Legal

PrivacyPolicy

How CoreOrbit collects, uses, and protects your information across coreorbit.io, events.coreorbit.io, webinar.coreorbit.io, and all CoreOrbit products and services.

Effective Date: March 2026

1. Scope

CoreOrbit Systems Ltd. ("CoreOrbit," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy applies to coreorbit.io, events.coreorbit.io, webinar.coreorbit.io, and every CoreOrbit product or service — including website design and development, digital marketing, Google Ads / Meta Ads / LinkedIn Ads management, SEO, CRM and automation services, IVR and phone-system services, hosting and maintenance subscriptions, consulting and strategy engagements, OrbitIgnite and OrbitScale acceleration programs, COEngine / COErp / COFlow software platforms, event tickets purchased through events.coreorbit.io, webinar passes, and any communications or campaigns we run on your behalf.

2. Information We Collect

Information you provide directly: contact details (name, email, phone, business name, website) submitted through forms, intake calls, enrollment pages, or events; billing and payment information collected and processed by Stripe, Shopify, or HighLevel (CoreOrbit does not store full credit card numbers on its servers); account credentials when you sign up for COEngine, COErp, COFlow, the CoreOrbit Community, or our learning portal; service-delivery materials (copy, brand assets, ad-account access, analytics access, CRM data, customer lists); event and webinar registration data; and messages, reviews, support tickets, survey responses, and feedback. Information collected automatically: device, browser, IP address, city / region-level geolocation, referral source, pages viewed, time on page, click events, cookies, local storage, pixels, tracking IDs, and server / error / security logs. Information from third parties: authentication providers (Google, Microsoft, Apple, LinkedIn) when you log in with them; analytics and ad platforms (Google Analytics, Google Ads, Meta, LinkedIn Insight Tag) that pass back conversion and audience data; Cal.com booking widget data (selected slot, time-zone, calendar integration); and public business sources we may reference during outreach. Call recordings and transcripts: if your engagement involves IVR services or recorded consultation calls, we will inform you at the start of the call and obtain your consent in line with British Columbia's two-party-consent rules. You may decline recording at any time.

3. How We Use Your Information

To deliver the service you contracted us for; charge you, manage subscriptions, send invoices, renewal notices, and refund or dispute communications; communicate with you about your project by email, phone, SMS, WhatsApp, and in-app messages routed through HighLevel, COEngine, Twilio, SendGrid, or Mailchimp; send marketing and educational content with your express consent (CASL-compliant — you can withdraw consent at any time); run paid advertising on your behalf, which requires sharing audience and conversion data with ad networks under your authorization; improve our services and develop new features; and comply with Canadian and international law, including PIPEDA, BC PIPA, Canada's Anti-Spam Legislation (CASL), GDPR (where applicable), and CAN-SPAM.

4. SMS, WhatsApp, RCS, Email, and Voice Communications

If you provide your phone number or email address and opt in to receive communications from CoreOrbit Systems Ltd., we may contact you through SMS, WhatsApp, RCS (Rich Communication Services), email, and voice calls related to registrations, reminders, inquiries, service updates, hosted events, customer support, and related business communications. SMS messaging: Message and data rates may apply. Message frequency may vary. You may opt out at any time by replying STOP to any text message. For help, reply HELP or contact privacy@coreorbit.io. WhatsApp messaging: WhatsApp messages from CoreOrbit are sent through Twilio's WhatsApp Business API and follow WhatsApp's messaging policies. You may opt out at any time by replying STOP, or by blocking the sending number in WhatsApp. RCS messaging: Where supported by your carrier and device, we may send Rich Communication Services (RCS) messages with richer content (images, buttons, agenda cards). Standard carrier charges may apply. Reply STOP to opt out. Email: Marketing emails include a one-click unsubscribe link in every message. Transactional emails (receipts, password resets, ticket confirmations, service notifications) are sent as long as your account or engagement is active. Voice calls: We may call you to confirm appointments, follow up on service inquiries, deliver IVR-based service, or provide support. Calls may be recorded for quality, training, and compliance in accordance with British Columbia's two-party-consent rules — we will notify you at the start of any recorded call and you may decline at any time. CoreOrbit Systems Ltd. does not sell, rent, or share SMS opt-in consent, phone numbers, email addresses, WhatsApp / RCS contact data, or voice opt-in data with third parties or affiliates for their own marketing or promotional purposes. Consent for one channel does not automatically grant consent for another — each channel requires its own opt-in.

5. Legal Bases (where applicable)

We rely on one or more of: your express consent (collected at signup, webform submission, event registration, SMS / WhatsApp / RCS opt-in keyword, or in writing), performance of a contract with you, our legitimate business interests, and legal obligations.

6. Sharing Your Information

We share personal information only as needed to operate the service: • Payment processors (Stripe, Shopify, HighLevel) for transactions and fraud prevention. • Hosting and infrastructure providers (Vercel, AWS, Hostinger, Cloudflare). • Analytics tools (Google Analytics 4, Plausible, PostHog, Hotjar, Microsoft Clarity). • CRM and messaging platforms (HighLevel / GoHighLevel, COEngine, Mailchimp, SendGrid, Twilio for SMS / WhatsApp / RCS / voice). • Booking and scheduling tools (Cal.com, Calendly). • Ad networks for campaigns we run for you (Google Ads, Meta, LinkedIn, TikTok), including server-side conversion APIs (Meta CAPI, Google Enhanced Conversions). • Subcontractors and partner agencies bound by confidentiality. • Government authorities when required by law, court order, or to protect rights. • A successor entity in the event of a merger, acquisition, or sale of assets. We do not sell your personal information. We do not share SMS opt-in consent or phone numbers with third parties or affiliates for their own marketing.

7. Data Retention

Active client data is retained for the duration of the engagement plus 7 years for tax and legal compliance. Marketing contact data is retained until you unsubscribe or request deletion. Anonymous analytics data may be retained indefinitely. Call recordings, SMS / WhatsApp transcripts, and voice-mail records are retained for up to 24 months unless a longer period is required for dispute resolution or legal compliance.

8. Security

Industry-standard safeguards: encrypted transit (TLS), encrypted storage at rest, role-based access controls, two-factor authentication for staff, regular backups, and vendor due-diligence reviews. No method of transmission over the internet is fully secure, but we work hard to protect what you share.

9. Your Rights

Under PIPEDA, BC PIPA, GDPR, and similar laws you have the right to: request a copy of the personal information we hold about you; correct or update your information; delete your information (subject to legal-retention obligations); withdraw consent for marketing communications (including SMS, WhatsApp, RCS, email, and voice) at any time; and lodge a complaint with the Office of the Privacy Commissioner of Canada. To exercise these rights, email privacy@coreorbit.io with your request and proof of identity. We respond within 30 days.

10. Children

CoreOrbit services are not directed to children under 13. We do not knowingly collect their personal information. If you believe a child has submitted information, contact us and we will delete it.

11. International Transfers

We are based in British Columbia, Canada. Some service providers store data in the United States and the European Union. By using CoreOrbit, you consent to your data being processed in those jurisdictions, subject to standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced on coreorbit.io and, where required by law, by direct notice. The Effective Date at the top reflects the latest version.

13. Contact

CoreOrbit Systems Ltd. · privacy@coreorbit.io · info@coreorbit.io · (778) 78-ORBIT · Vancouver, British Columbia, Canada.