OrbisQA
Privacy

Privacy policy

Short and honest. The desktop app is local-first by default — most of this policy is about what we explicitly don't do.

Last updated: 2026-05-18

1. What we collect — the website (orbis.darcode.dev)

Standard hosting logs from our static-site provider: requested URL, timestamp, user-agent, referer, IP address. Used only for diagnosing abuse and capacity planning. Retained for 30 days then rotated out.

The website does not use third-party analytics, advertising trackers, cookies, or fingerprinting. No Google Analytics, no Facebook Pixel, no Segment.

2. What we collect — the desktop app

By default, nothing leaves your machine. Scenarios, runs, screenshots, network captures — all stored in your local data folder (~/.orbis on macOS / Linux, %APPDATA%\orbis on Windows).

Update check (always on, no PII): Once per launch (cached 6 hours), the app fetches a single static JSON file from orbis.darcode.dev/api/latest-version.json to tell you when a new version is out. The request sends nothing more than your User-Agent (e.g. OrbisQA/1.0.0).

Telemetry (off by default, opt-in): If you turn this on in Settings → Privacy, Orbis appends structural events (run_started, step_completed, recovery_triggered) to a local JSONL file in your data folder. Nothing is sent off-device. The on-disk log is an audit trail you control — delete the file any time.

3. What we explicitly never collect

  • The text of your scenarios
  • The URLs you test against
  • Your LLM API key (it's encrypted in your OS keychain; Orbis never reads it)
  • Your LLM prompts or responses
  • Screenshots, network captures, or any browser content
  • Your name, email, or identity (no account required)

4. Third parties you involve

The LLM provider you configure (Anthropic / OpenAI / Gemini / DeepSeek / xAI / Mistral / OpenRouter / Ollama / etc.) receives your prompts and, for vision assertions, your screenshots. Their privacy policy applies to that traffic.

The websites you test see your IP, browser fingerprint, and any cookies you bring — exactly as if you visited them yourself. Orbis drives a real browser; it doesn't mask anything.

Crash dumps from the Chromium browser engine are stored locally in a temp directory by Chromium itself. We don't send these anywhere.

5. Cookies on this website

None. This site uses no cookies, no local storage tracking, no browser fingerprinting. If you've got a "no third-party cookies" browser setting on, nothing changes.

6. Your rights (GDPR / CCPA / etc.)

Because we don't collect personal data on the desktop, there's no profile to access, correct, or delete — you already own everything Orbis knows about you (it's in your data folder). For the website's hosting logs, contact us and we'll purge any request matching an IP you specify.

7. Changes

We'll bump the "last updated" date at the top of this page if anything changes, and we'll never weaken these protections without a major version bump and a release-notes call-out.

8. Contact

Privacy questions go through the contact form. Replies come from a real human.