Privacy Policy
Last updated: [Effective date to be set]
1. Who we are
OrcaRail Inc (or the legal entity operating OrcaRail; planned registration in Estonia) (“we”, “us”, “our”) operates the OrcaRail API, dashboard, and related services (the “Service”). We are the data controller for personal data we process in connection with the Service.
Contact: [email protected]
Update with final entity name and registration number once registered in Estonia.
2. Data we collect
We collect information necessary to provide and improve the Service:
- Account and usage: Email address, account credentials, API keys (and related usage), dashboard usage, and support communications.
- Transaction-related data: Payment intent metadata, transaction identifiers, and logs needed for operations, security, and support (we do not custody funds; settlement is on-chain).
- Logs and security: Server logs, IP addresses (where applicable), and data used for security, fraud prevention, and debugging.
- Analytics: We may use analytics services (e.g. Google Analytics, Google Tag Manager) with IP anonymization enabled. We only pass a user ID to analytics—we do not send your email, name, or other identifying profile data to these services.
3. How we use your data
We use the data we collect to:
- Provide, operate, and maintain the Service.
- Authenticate you and manage your account and API access.
- Process and support transactions and webhooks.
- Improve the Service, diagnose issues, and ensure security.
- Communicate with you (e.g. support, important service updates).
- Comply with applicable law and enforce our terms.
4. Legal basis and retention
We process personal data:
- To perform our contract with you (e.g. account, API, transactions).
- Where we have a legitimate interest (e.g. security, analytics, product improvement), balanced against your rights.
- Where required by law (e.g. legal obligations, disputes).
We retain data only as long as needed for these purposes or as required by law, then delete or anonymize it.
5. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data (subject to legal and operational needs).
- Data portability (e.g. a copy of your data in a structured format).
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a supervisory authority (e.g. once we are established in Estonia, the Estonian Data Protection Inspectorate or the authority in your country).
To exercise these rights, contact us at [email protected].
6. Cookies and similar technologies
We and our analytics providers may use cookies and similar technologies for:
- Strictly necessary operation of the Service (e.g. session, security).
- Analytics (with IP anonymization and without sending email/name), to understand usage and improve the product.
You can control cookies via your browser settings. Disabling certain cookies may affect how the Service works.
7. International transfers
If we transfer your data outside the European Economic Area (EEA), we will do so only with appropriate safeguards (e.g. adequacy decisions, standard contractual clauses, or other approved mechanisms) as required by applicable law.
8. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy. For material changes, we may provide additional notice (e.g. by email or in the dashboard).
9. Contact
For privacy-related questions or to exercise your rights, contact us at [email protected].