Ask AI
Help Center
How can we help? 👋
All Categories
Security & Legal Fine Print
GDPR Statement

GDPR Statement

💡
Last updated: 21st Oct, 2025

Key Messages

ORCA is designed with a deep respect for privacy and a commitment to full compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). We understand and are transparent about our role and responsibilities in protecting our clients’ data.

At a glance:

  • For the data our clients chose to store in the ORCA App (Customer Data), ORCA acts as a Data Processor;
  • The Customer Data is protected according to our Data Protection Agreement, and:
    • neither ORCA nor our carefully selected vendors can see any of the sensitive data,
    • the data handled by the ORCA App is encrypted throughout the whole lifecycle
  • For the data establishing the business relationship with our clients (Contractual Data), ORCA acts as a Data Controller. This includes information such as billing and administrative contacts;
  • ORCA’s Privacy Policy explains all the different types of data that ORCA collects and processes, how it processes data and for what purposes it is collected and processed.

ORCA as a Data Processor (For the ORCA App Data)

For all the data our clients choose to save in the ORCA App (such as information on entities, ownership, and stakeholders), ORCA acts as the Data Processor, and the client is the Data Controller.

Our core responsibility as a processor is to secure this data. We achieve this through:

  • Technical measures

      • ORCA uses a zero-trust model to protect our Clients' data at all times, such that:

    • The data handled by the ORCA App is end-to-end encrypted through its entire lifecycle (in transit, at rest, and in use).
    • Neither ORCA nor ORCA's employees or vendors can access the Users' data in the clear at any point in time.
    • These security measures guarantee that the sensitive data CANNOT be accessed in personally identifiable form, even in the unlikely event of a server breach.
  • Organizational measures

      • ORCA implements and maintains industry standards for security and compliance. The latest updates and certifications can be found in ORCA’s Audit.

ORCA as a Data Controller (For The Business Relationship)

To manage our business relationship and provide its services, ORCA collects from our clients limited data for which ORCA acts as the Data Controller. This information is limited to User account information (name, email address) and Billing and administrative contact details.

Privacy Policy & Data Processor Agreement

We are fully responsible for protecting any of this data, ensuring we have a lawful basis for its collection and use, and upholding all your rights as a data subject. For the complete set of details, please see our Privacy Policy.

ORCA provides a Data Processor Agreement, which the GDPR and other regulations require for organisations that use data processor services. This agreement describes the technical security measures implemented by ORCA in a legally enforceable manner.

If you have any questions or feedback regarding this matter, please email privacy@withorca.com.

Related Articles

You might also be interested in:

Did this answer your question?
😞
😐
🤩
Contact Us | support@withorca.com