Privacy, Terms & Security

ORiON ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our workforce intelligence platform at orionworkforce.ai.

Account Information

• Name, email address, and company details
• Login credentials and authentication data
• User role and permissions within your organization

Workforce Data

• Employee information from integrated systems
• Performance metrics, retention data, and analytics
• Organizational structure and team composition
• Compensation and benefits data
• Time tracking and attendance records
• Applicant tracking system data
• Business operations and CRM data

Usage Information

• Platform activity and feature usage
• Dashboard configurations and preferences
• Chat queries and AI chatbot interactions
• Integration connection status and sync logs

Technical Information

• IP addresses, browser type, and device information
• Cookies and similar tracking technologies
• Log files and error reports

We use collected information to:

• Provide, operate, and maintain the ORiON platform
• Process and display workforce analytics and insights
• Sync data from your connected integrations
• Generate transparent, formula-based metrics and predictions
• Improve platform features and user experience
• Communicate with you about your account and service updates
• Provide customer support and respond to inquiries
• Ensure platform security and prevent fraud
• Comply with legal obligations

We Do Not Sell Your Data.

Your workforce information is confidential and will never be sold to third parties.

We may share information only in these limited circumstances:

• With Your Consent: When you explicitly authorize data sharing
• Service Providers: Third-party vendors who help us operate the platform (hosting, analytics, support) under strict confidentiality agreements
• Integration Partners: Data synced with your authorized integrations based on your connection settings
• Legal Requirements: When required by law, subpoena, or court order
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with advance notice to you)

We implement industry-standard security measures to protect your information:

• End-to-end encryption for data in transit and at rest
• Secure authentication protocols (OAuth 2.0, Google Sign-In)
• Regular security audits and vulnerability assessments
• Access controls and role-based permissions
• Secure data centers with 24/7 monitoring
• Employee confidentiality agreements and security training

Note: No system is 100% secure. While we implement strong protections, we cannot guarantee absolute security.

We retain your data for as long as:

• Your account is active
• Needed to provide services to you
• Required by law or legitimate business purposes

When you close your account, we will delete or anonymize your data within 90 days, except where retention is required by law.

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing communications
• Restriction: Limit how we process your data

To exercise these rights, contact us at support@applybyorion.com.

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences and dashboard settings
• Analyze platform usage and improve features
• Ensure platform security

You can control cookies through your browser settings, but disabling them may limit platform functionality.

When you connect integrations with third-party platforms, you authorize ORiON to access data from those platforms according to their respective privacy policies and your permission settings. We recommend reviewing each integration partner's privacy policy.

ORiON is a B2B platform not intended for individuals under 18. We do not knowingly collect data from children.

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for international transfers.

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification. Continued use after changes indicates acceptance.

For privacy questions or to exercise your data rights:

• Email: support@applybyorion.com
• Website: orionworkforce.ai
• Subject Line: "Privacy Inquiry"

By accessing or using ORiON ("Service," "Platform"), you agree to these Terms of Service ("Terms"). If you disagree with any part of these Terms, you may not access the Service.

ORiON is a workforce intelligence platform that provides:

• Transparent, formula-based analytics and metrics
• Integration with HR systems, CRM platforms, and business tools
• Real-time workforce management and retention insights
• AI-powered chatbot for data queries
• Customizable dashboards and reporting

Eligibility: You must be 18+ and authorized to bind your organization to these Terms.

Account Security: You are responsible for maintaining confidentiality of login credentials, all activities under your account, and notifying us immediately of unauthorized access.

Accurate Information: You agree to provide accurate, current information and update it as needed.

Subscription Plans: Your organization purchases user seats based on selected plan.

Payment: Subscription fees are billed in advance on a monthly or annual basis. All fees are non-refundable except as required by law.

Additional Seats: You may add seats at any time. Additional seats are prorated for the current billing period.

Auto-Renewal: Subscriptions automatically renew unless canceled before renewal date.

Price Changes: We may change pricing with 30 days' notice. Continued use after notice constitutes acceptance.

You May:

• Use the Service for lawful business purposes
• Connect authorized integrations
• Export your own data
• Invite team members within your seat limit

You May Not:

• Violate laws or regulations
• Infringe on intellectual property rights
• Upload malicious code or viruses
• Reverse engineer or attempt to access source code
• Resell or redistribute the Service
• Use the Service for competing products
• Share login credentials across users
• Attempt unauthorized access to systems or data
• Scrape or automate data extraction beyond provided export features

Your Data: You retain all rights to data you upload or generate through integrations. ORiON does not claim ownership of your workforce data.

License to Us: You grant ORiON a limited license to access, process, and display your data solely to provide the Service.

Aggregated Data: We may use anonymized, aggregated data for analytics, benchmarking, and service improvement.

Authorization: You authorize ORiON to access data from connected integrations according to permissions you grant.

Third-Party Terms: Your use of integrations is subject to each provider's terms and policies.

Integration Changes: We are not responsible if third-party integrations change APIs, features, or availability.

Our IP: ORiON, including all formulas, algorithms, software, designs, and trademarks, is owned by us and protected by intellectual property laws.

Feedback: Any feedback, suggestions, or ideas you provide may be used by us without obligation or compensation.

Uptime: We strive for 99.9% uptime but do not guarantee uninterrupted access.

Maintenance: We may perform scheduled maintenance with advance notice when possible.

No Liability: We are not liable for downtime, data loss, or service interruptions beyond our reasonable control.

By You: Cancel anytime through Admin Settings. Access continues until end of paid period.

By Us: We may suspend or terminate accounts for violation of these Terms, non-payment, fraudulent activity, or legal requirements.

Effect of Termination: Upon termination, your access ends and data will be deleted within 90 days. Export your data before cancellation.

As-Is Service: The Service is provided "AS IS" and "AS AVAILABLE" without warranties of any kind, express or implied.

We do not guarantee error-free operation, accuracy of predictions or analytics, specific business outcomes, or compatibility with all systems. You use the Service at your own risk and discretion.

To the maximum extent permitted by law:

• Our liability is limited to fees paid in the 12 months prior to claim
• We are not liable for indirect, incidental, consequential, or punitive damages
• We are not liable for data loss, business interruption, or lost profits

Some jurisdictions do not allow liability limitations, so these may not apply to you.

You agree to indemnify and hold harmless ORiON from claims arising from your use of the Service, your violation of these Terms, your violation of third-party rights, or your data or content uploaded to the platform.

Governing Law: These Terms are governed by the laws of Contra Costa County, California.

Arbitration: Disputes will be resolved through binding arbitration rather than court, except for intellectual property claims or small claims court matters.

Class Action Waiver: You agree to resolve disputes individually, not as class actions.

We may modify these Terms at any time. We will notify you of material changes via email or platform notification at least 30 days before they take effect. Continued use constitutes acceptance.

Entire Agreement: These Terms constitute the entire agreement between you and ORiON.

Severability: If any provision is unenforceable, remaining provisions remain in effect.

No Waiver: Our failure to enforce any right does not waive that right.

Assignment: You may not assign these Terms without our consent. We may assign to successors.

For questions about these Terms:

• Email: support@applybyorion.com
• Website: orionworkforce.ai

At ORiON, security isn't an afterthought—it's foundational to everything we build. Your workforce data is sensitive, and we treat it with the highest level of protection.

• Transparency: Just like our formulas, our security practices are transparent and auditable.
• Encryption: All data is encrypted end-to-end, both in transit and at rest.
• Access Control: Strict role-based permissions ensure users only see what they need.
• Continuous Monitoring: 24/7 security monitoring and threat detection.

In Transit:

• TLS 1.3 encryption for all data transmission
• HTTPS enforced across entire platform
• Secure WebSocket connections for real-time features

At Rest:

• AES-256 encryption for stored data
• Encrypted database backups
• Secure key management systems

Secure Authentication:

• OAuth 2.0 industry-standard protocol
• Google Sign-In integration
• Multi-factor authentication (MFA) available
• Session management with automatic timeout

Role-Based Access:

• Administrators: Full platform access
• Members: Limited to dashboards and personal features
• Granular permissions prevent unauthorized access

Password Security:

• Encrypted password storage (not readable by anyone, including us)
• Strong password requirements
• Account lockout after failed login attempts

Hosting:

• Enterprise-grade cloud infrastructure
• Redundant systems across multiple availability zones
• DDoS protection and traffic filtering
• Automated failover for high availability

Network Security:

• Firewalls and intrusion detection systems
• Network segmentation and isolation
• Regular penetration testing
• Vulnerability scanning and patching

Backups:

• Automated daily backups
• Encrypted backup storage
• Geographic redundancy
• Point-in-time recovery capabilities

Secure Development:

• Security-first development practices
• Code reviews and security testing
• Dependency vulnerability scanning
• Regular security updates

Data Protection:

• Input validation and sanitization
• SQL injection prevention
• Cross-site scripting (XSS) protection
• CSRF token protection

API Security:

• Rate limiting to prevent abuse
• API key rotation and management
• Secure integration authentication
• Audit logs for all API access

We connect securely with third-party platforms you integrate, including HRIS, payroll, ERP, CRM, ATS, and performance management software. We use OAuth 2.0 authorization (no password sharing), minimal permission scopes, encrypted credential storage, and regular token rotation. You can connect/disconnect integrations anytime and review permissions and activity logs.

We maintain 24/7 security monitoring, automated threat detection, and real-time alerts. Our incident response includes documented procedures, rapid containment, transparent communication with affected customers, and post-incident analysis. If a security incident affects your data, we will notify you within 72 hours of discovery, provide details, explain steps we're taking, and offer guidance on protective actions.

We align with GDPR (European data protection), CCPA (California privacy rights), and industry best practices. We conduct regular third-party security assessments, maintain a vulnerability disclosure program, and apply continuous security improvements.

Account Security: Use strong, unique passwords; enable MFA; don't share credentials; log out on shared devices; report suspicious activity immediately.

Data Management: Review user permissions regularly; remove access for departed employees; audit integration connections; export and backup critical data.

Data is retained while your account is active; integration data is synced per your settings; audit logs retained for 1 year. You may request data deletion anytime; account data is deleted within 90 days of cancellation using industry-standard secure deletion; backups are purged per retention schedule.

We use carefully vetted subprocessors: Cloud Hosting (AWS), Email Delivery (Google), Analytics (Clerk). All are bound by strict confidentiality and security requirements.

Responsible Disclosure: If you discover a security vulnerability, email support@applybyorion.com with subject "Security Vulnerability Report" and include a detailed description, reproduction steps, and potential impact. We acknowledge reports within 48 hours, investigate promptly, and credit researchers with permission. We do not take legal action against good-faith security research.

Email: support@applybyorion.com with subject "Security Inquiry". We typically respond within 2–4 business hours.

This Security page is updated as we improve our practices. Material changes will be communicated via email or platform notification. Your data security is our top priority.