Key Messages
- ORCA provides zero-trust cloud storage, meaning that ORCA and our carefully selected service providers can NOT decrypt the sensitive information that our clients enter/upload in their ORCA Accounts.
- ORCA is committed to data privacy by design. We are EU General Data Protection Regulation (GDPR) compliant and only work with service providers that are GDPR compliant (see our Overview of Service Providers). For further details on our security model, see our Security White Paper, and on GDPR, read our dedicated article on GDPR.
- This Privacy Notice applies to all data collected when a User uses ORCA’s software. If you have any questions or feedback about it, please send an email to privacy@withorca.com. We will be very happy to assist you.
Contents
This Privacy Notice outlines
- WHICH information ORCA and our carefully selected service providers collect and can access about our clients,
- WHAT this information is used for,
- WHY we need to collect/access this information (neither ORCA nor our service providers ever collect information about our clients without a reason).
Which information ORCA and our service providers can access
ORCA is committed to protecting our clients’ privacy! ORCA and our service providers can NOT access the sensitive information our clients store in their ORCA Accounts. ONLY the Account Users can access this information.
The only information ORCA and our service providers can access about our clients is:
- the information ORCA needs to run/operate ORCA’s software, and
- the information our service providers need to provide their services.
This information includes personal data such as: the name of the Billing Contact, the Billing Address, etc. It does NOT include the sensitive information our clients specifically chose ORCA to store and protect (e.g. the names and details of legal entities, key documents etc.).
To ensure our clients’ privacy is protected as much as possible, ORCA does our utmost to limit the information we and our service providers can access. The exact information ORCA requires to run/operate our software and that our service providers need to provide their services is documented below. Any information entered into ORCA that is not listed below is encrypted and stored in such a way that neither ORCA nor our service providers can decipher it (e.g. the specifics of Legal Entities, Persons, Files etc.). We refer to this approach as zero-trust. For more information about our zero-trust approach and how we encrypt the data, please see our Security White Paper.
The information ORCA and our service providers need access to can not be encrypted in the same way as the sensitive information our clients specifically use ORCA to store and protect. We need access to this data to fulfill and honor the contract we have. The legal basis for us processing the personal data listed below is documented in each section.
ORCA needs access to the following information to run/operate our software
Authentication Data
To use ORCA’s service, Users need to authenticate. To this end, ORCA must store:
- the email address of every User, and
- the cryptographic key derived from the User’s Secret Key (which is a one way derivation and therefore ORCA can NOT infer the Users’ Secret Key).
Please note that ORCA can NOT see, infer, change or reset the Secret Key required to login for any User. ORCA does NOT possess the information required to decrypt the sensitive data kept in any ORCA Account.
The legal basis for processing this data is our legitimate interests in applying appropriate security measures for the provision of our services.
Database Data
To ensure that
- every User has access to the correct data within ORCA,
- the data has not been compromised,
- there are reliable audit trails within the Account, and
- invoices are generated accurately
ORCA needs to collect and store information about each User.
The information that ORCA has access to for every User, Account and Vault is limited to:
- the User’s email address (and the associated User ID in ORCA),
- the timestamp of when the User was created and registered,
- the User’s status (Active or Deleted),
- the information as to if Two-Factor Authentication is active for the User or not,
- the meta information of each User’s Trusted Devices, including the browser’s name and version and Operating System’s name and version,
- the associated Account ID and Vaults IDs the User has access to (please note that ORCA does NOT see the names of the Accounts and Vaults, just the IDs),
- the role the User has per Account ID and per Vault ID (e.g. Account Owner, Admin, Member with Edit / Read rights, etc.),
- the timestamp of each action the User performs in the Account / Vault data (please note that ORCA can NOT see the details of the changes made, the type of change made, i.e. creation, edition or deletion, or which data is affected by the change - that information is all encrypted),
- the meta information about secured shared links, including the expiration date of the link, the type (e.g. structure, files, meetings, etc.), the IDs of the entities shared and the cryptographic key derived from the shared link password (please note that ORCA can NOT see any of the contents of the shared link if the link is password protected),
- the information required to invoice each Account (such as the number of Persons, Assets, Securities, Liabilities and Files stored per Vault ID),
- the additional modules activated within each Vault ID (i.e. Cash Flows, Reminders, Meetings, etc.), and
- when/if specific functionalities were enabled in each Vault ID, namely Upload Via Email functionality (see more in the Upload via Email Addendum to the Terms and Conditions) and Addepar (see more in the Addepar Addendum to the Terms and Conditions).
ORCA can NOT see any other information. Neither ORCA nor our carefully chosen service providers can see anything specific about the Assets, Persons, Files or Tasks stored within an Account. Specifically, we can NOT see or access any sensitive data, such as:
- the names of Assets, Persons or Files,
- the content of Files,
- the pictures for Assets or Persons,
- the contact details (address, telephone numbers or email addresses) for Persons,
- the contents of the notes for Assets, Persons or Files,
- the relationships between Assets, Persons and Files,
- the contents of Tasks (including Title, Description and Linked items), or
- the details of the Account and Vaults, such as their name.
The legal basis for processing this data is the provision of our services to you based on our contract with you.
ORCA’s service providers need access to the following information to provide their services
ORCA believes the best way we can provide value is to focus on developing our core offering whilst engaging carefully selected vendors to provide/support all ancillary services. Carefully selected means subjected to thorough security and privacy assessments.
Whilst we reserve the right to determine which vendors we engage for which purposes, we commit to 100% transparency, i.e. we will always communicate which service providers we engage for what.
ORCA strives to ensure our service providers can access as little information about our clients as possible. We only share information about our clients with a service provider if it is:
- Integral for them to provide the desired service, and/or
- Legally required.
For instance, we must share the billing contact name and billing address for an Account with our payment provider (Stripe) for them to be able to process credit card payments. Whereas our file storage provider does NOT need to know the Account’s name, billing address or the contents of the Files being stored to be able to store them (Every File is encrypted on the User’s device before it is sent to the file storage provider in encrypted format, i.e. illegible).
For details on which service providers ORCA uses, what they are used for, and what information each can access, see below. The list contains all service providers ORCA uses that are privy to client and User information. It is NOT an exhaustive list of all service providers ORCA uses. Any service provider(s) we use that does NOT process personal and/or sensitive data is not listed.
Google Cloud
ORCA uses Google Cloud to host its services. Whilst Google Cloud stores and backs-up all the information Users upload into the ORCA Accounts (all of the details of the Legal Entities, Assets, Persons and Files as well as the Files themselves), Google Cloud can NOT access any of this information. All of the information a User enters into ORCA is encrypted on the User’s device before it is sent to Google Cloud. Meaning Google Cloud can NOT read any information or Files stored in an ORCA Account (as they can NOT infer the Users’ credentials / access the Account).
The only information Google Cloud can access is
- the unencrypted information in the database (i.e. the same information ORCA has access to. See: ORCA needs access to the following information about you to run/operate our software → Database Data), and
- The application logs. The logs are used to debug any issue a User might face within the ORCA application. No sensitive or personal information is ever disclosed in the logs. The information in a log entry is limited to the:
- User ID,
- Account ID,
- Vault ID,
- Action triggering the issue (but NOT the contents of the action),
- Stack trace of the error,
- IP address of the User login, and
- User-Agent of the User’s browser.
The application logs are stored for a period of 180 days.
ORCA uses the Google Cloud data center in Zurich. Google Cloud is a certified PCI/DSS Service Provider (Level 1) and holds numerous other certificates, such as ISO 27001 and SOC 1, 2 and 3. More information about the certification and other security and privacy related details for Google Cloud can be found here.
The legal basis for processing this data is the provision of our services to you based on our contract with you.
Mailgun
Mailgun is ORCA’s tool for all technical email communications with clients. For example the email invitation each new User receives, or the email used to validate Users’ email address, etc are sent via Mailgun.
In performing this task, Mailgun becomes privy to every User’s email address and the email content.
Mailgun is GDPR compliant. More information about the information security and compliance at Mailerlite can be found here.
The legal basis for processing is the provision of our services to you based on our contract with you.
Stripe
Stripe is ORCA’s payment provider. We use Stripe to process credit card payments (example: for ORCA’s subscription fee).
As a regulated financial entity, Stripe is required by law to collect certain client specific data when conducting their business. They must however also adhere to very strict guidelines as to how to store/protect this sensitive information. Stripe is a certified PCI/DSS Service Provider (Level 1). More information about how Stripe treats security and privacy can be found here.
If the payment is executed via credit card, then the following information is shared with Stripe:
- the billing contact email address,
- the name on the credit card,
- the billing address for the credit card, and
- the credit card information (i.e. credit card number, expiry date etc.).
Please note that ORCA’s use of Stripe as a payment provider means ORCA never needs to know the credit card information for any of our clients (only Stripe needs to know the credit card details). Should a representative of ORCA ever ask for credit card information, please do not provide it and inform us immediately at privacy@withorca.com.
The legal basis for processing this data is the provision of our services to you based on our contract with you.
Xero
Xero is ORCA’s accounting software. We use Xero to reconcile our financial accounts and generate periodic profit and loss statements, balance sheets and other financial statements.
In the process of performing these functions, Xero becomes privy to the following information about:
- billing contact name,
- billing contact email address,
- billing address,
- Tax ID number (if applicable),
- how much was paid for ORCA and when (including the details of the subscription i.e. the number of Users, Vaults, Items etc.).
Xero does not have access to any information about Users invited to an Account (e.g usernames etc.).
Xero is ISO 27001 and SOC 2 certified and is GDPR and PCI/DSS compliant. More information about the certification and other security and privacy related details can be found here.
The legal basis for processing is the provision of our services to you based on our contract with you as well as fulfilling mandatory legal requirements with respect to bookkeeping and accounting.
Chargebee
Chargebee is ORCA’s subscription lifecycle management and recurring billing platform. We use Chargebee to document the pricing for every Account and to issue and circulate invoices on a recurring basis. In addition to this, if a client elects to pay for ORCA via credit card, then Chargebee is also used to collect the credit card information for the Account (ORCA uses the Chargebee and Stripe integration for this to ensure that ORCA does not become privy to our client’s credit card information at any point in time).
To perform the above tasks, Chargebee must have perfect working knowledge of: the exact details of every subscription (such as the number of Users, Vaults, Items and specific Features included), the start date of the subscription, the term, the billing details, the payment terms, etc. and any/all changes made to a subscription or billing details throughout the lifecycle of a client are maintained in Chargebee.
To perform the above tasks, Chargebee requires little information about the Account Owner:
- billing contact name,
- billing contact email address,
- billing address,
- Tax ID number (if applicable),
- subscription details (incl. product, currency, price, start date, length etc.),
- the number of active Users, Vaults, Items and Features in the Account, and
- credit card information (only if payment is performed via credit card).
Chargebee does not have access to any information about the Users invited to an Account (e.g Usernames, User Emails etc.) nor to the sensitive information stored in the ORCA Account.
Chargebee is GDPR compliant, and holds ISO 27001, SOC 1 and 2 and PCI/DSS Service Provider (Level 1) certifications. More information about the certification and other security and privacy related details can be found here.
The legal basis for processing is the provision of our services to you based on our contract with you.
Close
Close is ORCA’s CRM and customer success management tool. We use it to maintain an overview of all prospective and current clients as well as all our touch points/interactions with them.
In performing this task, Close becomes privy to the following information for all active and potential Users:
- contact name,
- contact details (email and telephone number),
- all email messages sent to/received from ORCA,
- all meetings held with ORCA (dates, times, places, attendees etc.), and
- ORCA’s internal notes from any interactions (be it a meeting, phone call, meal etc.).
The legal basis for processing is the provision of our services to you based on our contract with you.
Slack
Slack is ORCA’s internal communication tool. It is used for day to day discussions within the team, part of which are reviews of the key pain points and use cases gathered during prospect and client meetings. Whilst we share a lot of insights from client meetings in Slack, we are committed to using code names for all clients / users in Slack during internal discussions.
- In addition to being used for internal discussions, Slack also has an integration with ChartMogul which we use to get automated notifications on all billing changes made to client subscriptions in a dedicated and private channel. In this process, Slack becomes privy of the following information:
- billing contact name,
- billing email address, and
- high level subscription details (type of plan and amount of MRR).
Slack holds a number of certifications including ISO 27001, SOC 2 and 3, etc. More information regarding their certifications can be obtained here.
The legal basis for processing is the provision of our services to you based on our contract with you.
Google Workspace
Google Workspace is ORCA’s principal repository for all emails, documents, etc.
ORCA strives to keep the client specific data in Google Workspace to a minimum, however given its key function, Google Workspace is able to see the following information from anyone communicating with the ORCA team:
- contact details (telephone, email address, physical address),
- email correspondence with ORCA (product updates, general enquiries etc.), and
- any legal documentation specific to the relationship with ORCA (including NDAs, service agreements or quotes/offers we made or signed with clients).
Within Google Workspace, reports are created that contain the following information:
- billing company name (where relevant),
- billing contact name,
- billing contact email address,
- billing location (NOT address. Location only contains: Post/Zip Code, State and Country),
- subscription details (incl. product, currency, price, start date, length etc.).
Other than this ORCA does not store any other client specific information in Google Workspace.
Google holds all information security and IT service management certifications recognized in US and EU markets. More information about their certifications can be obtained here.
The legal basis for processing is the provision of our services to you based on our contract with you and our legitimate interests to internally organize and coordinate the provision of our services.
Notion
Notion is ORCA’s internal knowledge center. Notion is the centralised location for
- internal guidelines, such as internal policies and processes,
- ORCA product information, such as architecture, meeting notes from internal discussions and clients’ feedback (stored anonymously), and
- ORCA’s Help Center, containing articles, and guidelines on how to best utilize the ORCA app.
Whilst product insights shared by clients, users and prospects are processed and stored in Notion, we are committed to using code names for all clients and to not revealing client names, emails and details (any private information) in Notion.
Notion is GDPR compliant and SOC 2 and ISO 27001 certified. More information about their certifications can be obtained here.
The legal basis for processing is the provision of our services to you based on our contract with you.
ChartMogul
ChartMogul is ORCA’s internal reporting tool. ChartMogul has an integration with Chargebee and periodically imports the following information about all Accounts:
- billing company name (where relevant),
- billing contact name,
- billing contact email address,
- billing location (NOT address. Location only contains: Post/Zip Code, State and Country),
- subscription details (incl. product, currency, price, start date, length etc.).
Whilst product insights are shared by clients, users and prospects, we are committed to using code names for all clients and to not revealing client names, emails and details in Notion.
ChartMogul is GDPR compliant and SOC 2 certified. More information about their certifications can be obtained here.
The legal basis for processing is the provision of our services to you based on our contract with you.
Mailerlite
Mailerlite is ORCA’s tool to send group emails to Users and Prospects, such as:
- periodic emails about best practices for getting the most out of ORCA,
- ad hoc emails about new features and app updates, and
- general communications such as Terms and Conditions’ changes or security updates.
(To opt-out of any of the above emails, please contact support@withorca.com)
In providing these services, Mailerlite becomes privy to the following information about ORCA’s Users:
- name, and
- email address.
Mailerlite data is stored in the European Union and is GDPR compliant. More information about the information security and compliance at Mailerlite can be found here.
The legal basis for processing is the provision of our services to you based on our contract with you and our legitimate interest to continually improve our services.
1password
1password is ORCA’s internal password manager for our team members. If one of ORCA’s clients invites any of our team members to be a User in their Account (which is the only way ORCA’s team can gain access to a client Account) then, ORCA stores the credentials for accessing the account in 1password. Additionally, all of the team members use 1password to store their credentials to internal tools.
The information stored in 1password is end-to-end encrypted. All the internal tools’ access are stored in 1password with the appropriate two factor authentication.
1password is GDPR compliant, SOC 2 certified and underwent through multiple independent assessments. More information about the information security, compliance and certifications at 1password can be found here.
The legal basis for processing is the provision of our services to you based on our contract with you.
Zoom
Zoom is one of ORCA’s video conferencing tools. We use it for virtual meetings, audio conferencing, webinars, meeting recordings, and live chat. Zoom is privy to the following information about every meeting held via Zoom:
- Video conference participants’ names,
- Video conference participants’ email addresses,
- Meeting title,
- Company name (optional),
- Phone number (optional), and
- Profile picture (optional).
Event content is protected by encrypting the session’s video, audio, and screen sharing. This content is protected during transit with 256-bit Advanced Encryption Standard (AES) using a one-time key for that specific session when all participants use a Zoom client.
Zoom holds numerous certifications, including SOC 2 & ISO 27001 certified and is GDPR compliant. More information about the information security, compliance and certifications at Zoom can be found here.
The legal basis for processing is the provision of our services to you based on our contract with you.
Calendly
Calendly is one of ORCAs meeting scheduling platforms. We use it to schedule meetings with prospects and clients. In performing this task, Calendly becomes privy to:
- Meeting participant’s name,
- Meeting participant’s email address,
- Meeting title, and
- Any notes provided when booking the meeting.
Calendly is GDPR Compliant and holds numerous certifications, including SOC 2 and 3 and ISO 27001. More information about the information security and compliance at Mailerlite can be found here.
The legal basis for processing is the provision of our services to you based on our contract with you.
SavvyCall
SavvyCall is one of ORCAs meeting scheduling platforms. We use it to schedule meetings with prospects and clients, especially those who book demos via the website. In performing this task, SavvyCall becomes privy to the following information:
- Meeting participant’s name,
- Meeting participant’s email address, and
- Meeting title and
- Any notes provided when booking the meeting.
SavvyCall is GDPR Compliant.
The legal basis for processing is the provision of our services to you based on our contract with you.
Docusign
Docusign is ORCA’s e-signature tool used to automate the signature of official documents and agreements, namely clients’ contracts. In performing this task, Docusign becomes privy to the following information:
- Signatory recipient’s name,
- Signatory recipient's email address, and
- Signatory recipient's role
The documents are encrypted during upload to the DocuSign eSignature service and remain so while stored there.
Docusign is GDPR compliant and SOC 2 and ISO 27001 certified. More information about their certifications can be obtained here.
The legal basis for processing is the provision of our services to you based on our contract with you.
Your Rights
You have substantial rights with regards to the information ORCA and our service providers have about you.
Right to access and/or change your personal data
If you would like to review, correct, or update personal data that you have previously disclosed to us, you may do so by signing in to your ORCA Account (to amend your email address or subscription details) or by contacting us on privacy@withorca.com.
Right to erasure (“right to be forgotten”)
Clients who want to exercise their right to delete their data from ORCA need to submit their request to privacy@withorca.com. ORCA reserves the right to verify the identity of the requesting entity before complying with the request to ensure validity of the request. After validating your identity, your request shall be completed within 30 working days. We will erase personal data unless we are subject to legal requirements requesting us to retain data or we have legitimate interests to retain personal data.
Right to access
Clients who want to exercise their right to access all their data from ORCA need to submit their request to privacy@withorca.com. ORCA reserves the right to verify the identity of the requesting entity before complying with the request to ensure validity of the request. After validating your identity, your request shall be completed within 30 days. The information in ORCA’s database is encrypted, therefore the information provided to you will be encrypted and can only be accessed using your authentication credentials.
Right to complain to a supervisory authority
You are entitled to complain to the supervisory authority if you deem our processing of your data is not in compliance with the legal requirements.
General principles regarding your data
Limiting Use and Disclosure
ORCA will not use or disclose your personal information other than for the purposes for which it was collected unless we receive your consent or are required to by law.
When providing information in response to a legal inquiry or order, we will verify its validity and disclose only the information legally required. ORCA will make reasonable efforts, within the bounds of the law, to notify you should your personal information be subject to disclosure.
Our Policy Toward Children
ORCA is not directed to children under 18 years old. We do not knowingly collect personally identifiable information from children. If a parent or guardian becomes aware that their children’s information is available in an ORCA Vault without their consent, please contact us at privacy@withorca.com.
Retention
ORCA will retain personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.
Aggregated Data
Whilst no personally identifiable information is ever included, ORCA assembles aggregated data for any number of reasons including but not limited to improving our products and services, developing new ones or sharing it with third parties. . For example, we may tell a third party how many Users have subscribed to a particular service, but not identify which clients are subscribers.
Aggregate data is general information about groups of clients in which individual clients are not identified. ORCA reserves the right to assemble aggregated data based on any collected data, i.e. we may combine your information with that of other clients.
Assignment, Change of Control, and Transfer
All of our rights and obligations under our Privacy Notice are freely assignable by us to any of our affiliates, in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your information to any of our affiliates, successor entities, or new owner.
Jurisdiction and Cross-Border Transfer
Our services are global. Data we use and process to run our ORCA business (as defined in the beginning of the document) can be shared with global service providers that are enlisted in this document. This information (encrypted or unencrypted) may be stored and processed in any country where we have operations or where we engage service providers, and we may transfer data to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your data remains protected to the standards described in this Privacy Notice. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your data.
The data (sensitive information about Legal Entities, Assets, Persons and Files) stored inside ORCA’s zero-trust cloud is hosted in Switzerland (including production data and backups). Even though the sensitive data that ORCA is specifically used to protect is always stored in servers in Switzerland, the data's transfer depends on the User’s location, connection and set up. However, all such transfers are well protected and encrypted.
Updates to This Privacy Notice and Notifications
We may change this Privacy Notice. The “Last updated” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes are effective when we post the revised Privacy Notice.
We may provide you with disclosures and alerts regarding the Privacy Notice or personal data collected by posting them on our website and, if you are a User, by contacting you through your email address listed in your ORCA account. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with hard copy disclosures. Disclosures and notices in relation to this Privacy Notice or personal data shall be considered to be received by you within 24 hours of the time they are posted to our website or, in the case of Users, sent to you through one of the means listed in this paragraph.
Contacting ORCA
If you have questions about our data security, please contact us any time privacy@withorca.com.