Get a Demo
Privacy Policy

Privacy Policy

Last updated: May 5, 2026

1. Introduction and Scope

Orbis Solutions ("Orbis," "we," "us," or "our") is a general partnership registered in the Province of British Columbia, Canada, providing artificial intelligence workflow automation services to businesses. This Privacy Policy explains how Orbis collects, uses, discloses, and protects personal information in the course of operating its website (orbissolutions.ca) and delivering its services to clients.

This Policy applies to:

  1. Visitors to the Orbis website (orbissolutions.ca);
  2. Businesses that engage Orbis as clients ("Clients"); and
  3. End-customers of Orbis's Clients whose personal information is processed through Orbis's AI systems in the course of service delivery ("End-Customers").

Orbis is subject to the Personal Information Protection Act (British Columbia) ("PIPA BC") as its primary applicable privacy legislation, and to the Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA") in respect of personal information that crosses provincial or national borders in the course of commercial activity. Both laws impose substantially similar obligations, and Orbis's practices are designed to comply with both frameworks simultaneously.

If you have questions about this Policy or wish to exercise your privacy rights, please contact us using the information provided in Section 11.

2. Roles: Data Controller and Data Processor

In respect of personal information collected directly from website visitors and prospective clients, Orbis acts as a data controller — it determines the purposes and means of processing.

In respect of personal information belonging to End-Customers that is processed through Orbis's AI systems on behalf of Clients, Orbis acts as a data processor — it processes such information solely on the instructions of the Client, who is the data controller. Clients are responsible for ensuring they have the appropriate legal basis and consents necessary to share their End-Customers' personal information with Orbis for the purpose of service delivery.

3. Personal Information We Collect

3.1 Information Collected from Website Visitors

When you visit orbissolutions.ca, we may collect:

  1. Contact form submissions, including your name, email address, business name, and the content of your message;
  2. Technical information automatically collected by web servers, including IP address, browser type, operating system, referring URL, and pages visited;
  3. Cookie and similar tracking data, as described in Section 9 below.

We do not knowingly collect sensitive personal information from website visitors. If you are under the age of 18, please do not submit personal information through our website.

3.2 Information Collected from Clients

When a business engages Orbis as a client, we may collect:

  1. Business contact information, including the names, email addresses, and phone numbers of authorised representatives;
  2. Billing and payment information (processed securely via Stripe; Orbis does not store credit card numbers);
  3. Business operational information necessary to configure and deliver our services, including service descriptions, pricing, policies, and frequently asked questions provided to train the AI knowledge base;
  4. Google Calendar access credentials and calendar data, to the extent necessary to power the automated appointment booking system.

3.3 End-Customer Information Processed on Behalf of Clients

Through the AI customer service chatbot and appointment booking system deployed for Clients, Orbis may process personal information belonging to End-Customers, including:

  1. Names and contact details (email addresses, phone numbers);
  2. Appointment booking details (date, time, service type, address);
  3. Conversational data — the content of interactions between End-Customers and the AI chatbot;
  4. Google Review request data (email addresses used to deliver automated post-service review requests).

Orbis processes End-Customer information solely for the purpose of delivering the contracted services to the Client. Orbis does not use End-Customer information for its own marketing, profiling, or analytical purposes.

4. How We Use Personal Information

4.1 Website Visitors

We use personal information collected from website visitors to:

  1. Respond to enquiries submitted through the contact form;
  2. Improve the content and functionality of our website;
  3. Comply with applicable legal obligations.

4.2 Clients

We use personal information collected from Clients to:

  1. Enter into and administer our service agreement;
  2. Deliver, configure, and maintain the contracted AI services;
  3. Process billing and payments via Stripe;
  4. Communicate about service performance, updates, and support;
  5. Comply with applicable legal and regulatory obligations.

4.3 End-Customers (on behalf of Clients)

We process End-Customer information solely to:

  1. Operate the AI chatbot on behalf of the Client;
  2. Facilitate appointment booking, rescheduling, and cancellation;
  3. Send automated appointment reminders;
  4. Send automated post-service Google Review requests;
  5. Fulfil any other function expressly contracted with the Client.

5. Legal Basis for Processing

Under PIPA BC and PIPEDA, Orbis relies on the following bases for collecting and using personal information:

  1. Consent — for website contact forms and marketing communications, where individuals voluntarily provide their information;
  2. Contract — where processing is necessary to perform our obligations under a client service agreement;
  3. Legitimate interests — for website analytics and security purposes, where these interests are not overridden by the interests or rights of individuals;
  4. Legal obligation — where required by applicable law.

End-Customers' personal information is processed on the basis of the Client's instructions and the Client's legal basis for collection (which Clients are responsible for ensuring is valid).

6. Disclosure of Personal Information to Third Parties

Orbis does not sell, rent, or trade personal information to any third party. We disclose personal information only as follows:

6.1 Third-Party Service Providers

Orbis uses the following third-party platforms to deliver its services. These platforms process personal information solely on Orbis's behalf and for the purposes described:

  1. OpenAI (OpenAI, L.L.C., United States) — Powers the GPT-4o language model that generates AI chatbot responses. Conversational data is transmitted to OpenAI's API for processing. OpenAI's data processing is governed by its API Data Usage Policies.
  2. Supabase (Supabase Inc., United States) — Provides the vector database (pgvector) used to store the AI knowledge base and conversation logs. Data is stored on Supabase's cloud infrastructure.
  3. Google LLC (United States) — Google Calendar API is used to check availability and create, update, and cancel appointments. Google Drive is used internally by Orbis for file storage. Google's services are governed by Google's Privacy Policy and, where applicable, Google Workspace Terms.
  4. Stripe (Stripe, Inc., United States) — Processes Client billing and payment information. Stripe's data practices are governed by Stripe's Privacy Policy. Orbis does not store payment card data.

By engaging Orbis's services, Clients acknowledge and consent to the use of these third-party platforms. Personal information transmitted to these platforms may be stored and processed outside Canada. Orbis takes reasonable contractual and technical steps to ensure these providers maintain appropriate data protection standards.

6.2 Legal Disclosure

Orbis may disclose personal information if required to do so by law, regulation, court order, or governmental authority, or where Orbis reasonably believes disclosure is necessary to protect the rights, property, or safety of Orbis, its clients, or others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of Orbis's business assets, personal information may be transferred to the acquiring party, subject to equivalent privacy protections.

7. Data Retention

7.1 Website Visitor Information

Contact form submissions and related correspondence are retained for as long as necessary to respond to the enquiry and for a reasonable period thereafter for record-keeping purposes, not to exceed three (3) years unless a longer period is required by law.

7.2 Client Information

Client information is retained for the duration of the active client relationship and for a period of seven (7) years following the end of the relationship, to satisfy tax, accounting, and legal record-keeping obligations under applicable Canadian law.

7.3 End-Customer Information (Active Contracts)

Conversational logs and appointment data generated through the AI systems are retained for the duration of the active client contract. Upon termination or expiration of a client contract, the Client has thirty (30) days to request an export of End-Customer data held by Orbis. Following the expiry of this window, or upon completion of an approved export, all End-Customer data is permanently and securely deleted.

Note: Orbis intends to implement automated rolling deletion of conversational logs older than ninety (90) days as a future operational enhancement. This Policy will be updated to reflect that change once implemented.

7.4 Secure Deletion

When personal information is no longer required, Orbis deletes or anonymises it in a secure manner designed to prevent unauthorised recovery.

8. Security Safeguards

Orbis employs reasonable technical and organisational safeguards to protect personal information against unauthorised access, disclosure, alteration, or destruction, including:

  1. Access controls restricting data access to authorised Orbis personnel only;
  2. Database-level access controls (Row Level Security) applied within Supabase to ensure data isolation between clients;
  3. Encryption of personal data in transit using industry-standard TLS (Transport Layer Security) protocols for all connections to third-party APIs and internal systems;
  4. Internal file storage on enterprise-grade cloud infrastructure (Google Drive) with built-in encryption at rest;
  5. Self-hosted workflow automation server with access limited to authorised personnel.

No system of data security is impenetrable. Orbis cannot guarantee the absolute security of personal information. In the event of a security breach involving personal information that creates a real risk of significant harm, Orbis will notify affected individuals and the Office of the Information and Privacy Commissioner for BC (OIPC BC) as required by applicable law.

9. Cookies and Tracking Technologies

The Orbis website may use cookies and similar technologies. Cookies are small data files stored on your device. We use cookies for the following purposes:

  1. Essential cookies — necessary for the website to function correctly (e.g., session management);
  2. Analytics cookies — to understand how visitors interact with our website (e.g., pages visited, time on site). Analytics data is aggregated and not linked to individual identities.

Under PIPA BC, implied consent is generally sufficient for routine cookie usage that is not sensitive in nature. By continuing to use our website after reviewing this notice, you consent to our use of cookies as described. You may disable cookies through your browser settings, though doing so may affect the functionality of certain parts of our website.

We do not use cookies for targeted advertising. Orbis products are ad-free.

10. Your Privacy Rights

Under PIPA BC and PIPEDA, individuals have the right to:

  1. Request access to personal information Orbis holds about them;
  2. Request correction of inaccurate or incomplete personal information;
  3. Withdraw consent to processing, subject to legal or contractual restrictions;
  4. Request information about Orbis's privacy practices.

End-Customers wishing to exercise rights in respect of personal information held by Orbis on behalf of a Client should, where possible, direct their request to the relevant Client (as data controller). Orbis will assist Clients in responding to such requests as required by our contractual obligations.

To exercise any of the rights described above, please submit a written request to the contact details in Section 11. Orbis will respond within thirty (30) calendar days. We may require verification of identity before processing access or correction requests.

11. Contact Information and Privacy Officer

For questions, concerns, or requests relating to this Privacy Policy or Orbis's handling of personal information, please contact:

Orbis Solutions
Kelowna, British Columbia, Canada
Email: orbissolutions.ai@gmail.com

As a general partnership, both partners share accountability for privacy compliance. For formal privacy complaints, if you are not satisfied with Orbis's response, you have the right to contact the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) at www.oipc.bc.ca.

12. Changes to This Policy

Orbis reserves the right to update or amend this Privacy Policy at any time. Material changes will be communicated by posting an updated version on our website with a revised "Last Updated" date. Where changes affect the processing of personal information in a material way, we will provide additional notice as required by applicable law. Continued use of our website or services following the posting of changes constitutes acceptance of the revised Policy.

13. Governing Law

This Privacy Policy is governed by the laws of the Province of British Columbia and the federal laws of Canada applicable therein, including PIPA BC and PIPEDA.

For our Terms of Service, please visit the dedicated page.

Questions about this policy? Contact us at orbissolutions.ai@gmail.com

Orbis Solutions · Kelowna, British Columbia