Privacy at Orlo
Plain language. No legalese. Here's exactly how we handle your data.
What we collect
- Your email address (for login and account recovery)
- Encrypted data blobs (your tasks, notes, events, finances, health data, journal entries — all encrypted on your device before reaching our servers)
- Basic account metadata (when you joined, your subscription tier)
What we cannot read
Everything you create in Orlo is encrypted on your device using keys that only you hold. Our servers store encrypted blobs — we mathematically cannot open them. Your password never leaves your browser. We don't have a “master key” or backdoor. If you lose your password and recovery key, your data is gone — because nobody, including us, can decrypt it.
What we don't do
- No advertising — ever
- No analytics or tracking scripts — zero
- No third-party trackers, pixels, or fingerprinting
- No behavioral profiling
- No data sharing with external partners
- No marketing emails (unless you explicitly opt in)
- No selling, renting, or monetizing your data in any way
Your rights
- Download your data — Export everything as a readable JSON file, decrypted on your device
- Delete your account — Permanently wipe all your data from our servers, immediately
- Your key is yours — We never store your password or encryption keys. You own access to your data
Questions?
If you have any questions about how Orlo handles your data, reach out at privacy@orlo.center.