Privacy Policy | Sound Orbit

Sound Orbit — Privacy Policy

Effective Date: April 22, 2026

Last Updated: June 6, 2026

1. Introduction

Sound Orbit, LLC ("Sound Orbit," "we," "us," or "our") operates the Sound Orbit mobile application (the "App") and the website soundorbitapp.com (the "Site"). We are a single-member limited liability company based in Jefferson County, Missouri.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using the App or the Site, you agree to the practices described here.

If you do not agree with this Policy, please do not use the App or the Site.

2. Information We Collect

We collect only what we need to run the App and support our users. We do not sell your information, and we do not use it for advertising or cross-app tracking.

2.1 Contact Information

- Name — collected when you create an account or set up your community profile.

- Email address — collected for account authentication, password recovery, support correspondence, and transactional notifications.

2.2 User Content

- Saved mixes, Dream Journal entries, and community posts you create inside the App are stored so we can sync them to your account and (for community posts) display them to other users.

- Artwork you generate for your saved mixes is stored with your account so it is available across your devices.

- First Responder verification documents (government ID and institutional work credential) that you upload during optional First Responder verification. These are handled as described in Section 5.

2.3 Identifiers

- User ID — a unique identifier assigned to your account by Firebase Authentication.

- Device ID / IDFV (Identifier for Vendor) — Apple's per-vendor device identifier. We use IDFV solely as part of our First Responder anti-abuse system to prevent repeat fraudulent verification attempts from the same device. We do not use IDFV for advertising, profiling, or tracking across other apps or websites.

2.4 Usage Data

- Product interaction data — aggregated analytics about how you use the App (e.g., sessions started, features accessed, screens viewed). Collected via Firebase Analytics for product improvement only.

- Family Plan shared usage — for Family Plan subscribers, Orbit AI question counts are tracked at the family-subscription level (a single shared counter keyed to the family's Apple-issued original transaction ID) rather than per-member. Individual question content is not shared between family members; only the aggregate count is shared.

2.5 Purchase Data

Subscription and in-app purchase transactions are processed entirely by Apple through the App Store and StoreKit. We receive a purchase receipt and subscription status from Apple, but we do not receive or store your payment card details.

In addition to subscriptions, you may purchase Artwork Tokens (consumable in-app purchases) through Apple. As with subscriptions, these transactions are processed entirely by Apple; we receive confirmation of the purchase but not your payment details. Your Artwork Token balance is stored with your account so it is available across your devices and after reinstalling the App.

2.6 What We Do Not Collect

We do not collect: precise location, health records, contacts, photos outside of what you explicitly upload, audio recordings, advertising identifiers (IDFA), browsing history, financial account numbers, or government ID numbers as structured fields (see Section 5 for how verification documents are handled).

3. How We Use Information

We use the information we collect to:

- Create and maintain your account.

- Sync your mixes, preferences, Dream Journal, session history, gamification progress, and Artwork Token balance across your devices and after reinstalling the App.

- Power community features (sharing mixes, likes, reports, moderation).

- Deliver answers through Orbit AI (see Section 4).

- Generate AI artwork and AI-suggested descriptions for user-created mixes (see Section 4). AI-suggested descriptions are available only on paid subscription tiers.

- Verify eligibility for the First Responder program (see Section 5).

- Process subscription entitlements and in-app purchases through Apple.

- Improve the App through aggregated usage analytics.

- Send transactional communications (account issues, verification status, subscription receipts from Apple).

- Respond to support requests.

- Enforce our Terms of Service and detect abuse.

- Comply with legal obligations.

We do not use your information to build advertising profiles, sell data to third parties, or serve targeted ads.

4. Sharing & Third-Party Services

We share limited data with a small number of service providers, each bound by their own contractual and legal obligations. These providers process data on our behalf and are not permitted to use it for their own purposes beyond operating their services.

4.1 Firebase (Google LLC)

We use Firebase for authentication, backend database (Firestore), file storage, and analytics. Your account credentials, saved content, community posts, mix artwork, and usage analytics are stored on Google-operated servers.

policies.google.com/privacy — https://policies.google.com/privacy

4.2 Anthropic (Claude API)

Sound Orbit uses Anthropic's Claude API for two purposes: (1) Orbit AI — when you ask Orbit AI a question, the text of your question is transmitted to Anthropic for processing and a response is returned; and (2) First Responder document analysis — when you submit verification documents, the document images are transmitted to Anthropic for in-flight analysis (see Section 5.2 for retention details). Per Anthropic's API terms, inputs and outputs are not used to train their models. Claude is not used for AI artwork or AI-suggested mix descriptions; those go through xAI Grok (see Section 4.3).

anthropic.com/privacy — https://www.anthropic.com/privacy

4.3 xAI (Grok API)

Sound Orbit uses xAI's Grok API for two purposes: (1) AI artwork — when you generate artwork for a user-created mix, the text prompt describing your mix is transmitted to xAI and an image is returned; and (2) AI-suggested mix descriptions — when you request an AI-generated description for a saved mix, your mix metadata (name, sound layers, brainwave band, frequency) is transmitted to xAI and four candidate descriptions are returned. AI-suggested descriptions are available only on paid subscription tiers (Premium, Family, First Responder); free-tier users enter mix descriptions manually and no data is sent to xAI for that flow.

x.ai/legal/privacy-policy — https://x.ai/legal/privacy-policy

4.4 Apple

Subscriptions and in-app purchases are processed by Apple through StoreKit. Apple handles all payment details.

apple.com/legal/privacy — https://www.apple.com/legal/privacy/

4.5 Legal Disclosures

We may disclose information if required by law, subpoena, court order, or to protect our rights, users, or the public.

4.6 No Sale of Personal Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

5. First Responder Verification Data Handling

The First Responder program offers discounted Premium subscription pricing ($1.99/month or $19.99/year) to verified police, firefighters, EMS, healthcare workers, military, and dispatchers. Verification is required to access these discounted rates and is optional — you are never required to submit documents to use the App. Sound Orbit's stated goal is to offer Premium access to verified first responders free of charge as the program scales; until that goal is reached, the discounted rates above apply.

5.1 What You Submit

To verify, you upload two documents through the App:

- A government-issued photo ID.

- An institutional work credential (e.g., employer-issued ID, active license with employer visible, recent pay stub with name and employer).

5.2 How Documents Are Processed

Uploaded documents are analyzed in real time by the Claude API to confirm document type, match identity across both documents, and confirm qualifying employment.

The document images themselves are never permanently stored. They are analyzed in-flight and discarded once analysis completes.

5.3 What We Retain

After analysis, we retain only:

- Perceptual hashes of each document (one-way mathematical fingerprints that prevent the same document from being reused by another applicant, but cannot be reversed to reconstruct the document).

- A SHA-256 hash of extracted identity fields (also one-way and non-reversible).

- IDFV at the time of approval (for anti-abuse).

- Approval timestamp and re-verification due date.

- A timestamped record that you agreed to the First Responder verification terms.

5.4 Why We Retain It

These records exist solely to prevent fraudulent verification and to manage the annual re-verification cycle. They are not used for marketing, analytics, or any purpose outside the First Responder program.

5.5 Re-verification

First Responder status is valid for 365 days plus a 30-day grace period. You'll be prompted in-app to re-verify before expiration.

5.6 Access Restrictions

Our Firestore security rules restrict access to First Responder hash collections to administrator accounts only. No user — including other First Responders — can read or list another user's verification data.

5.7 Anti-Abuse Trial Records

To prevent repeated trial abuse, Sound Orbit retains a one-way SHA-256 hash of the email address used at signup, along with the timestamp the trial began. For accounts created via Sign in with Apple, we additionally retain a SHA-256 hash of the Apple-issued user identifier so the same protection applies if a user re-signs in without re-providing their email. These records:

- Cannot be reversed to identify the user

- Survive account deletion (this is intentional, to prevent repeated trial fraud)

- Are used only to determine whether a given email address or Apple identifier has previously consumed the 14-day free trial

- Are never used for marketing, analytics, or any purpose outside trial-eligibility verification

By starting a free trial, you consent to the retention of this anti-abuse record. The same hash-based pattern is used for our First Responder program (see above).

6. Apple Health Data

Sound Orbit can read your heart rate variability, resting heart rate, sleep data, and Mindful Minutes from Apple Health, with your permission. We use this data only to display personalized wellness insights inside the app and pair sessions to your recovery state.

Sound Orbit writes Mindful Minutes to Apple Health when you complete a session, so your binaural beat practice is reflected in your daily Health app summary.

Apple Health data never leaves your device. We do not store it on our servers, share it with third parties, use it for advertising, or feed it into any AI service. You can revoke Sound Orbit's access to Apple Health at any time in the Health app under Sharing → Apps.

7. Data Retention & Deletion

- Account and content: Retained for as long as your account is active.

- First Responder hashes: Retained for the duration of your First Responder status plus a reasonable period to prevent re-verification fraud.

- Analytics: Aggregated usage data is retained per Firebase Analytics defaults.

- Support correspondence: Retained for up to 24 months.

Deletion

You can delete your account at any time from inside the App (Profile → Settings → Delete Account). Deleting your account removes your profile, saved mixes, mix artwork, Dream Journal entries, community posts, session history, gamification progress, Artwork Token balance, and associated data from our active systems. First Responder verification hashes and anti-abuse trial records may be retained in de-identified, non-reversible form to prevent abuse, as described in Sections 5.3 and 5.7.

You may also request deletion by emailing support@soundorbitapp.com. We will confirm receipt within 7 days and complete deletion within 30 days unless legal obligations require longer retention.

8. Your Rights

Depending on where you live, you may have rights to:

- Access the personal information we hold about you.

- Correct inaccurate information.

- Delete your information.

- Export a copy of your data.

- Object to or restrict certain processing.

- Withdraw consent where processing is based on consent.

To exercise any of these rights, email support@soundorbitapp.com. We will respond within 30 days.

9. Children's Privacy

Sound Orbit is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact support@soundorbitapp.com.

Users between 13 and the age of majority in their jurisdiction should use Sound Orbit only with parental or guardian consent.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

- Know what categories of personal information we collect and the purposes for collecting it.

- Request access to or deletion of your personal information.

- Correct inaccurate personal information.

- Opt out of the sale or sharing of personal information — Sound Orbit does not sell or share personal information for cross-context behavioral advertising.

- Limit the use of sensitive personal information — we do not use sensitive personal information for any purpose beyond what is necessary to provide the App.

- Be free from retaliation for exercising any of these rights.

To exercise California rights, email support@soundorbitapp.com with the subject line "California Privacy Request." We may need to verify your identity before fulfilling your request.

11. International Users

Sound Orbit is operated from the United States. If you use the App or Site from outside the United States, your information will be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your country.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the legal bases we rely on to process your personal information include: performance of our contract with you, your consent (where applicable), our legitimate interests in operating and improving the App, and compliance with legal obligations.

12. Security

We use industry-standard security measures to protect your information, including:

- TLS/HTTPS for all data transmission.

- Apple Keychain for storage of sensitive local credentials on your device.

- Firestore security rules enforcing owner-only writes and restricted admin reads.

- Firebase Authentication for credential handling.

No system is 100% secure. If we become aware of a data breach affecting your personal information, we will notify you as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Material changes will be communicated via in-app notification or email. Your continued use of the App after changes take effect constitutes acceptance of the revised Policy.

14. Contact Us

Questions about this Privacy Policy or your information?

Sound Orbit, LLC

Jefferson County, Missouri, USA

Email: support@soundorbitapp.com