Privacy Policy

Last updated October 14, 2025

1. Our Commitment to Privacy

ChatOrbit is designed to prioritize private, ephemeral conversations. The Service connects participants using peer-to-peer WebRTC technology so that messages flow directly between devices. When supported by both browsers, end to end encryption keeps message content accessible only to intended recipients.

2. Information We Collect

  • Session metadata: We temporarily process session tokens, participant identifiers, countdown configuration, and connection status to coordinate joins and show who is connected.
  • Signaling details: Our signaling server exchanges ICE candidates and WebSocket messages needed to establish a connection. These messages may include IP addresses and browser networking information.
  • STUN/TURN authentication: Third-party relay services receive short-lived nonces (valid for 600 seconds) and IP addresses strictly to facilitate NAT traversal.
  • Optional diagnostics: If you opt into client debugging, limited technical logs may be saved to your local device to troubleshoot connectivity issues.

3. How We Use Your Information

The information described above is used solely to facilitate peer-to-peer connections, authenticate legitimate access to STUN/TURN servers, monitor whether a session remains active, and protect the Service from abuse. We do not profile users or use data for advertising.

4. End-to-End Encryption

When supported, ChatOrbit negotiates AES-GCM encryption with keys derived from session tokens directly on users' devices. We do not receive these keys and cannot decrypt message content. If encryption is not available in one or both browsers, messages are transmitted unencrypted and the application alerts participants.

5. No Message Storage

Message content is never stored on our servers. Messages exist only in the memory of participating devices during an active session and disappear when the session ends or the application closes. This design means we cannot retrieve or provide message history to third parties, including law enforcement.

6. Cookies and Local Storage

ChatOrbit relies on minimal local storage to remember session tokens on the same device. We do not use advertising cookies, third party analytics beacons, or cross-site tracking technologies.

7. Data Retention

Session metadata is retained only as long as necessary to coordinate active connections and enforce abuse prevention. Logs related to security or fraud may be preserved for a limited period consistent with legal obligations.

8. Your Choices

You can decline to generate or join sessions at any time. You may also delete local session data from your browser or use private browsing modes to avoid storing tokens. If you have questions about your information, contact us at privacy@chatorbit.com.