Privacy policy

Date of Last Revision: 10. 12. 2025.

In the event of discrepancies between language versions, the English version shall prevail.


1. Introduction

This Privacy Policy explains how Orbictus s.r.o. (“Orbictus”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you visit our website www.orbictus.com, create an account, or purchase and use our online courses (collectively, the “Services”).

We are committed to protecting your privacy and handling your data transparently, in accordance with applicable data protection laws — including the EU General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act (CCPA).

If you do not agree with this policy, please do not use our Services.


2. Who We Are

Data Controller:

Orbictus s.r.o.
Lidická 700/19, 602 00 Brno, Czech Republic
Identification number (IČ): 21344965
E-mail: info@orbictus.com
Website: www.orbictus.com

We are responsible for determining how and why your personal data is processed.

3. Data We Collect

We collect the following categories of personal data:

a) Information You Provide

  • Account information: name, e-mail.

  • Payment details: billing address, country, transaction information (handled by Stripe – we never store your full card number).

  • Communication: messages, feedback, survey responses, support requests.

  • Marketing consent: your opt-in to receive newsletters or updates.

b) Information Collected Automatically

  • Device and technical data: IP address, browser type, operating system, device ID.

  • Usage data: pages visited, time on page, referring URLs, course progress, and activity logs.

  • Cookies and similar technologies: for analytics, functionality, and marketing (see our Cookies Policy).

c) Data from Third Parties

  • Payment processor data: from Stripe (payment confirmation, refunds).

  • Analytics providers: Google Analytics, Squarespace Analytics.

  • Social media or referral partners: if you access our site through a linked platform.

We engage with third-party service providers including Stripe Inc. as our payment processor. When you make a payment, we will share your Transaction Data (name, billing address, payment method information, purchase amount, date) with Stripe and/or its affiliates for payment processing, fraud prevention and regulatory compliance. For Stripe’s privacy practices please see Stripe Privacy Policy.


4. How We Use Your Data

We process your personal data for the following purposes:

  1. Account management and authentication — to create and maintain your user profile.

  2. Course delivery — to give you access to purchased courses and track your progress.

  3. Payments and billing — to process purchases securely via Stripe.

  4. Customer support — to respond to your inquiries or technical issues.

  5. Service improvement — to analyze usage and improve user experience.

  6. Marketing (with consent) — to send newsletters, offers, or announcements.

  7. Legal compliance — to meet our obligations under applicable laws (e.g., accounting, tax).

  8. We may use anonymized or aggregated data to improve our AI-powered educational tools and personalize user experience. Such data will never include identifiable personal information.

We do not sell your data.


5. Legal Bases for Processing (GDPR)

We process your data based on:

  • Contractual necessity (to provide purchased Services).

  • Legal obligations (for tax and payment records).

  • Legitimate interest (to maintain platform security, detect misuse).

  • Consent (for newsletters, cookies, and marketing communications).

You can withdraw consent anytime by contacting us.


6. How We Share Your Data

We only share personal data where necessary:


Recipient: Squarespace, Inc.
Purpose: Website hosting and analytics
Location: US – Standard Contractual Clauses (SCCs)

Recipient: Stripe Payments Europe Ltd.
Purpose: Payment processing
Location: GDPR compliant

Recipient: E-mail service providers
Purpose: Marketing communications
Location: GDPR compliant processors

Recipient: Analytics tools (e.g., Google Analytics)
Purpose: Platform performance analysis
Location: Pseudonymized data

Recipient: Legal authorities
Purpose: Only when required by law
Location: As legally required

We ensure all partners comply with applicable data protection laws and provide equivalent safeguards.


7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including by our hosting provider (Squarespace) and our payment processor (Stripe). We use Standard Contractual Clauses (or other appropriate safeguards) to ensure an adequate level of data protection.


8. Data Retention

We retain your data only for as long as necessary:

  • Account data: for the lifetime of your account + up to 3 years after closure.

  • Payment records: 10 years (as required by Czech and EU accounting law).

  • Marketing data: until you withdraw consent.
    After expiry, data is securely deleted or anonymized.

9. Your Rights

Depending on your jurisdiction, you have the following rights:

  • Access: to obtain a copy of your data.

  • Rectification: to correct inaccurate information.

  • Erasure (“Right to be forgotten”): to request deletion where applicable.

  • Restriction of processing: to limit use under certain conditions.

  • Data portability: to receive your data in a machine-readable format.

  • Objection: to certain processing activities (e.g., marketing).

  • Withdrawal of consent: for communications or cookies at any time.

To exercise these rights, contact: info@orbictus.com

We will respond within 30 days (or as required by law).

10. Data Security

We implement appropriate technical and organizational measures to protect personal data from loss, misuse, unauthorized access, or disclosure. This includes encrypted data transmission (HTTPS), restricted staff access, and secure backup protocols.

We use Stripe, a PCI DSS-certified payment processor. We implement technical and organisational measures to protect your personal data in line with industry-standards and the requirements of our processors and hosting provider.

However, no online platform can guarantee absolute security.

11. Children’s Privacy

Orbictus does not knowingly collect data from children under 18 years of age. Our services are intended for adult users only.

If we learn that we have inadvertently collected such data, we will delete it promptly.


12. Marketing and Communication Preferences

  • You may opt in to receive updates and educational news from Orbictus.

  • You can unsubscribe anytime by clicking the link in our e-mails.

13. Cookies and Tracking

We use cookies to enhance functionality, analyze site traffic, and personalize your experience.

Your consent is required for non-essential cookies.

For details, see our Cookies Policy.


14. Third-Party Links

Our website may contain links to third-party websites or services.

We are not responsible for their privacy practices or content.

We encourage you to review the privacy policies of those websites before providing any personal information.

15. Updates to This Policy

We may update this Privacy Policy periodically to reflect legal, technical, or business changes.

Updated versions will be posted on www.orbictus.com with a new date.

Significant changes will be communicated via e-mail or platform notification.


16. Contact Us

If you have questions, please contact us:

Orbictus s.r.o.

Lidická 700/19, 602 00 Brno, Czech Republic
Identification number (IČ): 21344965
E-mail: info@orbictus.com
Website: www.orbictus.com