Privacy Policy
Last updated: March 30, 2026
This Privacy Policy describes how Orchestra Research Institute (“Orchestra,” “we,” “us,” or “our”) collects, uses, and protects your information when you use the Orchestra platform, website, and services (the “Service”). By using the Service, you agree to the practices described in this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Name (if provided)
- Authentication data from third-party login providers (Google, GitHub), including your public profile information
- Profile information you choose to provide
1.2 Research Content
When you use the Service, we store:
- Research projects, including hypotheses, notes, and canvas data
- Experiment configurations, code, and results
- Conversations with AI agents (Orchestra AI and experiment agents)
- Uploaded files and documents
- Generated papers, literature reviews, and other outputs
1.3 Usage Data
We automatically collect:
- Feature usage and interaction data (e.g., which tools you use, experiments you run)
- Device information (browser type, operating system)
- Log data (IP address, access times, pages viewed)
- Performance and error data to maintain service reliability
1.4 Payment Information
Payment processing is handled by Stripe. We do not store your credit card numbers, bank account details, or other sensitive payment information on our servers. Stripe may collect and process your payment data in accordance with its own privacy policy.
2. How We Use Your Information
We use your information to:
- Provide the Service: Process your research queries through AI models, store your projects, execute experiments, and deliver results
- Operate and maintain: Ensure the Service functions correctly, monitor for errors, and provide customer support
- Communicate with you: Send transactional emails (account verification, password resets, collaboration invites) and, with your consent, product updates
- Analyze and improve: Use aggregated, anonymized usage data to understand how the Service is used and improve features
- Process payments: Manage subscriptions, credit purchases, and billing
- Ensure safety: Detect and prevent fraud, abuse, and violations of our Terms of Service
3. How We Share Your Information
We share your information only in the following circumstances:
3.1 AI Model Providers
To provide AI-powered features, we transmit portions of your research content (such as chat messages, project context, and experiment data) to third-party AI model providers, including Anthropic, OpenAI, and Amazon Web Services (Bedrock). These providers process your data to generate responses and are contractually prohibited from using your data to train their models.
3.2 Service Providers
We use the following third-party services to operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | Account data, research content |
| Google Cloud (GKE) | Agent compute infrastructure | Experiment code and data |
| Stripe | Payment processing | Billing information |
| PostHog | Product analytics | Anonymized usage data |
| Resend | Transactional email | Email address, message content |
| Exa | Literature and web search | Search queries |
3.3 Collaborators
If you invite collaborators to a project or share a project publicly, the project content will be visible to those users according to the sharing settings you configure.
3.4 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Orchestra, our users, or the public.
3.5 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4. Your Content and AI Training
We do not currently use Your Content (research projects, experiments, papers, or agent conversations) to train AI models. If we decide to use Your Content for AI training or product improvement purposes in the future, we will:
- Update this Privacy Policy with clear notice
- Notify you by email before the change takes effect
- Provide a straightforward opt-out mechanism
We may use anonymized, aggregated data (which cannot be linked back to you) to improve the Service at any time.
5. Data Storage and Security
5.1 Location
Your data is stored on servers located in the United States (AWS US East 1 region via Supabase, and Google Cloud). By using the Service, you consent to the transfer and processing of your data in the United States.
5.2 Security Measures
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS/SSL) and at rest
- Row-level security policies on our database
- Isolated compute environments for experiment agents
- Regular security reviews and monitoring
While we take reasonable steps to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
- Active accounts: We retain your data for as long as your account is active.
- Deleted accounts: Upon account deletion, your data will be retained for a reasonable recovery period, after which it will be permanently deleted from our systems.
- Usage logs: Anonymized usage and analytics data may be retained indefinitely for product improvement purposes.
You may request deletion of your data at any time by contacting support@orchestra-research.com.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data
- Export: Request a portable copy of your data
- Opt-out: Opt out of non-essential communications
To exercise any of these rights, contact us at support@orchestra-research.com. We will respond to requests within 30 days.
8. Children’s Privacy
The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.
9. Analytics and Cookies
We use PostHog for product analytics to understand how the Service is used and improve the user experience. PostHog may use cookies or similar technologies to collect usage data. This data is used solely for product improvement and is not sold to third parties.
You can manage cookie preferences through your browser settings. Disabling cookies may affect certain features of the Service.
10. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and, for significant changes, by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Orchestra Research Institute
Email: support@orchestra-research.com