Security & Data Protection

Your data is stored in secure, managed databases with encryption at rest. We use access controls, monitoring, and regular security updates. Our infrastructure runs on Supabase through established providers.

Yes. All data transmitted to and from Orphiq is encrypted using TLS. Data stored in our databases is encrypted at rest.

Orphiq is hosted on Supabase (database and authentication), Vercel, and Railway (application infrastructure), both of which run on cloud providers. Data is primarily stored in US regions.

Yes. Each workspace's data is kept separate. Users can only access workspaces they've been invited to. All data is protected with RLS policies for extra security.

We back up the database automatically once per day. Backups are retained per our provider's retention policies. Files (images, audio, documents) stored are not included in database backups.

Only you and the collaborators you invite can access your workspace data. Orphiq team members do not access customer data except when required for support or to comply with legal obligations. Public data such as workspace name or profile photo may be shared for search and access requests.

Yes. You can invite collaborators with different permission levels. View-only collaborators can see projects but not edit them. Full-access collaborators can edit and use Apollo.

We support email-based verification (passwordless) as well as password authentication.

Yes. You choose who to invite and what access level they have. You can remove collaborators at any time, which immediately revokes their access.

Yes. We maintain logs of authentication events and significant account actions for security and troubleshooting purposes.

No. Your conversations, projects, and content are not used to train AI models. This is a firm commitment. Apollo's capabilities come from foundation models, user contextualization, and proprietary music industry knowledge, not from model training on customer data.

Apollo is powered by foundation models from providers including OpenAI, Azure, Google, and Anthropic. We evaluate providers based on capability, reliability, and their data handling practices.

When you interact with Apollo, your conversation and relevant context from your workspace are sent to process your request. AI providers are contractually prohibited from using this data to train their models.

No. You can use Orphiq's release planning and project organization features without interacting with Apollo, but as soon as you submit information at onboarding Apollo begins working for you. No additional data is sent to AI providers unless you use AI features.

Apollo only knows what you tell it or what's visible in your Orphiq workspace. If you connect external accounts, Apollo can reference that data to give you better recommendations.

Each integration requests only the permissions needed to provide value. We never request permissions beyond what's necessary.

OAuth tokens are encrypted at rest and stored securely. Tokens are only used to fetch data on your behalf and are never shared with third parties.

Yes. You can disconnect any integration from your Orphiq settings at any time. You can also revoke Orphiq's access directly from the connected platform.

When you disconnect an integration, Orphiq stops fetching new data from that platform. Previously imported data remains in your workspace unless you delete it.

Yes. We provide data access, correction, and deletion rights as required by GDPR. EU users can request their data or have it deleted at any time. Contact us for requests.

Yes. California residents have the right to know what personal information we collect, request deletion, and opt out of data sales. We do not sell personal information.

Yes. We provide DPAs for customers who require them. Contact us to request one.

We do not currently have SOC 2 certification. Our infrastructure providers (Supabase, Vercel, and Railway) maintain SOC 2 and other certifications. Contact us to discuss your specific compliance requirements.

We have a process to identify, contain, and resolve security issues quickly. If a breach affects your data, we'll notify you promptly with what happened and what we're doing about it.

If a security incident affects your data, we will notify you by email with details about what happened, what data was involved, and what steps we're taking.

If you discover a security vulnerability, please email security@orphiq.com. We take all reports seriously and will respond promptly. We appreciate responsible disclosure.

When you delete your account, your personal data and workspace content are permanently removed from our systems. Anonymized usage data may be retained for analytics.