Orkestr

Privacy Policy

Last updated · Questions: privacy@orkestr.in

1. Who we are

Orkestr is a multi-tenant booking platform operated by Moxilogy ("we", "us", "Orkestr"). This Privacy Policy explains how we collect, use, share, and retain personal data when you visit orkestr.in, a tenant storefront on *.orkestr.in, or interact with our API. We are the controller for personal data we collect about platform users (you signing up for an Orkestr account); for bookings on a tenant’s storefront we are typically the processor acting on behalf of the tenant who is the controller.

2. What we collect

We collect only what we need to run the service. Categories:

  • Identity: name, email, login credentials (handled by Firebase Authentication on our behalf — we never see your raw password), tenant role.
  • Booking data: the offerings you book, dates, times, party size, pickup/drop-off addresses (when relevant), flight numbers (when relevant), notes you add. Booking data is stored under the tenant whose storefront you booked on.
  • Payment metadata: we do not store full card numbers. Stripe (or Razorpay, for INR transactions) handles card data on PCI-DSS-compliant infrastructure and returns a token we associate with the booking. We retain the last four digits + brand for receipts.
  • Communications: messages you exchange with a tenant’s staff via the booking thread, dispute conversations, reviews.
  • Technical: IP address, browser user-agent, timestamps, the page you came from, the page you went to. Used for security + abuse prevention; not for advertising.
  • Cookies: a session cookie (httpOnly, SameSite=Lax) keeps you signed in. We don’t use third-party advertising cookies and we don’t share identifiers with ad networks.

3. Why we use it (lawful bases under GDPR Art. 6)

  • Contract performance — to provide the booking service you signed up for (creating accounts, processing payments, sending booking confirmations).
  • Legitimate interests — to keep the platform secure (rate limiting, fraud detection on bookings), to debug and improve our service, to enforce our Terms.
  • Legal obligation — to retain financial records as required by tax and accounting law in our jurisdictions of operation.
  • Consent — when you opt in to email/SMS notifications above the default (today: defaults are in-app only; email/SMS are off until you opt in).

4. Sub-processors

We use these services to host and operate the platform. Each is bound by a Data Processing Agreement with appropriate safeguards for international transfers (Standard Contractual Clauses where applicable):

  • Google Cloud Platform (us-east4, USA) — compute (Cloud Run), object storage (Cloud Storage), secrets (Secret Manager), event delivery (Pub/Sub), observability (Cloud Logging).
  • Neon (Postgres-as-a-service, USA) — relational data store. SOC 2 Type II certified.
  • Firebase Authentication (Google Cloud, USA) — sign-up, sign-in, email/password verification. We never see your raw password; Firebase stores only a salted hash.
  • Stripe (USA/EU) — card payment processing, payouts, Connect onboarding. PCI-DSS Level 1.
  • Razorpay (India) — UPI + card processing for INR transactions. PCI-DSS Level 1.
  • Cloudflare (where applicable) — DNS and static asset CDN.

We don’t sell personal data. We don’t send it to advertising networks. We don’t cross-pollinate data between tenants — your bookings on Tenant A are not visible to Tenant B.

5. How long we keep it

  • Account data — for as long as your account is active, plus 30 days after deletion (so accidental deletes can be recovered).
  • Booking + transaction records — 7 years (tax + accounting requirement in most operating jurisdictions). After this, we anonymise the customer fields but keep the financial aggregates.
  • Server logs — 30 days, then automatically purged from Cloud Logging.
  • Backups — incremental for 7 days, weekly for 30 days, monthly for 12 months.

6. Your rights (GDPR / CCPA)

You have the right to:

  • Access a copy of the personal data we hold about you. Use GET /v1/me/data-export via the API, or email privacy@orkestr.in and we’ll send you the export within 30 days.
  • Rectification — fix incorrect personal data. Edit it in your profile or email us.
  • Erasure (the "right to be forgotten") — use POST /v1/me/delete via the API, or email us. We’ll delete your account and personal fields within 30 days. Financial records that we’re legally required to retain will have your identifying fields anonymised rather than deleted.
  • Portability — your data export is provided in JSON, a structured machine-readable format you can take to a competing service.
  • Restriction + objection — you can ask us to stop processing your data for marketing (we don’t do marketing today, so this is mostly preventative).
  • Withdraw consent for email/SMS notifications at any time via Notification Preferences or the unsubscribe link in any message we send.
  • Lodge a complaint with the supervisory authority in your jurisdiction (in the EU: your local Data Protection Authority).

For CCPA-specific rights ("do not sell my personal information"): we don’t sell personal information, so the opt-out is a no-op. We honour the Global Privacy Control header for users who set it in their browser.

7. International transfers

Our primary infrastructure is in the United States. If you access the service from outside the US, your data will be transferred to the US for processing. Where the transfer originates in the EU/UK, we rely on the EU Standard Contractual Clauses (Module 2 — C2P) with each sub-processor. A copy of the SCCs and our transfer-impact assessment is available on request.

8. Security

See our Security overview for technical and organisational measures. Highlights: TLS 1.2+ for all transport, AES-256 at rest, per-tenant data isolation enforced in the database layer, principle of least privilege on every internal access path, audit log on every privileged action.

9. Children

The service is not directed at children under 16, and we don’t knowingly collect personal data from anyone under 16. If you become aware that a child has provided us personal data, please email privacy@orkestr.in and we’ll delete it.

10. Changes to this policy

We’ll update this page when our practices change. The "Last updated" date at the top reflects the most recent change. For material changes that affect how we process your data, we’ll email or in-app-notify you at least 30 days in advance.

11. Contact

Privacy questions: privacy@orkestr.in. For data-subject requests, please include your account email in the message so we can authenticate the request.