Privacy Policy

Last updated: April 8, 2026

Orob Labs ("we", "us", "our") operates Orob, an AI routing protocol that routes requests to specialized AI models. This Privacy Policy explains how we collect, use, and protect your information when you use our platform.

1. Information We Collect

We collect the following types of information:

Account information: Email address and account profile details you provide when registering.
OAuth tokens: When you connect third-party services (Google, GitHub, Slack, Notion), we store encrypted OAuth tokens to interact with those services on your behalf.
Chat messages: The prompts and messages you send through the Orob chat interface.
Generated files: Documents, code, images, and other files produced by AI models in response to your requests.
Usage data: Information about how you use Orob, including which models are routed to, response times, and feature usage.
API keys: If you provide your own API keys for third-party AI providers, we store them securely to make requests on your behalf.

2. How We Use Your Information

To route your requests to the most suitable AI model and deliver responses.
To maintain and improve the quality of our routing algorithms.
To execute actions on connected third-party services (sending emails, creating calendar events, etc.) at your direction.
To provide account management and customer support.
To monitor and prevent abuse of the platform.

3. Data Storage and Infrastructure

Your data is stored and processed using the following infrastructure:

Supabase: Our primary data store for user accounts, chat history, OAuth tokens, and persistent state. Supabase provides hosted PostgreSQL with row-level security.
Railway: Our application hosting platform where the Orob server runs.

All data is transmitted over encrypted connections (HTTPS/TLS).

4. Third-Party Services

Orob routes requests to and integrates with the following third-party services. Each has its own privacy policy:

AI model providers: OpenAI, Anthropic, Mistral, Replicate, Together AI, DeepSeek, HuggingFace
Google APIs: Gmail and Google Calendar (when connected via OAuth)
GitHub API: Repository access and code operations (when connected via OAuth)
Slack API: Messaging and channel access (when connected via OAuth)
Notion API: Page and database access (when connected via OAuth)

When we route your request to a third-party AI provider, the content of your prompt is sent to that provider. We recommend reviewing the privacy policies of these services.

5. Cookies and Local Storage

Orob does not use traditional browser cookies. We use localStorage to store Supabase session tokens for authentication. These tokens are required for the platform to function and are not used for tracking or advertising.

6. Data Retention

Chat history: Persisted in Supabase until you choose to delete it.
OAuth tokens: Stored in encrypted form and retained as long as the integration remains connected. You can disconnect integrations at any time.
Account data: Retained until you request account deletion.
Generated files: Retained as part of your chat history until deleted.

7. Your Rights

You have the following rights regarding your data:

Access: Request a copy of the data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your account and associated data.
Data export: Request an export of your data in a portable format.

To exercise any of these rights, contact us at privacy@orob.ai.

8. Children's Privacy

Orob is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised "Last updated" date.

If you have questions about this Privacy Policy, contact us at privacy@orob.ai.