Privacy Policy

1. Who we are

Woodlark Associates Ltd is the controller of personal data processed through Orbit. We are a company registered in England and Wales.

Contact: hello@woodlarkassociates.com.

2. What personal data we collect

We may collect:

• Name
• Email address
• Company name
• Job title
• Billing status
• WhatsApp number
• LinkedIn profile identifier
• LinkedIn OAuth tokens
• Writing samples and previous posts you provide
• Orbit-generated drafts
• Edits, approvals, skips and publishing instructions
• Published post records
• Usage logs
• Support messages
• Payment status from Stripe

We do not store your LinkedIn password.

3. How we use your data

We use your data to:

• Create and manage your Orbit account
• Build and maintain your voice profile
• Generate draft content
• Send drafts to WhatsApp or another approval channel
• Receive your approval or edit instructions
• Publish approved posts to LinkedIn
• Keep audit records of approvals and publications
• Provide support
• Process subscriptions
• Secure the service
• Improve Orbit

4. Lawful bases

Under UK GDPR, we rely on the following lawful bases for processing your personal data:

5. LinkedIn data and OAuth tokens

When you connect LinkedIn, LinkedIn may provide Orbit with an OAuth access token and related account identifiers.

We use these only to provide the LinkedIn publishing functionality you have requested.

We do not use LinkedIn tokens to scrape LinkedIn, automate engagement, access other users' private data, or perform actions you have not approved.

You may revoke Orbit's LinkedIn access at any time through Orbit or LinkedIn.

6. WhatsApp approval data

Where you use WhatsApp approval, we process your WhatsApp number, message responses and approval instructions.

A reply such as SEND, EDIT or SKIP may be retained as part of the audit record showing what you instructed Orbit to do.

7. AI processing

We use AI providers to generate draft content.

We do not sell your content. We do not use your voice profile to train a general public AI model.

We may process your inputs, writing samples and drafts through selected AI providers solely to provide the Orbit service.

8. Third-party providers

We use trusted providers, including:

• LinkedIn — for authorised publishing
• Twilio — for WhatsApp message delivery
• Stripe — for payments
• Supabase or equivalent — for database and authentication
• AI providers — for draft generation
• Hosting and analytics providers — for service operation

Where required, we put appropriate contractual safeguards in place with processors. We do not sell your data to advertisers, data brokers, or any third party.

9. International transfers

Some providers may process data outside the UK.

Where this happens, we rely on appropriate safeguards, such as adequacy regulations, standard contractual clauses, international data transfer agreements, or equivalent lawful transfer mechanisms.

10. Data retention

We retain personal data for as long as needed to provide Orbit.

If you cancel, we usually retain account data for 30 days before deletion, unless we need to retain limited records for legal, billing, security or audit purposes.

Approval and publication audit logs may be retained for a reasonable period to evidence user instruction and platform compliance.

11. Security

We use reasonable technical and organisational measures, including:

• Encrypted connections
• Restricted access controls
• Secure storage
• Token protection
• Audit logging
• Access monitoring
• Deletion and revocation handling

No system is completely secure, but we take protection of your data seriously.

12. Your rights

Under UK GDPR, you may have the right to:

• Access your data
• Correct your data
• Request deletion
• Restrict processing
• Object to processing
• Request portability
• Complain to the ICO

Email hello@woodlarkassociates.com to exercise any of these rights.

13. Changes

We may update this Privacy Policy. If the changes are material, we will notify you where practical.