Sign In

Legal

Privacy Policy

Last updated May 18, 2026

This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use the Service and tells you about your privacy rights and how the law protects you.

We use your Personal Data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions have the same meaning regardless of whether they appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for you to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
  • Application refers to Orca Hub, the software program provided by the Company.
  • Company means Orca Creations LLC, 60 W 66TH S T APT 15B, New York, NY, 10023, USA. The Company may also be referred to as "we," "us," or "our" in this Privacy Policy.
  • Country refers to New York, United States.
  • Device means any device that can access the Service, such as a computer, cell phone, or digital tablet.
  • Personal Data or Personal Information means any information that relates to an identified or identifiable individual. We use "Personal Data" and "Personal Information" interchangeably unless a law uses a specific term.
  • Service refers to the Application.
  • Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing how the Service is used.
  • Usage Data refers to data collected automatically, either generated by use of the Service or from the Service infrastructure itself, such as the duration of a page visit.
  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include email address, first name, last name, account authentication data, organization or business membership, role and permission data, login timestamps, and support communications.

Business, Document, and Accounting Data

To provide the Service, we may process business profile information, restaurant or location details, vendor and payee information, uploaded receipts, invoices, bills, vendor statements, purchase evidence, related bookkeeping support documents, extracted OCR text, normalized document fields, correction history, workflow status, and related operational notes.

When you connect a third-party accounting platform, including QuickBooks Online where connected, we may process accounting data needed to support bookkeeping evidence automation and reporting, including company profile, vendors or suppliers, chart of accounts or categories, bills, attachments, payment status, transaction dates, amounts, memos, descriptions, and related metadata. We may also store encrypted OAuth tokens or similar connection credentials needed to maintain the connection.

We do not intentionally collect full payment card numbers, CVV codes, Social Security numbers, payroll records, tax returns, medical information, consumer credit information, government IDs, biometric data, or similar sensitive information through Orca Hub. Receipts and invoices may incidentally contain limited personal or payment information, such as business contact details, employee names, signatures, or card brand and last four digits. Customers should avoid uploading sensitive personal information unless it is specifically requested and necessary for the agreed service.

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as your Device's Internet Protocol address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, time spent on those pages, unique device identifiers, and other diagnostic data.

When you access the Service through a mobile device, we may collect certain information automatically, including the type of mobile device you use, your mobile device's unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers, and other diagnostic data.

We may also collect information that your browser sends whenever you visit our Service or access the Service by or through a mobile device.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor usage of our Service.
  • To manage your Account, including your registration as a user of the Service and access to different functionalities available to registered users.
  • For the performance of a contract, including development, compliance, and undertaking of purchase contracts or other contracts with us through the Service.
  • To contact you by email, telephone calls, SMS, or equivalent forms of electronic communication regarding updates or informative communications related to functionalities, products, contracted services, or security updates.
  • To manage your requests and respond to inquiries submitted to us.
  • For business transfers, including evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets.
  • For other purposes, such as data analysis, identifying usage trends, and improving our Service, products, services, and your experience.

We may share your Personal Data in the following situations:

  • With Service Providers: We may share your Personal Data with Service Providers as needed to provide, secure, support, and improve the Service and related bookkeeping workflows. Current providers may include third-party accounting platforms such as Intuit QuickBooks Online, Google Cloud for OCR and AI-assisted extraction, Hetzner for hosting infrastructure, Cloudflare for DNS, security, and traffic routing, and Postmark for transactional email.
  • For business transfers: We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or part of our business.
  • With Affiliates: We may share your Personal Data with our affiliates, in which case we will require those affiliates to honor this Privacy Policy.
  • With your consent: We may disclose your Personal Data for any other purpose with your consent.

We do not sell Personal Data or share Personal Data for cross-context behavioral advertising. We do not use advertising pixels in Orca Hub.

Uploaded documents, extracted text, and limited related metadata may be sent to Google Cloud or similar OCR/AI service providers to extract document fields and support matching workflows. We do not use uploaded files or extracted data to train public or general-purpose third-party foundation models unless separately agreed in writing.

Retention of Your Personal Data

The Company will retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data as necessary to comply with legal obligations, resolve disputes, and enforce our legal agreements and policies.

Where possible, we apply shorter retention periods and reduce identifiability by deleting, aggregating, or anonymizing data. Unless otherwise stated, the retention periods below are maximum periods and we may delete or anonymize data sooner when it is no longer needed.

  • Account Information: User accounts are retained for the duration of your account relationship plus up to 24 months after account closure to handle post-termination issues or resolve disputes.
  • Customer Support Data: Support tickets and correspondence may be retained for up to 24 months from ticket closure.
  • Usage Data: Application usage statistics and server logs may be retained for up to 24 months for service improvement, security monitoring, and troubleshooting.

Usage Data may be retained longer only where necessary for security, fraud prevention, or legal compliance. We may also retain Personal Data beyond the periods stated above where required by legal obligation, legal claims, your explicit request, or technical limitations such as routine backup systems.

When retention periods expire, we securely delete or anonymize Personal Data. Residual copies may remain in encrypted backups for a limited period consistent with our backup retention schedule and are not restored except where necessary for security, disaster recovery, or legal compliance.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in other places where the parties involved in processing are located. This means information may be transferred to and maintained on computers located outside your state, province, country, or governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

Where required by applicable law, we will ensure that international transfers of your Personal Data are subject to appropriate safeguards and supplementary measures where appropriate. The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Delete Your Personal Data

You have the right to delete or request that we assist in deleting the Personal Data we have collected about you. Our Service may give you the ability to delete certain receipt records or account information from within the Service.

You may update, amend, or delete certain information by signing in to your Account and visiting account settings, if available. You may also contact us to request access to, correction of, or deletion of Personal Data you have provided to us. Broader deletion, export, or service-record requests may need to be handled through Orca Creations LLC support and the applicable service agreement.

Please note that we may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities, such as a court or government agency.

Other Legal Requirements

The Company may disclose your Personal Data in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of the Company, prevent or investigate possible wrongdoing in connection with the Service, protect the personal safety of users of the Service or the public, or protect against legal liability.

Security of Your Personal Data

The security of your Personal Data is important to us, but no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee its absolute security.

Children's Privacy

Our Service is intended for business users who are at least 18 years old and authorized to act on behalf of a business customer. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us.

If we become aware that we have collected Personal Data from anyone under the age of 18 without verification of appropriate authorization or consent, we take steps to remove that information from our servers where legally and operationally appropriate.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for changes.

Contact Us

If you have any questions about this Privacy Policy, you can contact us by email at [email protected].