restricted access to production environments, password hashing, hashed password reset tokens, upload size restrictions, and logging needed for security and reliability.

We also use Redis-backed rate limiting and abuse protection on selected endpoints. This may involve temporary processing of technical data such as IP addresses and request counters to prevent misuse and protect the service.