⣀⣠⣤⣤⣀⣀
     ⢠⣶⠟⠛⠉⠉⠉⠛⠻⢿⣶⣤⡀
    ⢠⡿⠁          ⣍⠻⢿⣦⡀
  ⢠⡿⠁           ⠈⢧⣄⠛⢿⣶⣄⣠⡾⣧⡀
 ⢀⣿⠃            ⠘⣿⣷⣦⡉⠻⣫⣾⡽⣷
 ⣿⠇   ⣀⣀⡀     ⣀⣀⡀  ⠸⣿⠻⣿⣾⡿⠃ ⠹⣿⣷⡀
⣸⣿⠟⠛⠉         ⠉⠛⠻⣿⣇      ⠈⠛⠛⠒
⢠⣿⠃ ⢀⣀⣠⣤⣤⣤⣤⣤⣤⣤⣤⣤⣤⣀⡀ ⠘⣿⡆
orstrum
docs whitepaper github cloud sign in
docs whitepaper github cloud sign in

Legal

Privacy Policy

Effective June 16, 2026 · Orstrum, Inc.

Orstrum ("we," "us," or "our") is operated by Orstrum, Inc. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you use the Orstrum cloud service at orstrum.ai and any associated CLI tools.

1. Information We Collect

Account data. When you create an account — via GitHub OAuth or email/password — we collect your email address and, if provided through OAuth, your GitHub username and public profile information.

Graph data. When you run orstrum push, we store the derived structural data from your codebase: file paths, import/export edges, exported symbol names, and AI-generated purpose summaries. We do not store your raw source code.

Usage data. We collect server logs, API call counts, and aggregate usage metrics (e.g., number of graph nodes, API requests per day) for billing, rate-limiting, and service improvement.

Cookies. We set a session cookie (sb-auth-token) required for authentication. See our Cookie Policy for details.

2. How We Use Your Information

  • To create and manage your account and workspace.
  • To store and serve your code graph via the hosted MCP endpoint.
  • To process subscription payments and send receipts.
  • To send transactional emails (e.g., password reset, security alerts).
  • To improve the product using aggregated, anonymized usage data.

We do not sell your personal data or graph data to third parties.

3. Data Storage and Security

Your data is stored in a Supabase-managed PostgreSQL database. Row-level security (RLS) policies enforce workspace isolation — no user can access another workspace's data through our API. Infrastructure is hosted on Vercel (edge/serverless) and Supabase (database).

4. Third-Party Processors

  • Supabase — database, authentication, and storage.
  • Vercel — web hosting and edge functions.
  • GitHub — OAuth sign-in (only if you use "Sign in with GitHub").
  • Stripe — payment processing for paid plans.

Each processor is bound by its own privacy policy and, where applicable, a Data Processing Agreement (DPA).

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your workspace, graph data, and personal information within 30 days, except where we are required to retain records for legal or billing purposes (up to 7 years for financial records).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information.
  • Request deletion of your account and associated data.
  • Export your graph data (available via the dashboard).
  • Object to certain processing or lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at privacy@orstrum.ai.

7. Children

Orstrum is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe we have done so, contact us and we will delete the information promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Continued use of the service after changes constitutes acceptance of the updated policy.

9. Contact

Questions about this policy? Email privacy@orstrum.ai.

orstrum context graph

The structured graph your AI was missing.

Product

  • docs
  • whitepaper
  • github
  • cloud

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Refund Policy
© 2026 Orstrum, Inc. All rights reserved. orstrum cloud