1. Who we are
OrbaOS Instruments (“OrbaOS”, “we”, “us”) is a product of Rondanini Publishing Ltd, a company registered in England and Wales (company number 16548159), with its registered office at 60 Tottenham Court Road, Suite 6438a, Fitzrovia, London, W1T 2EW, trading as OrbaOS™. Rondanini Publishing Ltd is the data controller for personal data processed through this website and, except where stated below, the platform. We are registered with the UK Information Commissioner’s Office (ICO registration number ZB998929).
For any privacy question, or to exercise your rights, contact us at info@rondanini.com or via our contact page.
2. The personal data we collect
Information you give us
- Account details — name, work email, organisation, role, and the password you set (stored only as a salted hash).
- Enquiries — when you use the contact form, the name, email, company, role, deployment interest and message you provide.
- Billing details — handled by our payment processor (Stripe). We receive confirmation, plan and invoice metadata; we do not see or store full card numbers.
- Content you submit — the figures, evidence and notes you enter to produce coordination-capital assessments and reports.
Information we collect automatically
- Technical data — IP address, browser and device information, and request logs, used for security, rate-limiting and diagnostics.
- Usage and analytics — if you consent to analytics cookies, aggregated information about how the site is used (see Cookies).
3. How and why we use it (lawful bases)
- To provide the service — operating your account, running assessments and producing reports. Lawful basis: performance of a contract.
- To respond to enquiries and provide support. Lawful basis: legitimate interests / pre-contract steps.
- To take payment and manage subscriptions and licences. Lawful basis: performance of a contract.
- To secure and improve the service — security, fraud prevention, debugging and, where consented, analytics. Lawful basis: legitimate interests / consent.
- To meet legal obligations — accounting, tax and compliance. Lawful basis: legal obligation.
4. Cookies and analytics
We use a small number of strictly necessary cookies required to sign you in and keep the site secure; these do not require consent. Where enabled, we use Google Analytics 4 to understand site usage in aggregate. Analytics and any other non-essential cookies are only set with your consent, which you can withdraw at any time through your browser settings. We do not use cookies for cross-site advertising.
5. Who we share data with (sub-processors)
We do not sell personal data. We share it only with service providers who process it on our instructions:
- Railway — application hosting and managed database (our cloud edition).
- Stripe — payment processing and subscription billing.
- Brevo — transactional and sales-enquiry email.
- Google Analytics — website usage analytics (only with consent).
- AI engine — analysis and interpretation are performed by the OrbaOS IntApp engine. In the cloud edition the engine is stateless: it processes the figures in memory and stores nothing. On-premise and air-gapped deployments run the engine inside your own environment using a local model, so content never leaves your infrastructure.
We may also disclose data where required by law, or in connection with a merger, acquisition or sale of assets, subject to appropriate safeguards.
6. International transfers
Some of our providers may process data outside the UK or EEA. Where they do, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses. On-premise and air-gapped deployments keep all data within your chosen environment.
7. How long we keep it
We keep personal data only as long as necessary for the purposes above: account and platform data for the life of your account and a reasonable period afterwards; enquiry data for as long as needed to handle and follow up your request; and billing records for as long as required by law (typically six years). You can ask us to delete your data sooner, subject to our legal obligations.
8. How we protect it
We use encryption in transit, access controls, hashed credentials, per-organisation isolation of platform data, and a stateless analysis engine that retains nothing. No system is perfectly secure, but we take reasonable and proportionate measures appropriate to the sensitivity of the data.
9. Your rights
Under the UK GDPR and EU GDPR you have the right to:
- access a copy of your personal data;
- have inaccurate data corrected;
- have your data erased (where applicable);
- restrict or object to certain processing;
- data portability;
- withdraw consent at any time, where processing is based on consent.
To exercise any of these, email info@rondanini.com. We will respond within one month. If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner’s Office (ico.org.uk) or your local EU supervisory authority.
10. When we act as a processor
When you use the platform to process personal data about your own employees or third parties, you are the controller and we act as your processor. For business customers we offer a Data Processing Agreement (DPA) covering that relationship — request one via our contact page.
11. Children
OrbaOS Instruments is a business tool and is not directed at children. We do not knowingly collect personal data from anyone under 16.
12. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the “last updated” date above and, where appropriate, notified to account holders.
13. Contact
Rondanini Publishing Ltd (OrbaOS Instruments), 60 Tottenham Court Road, Suite 6438a, Fitzrovia, London, W1T 2EW, United Kingdom. Company number 16548159. Email info@rondanini.com. See also our Terms of Service.