Legal
Privacy Policy
Last updated: March 1, 2026
1. Information We Collect
We collect information you provide during registration (name, email, company details), financial data uploaded to your Entity Service Object (ESO), interaction data between your Agent and the ecosystem, and technical data (IP address, device type, browser). For Capital Seekers, this includes financial models, cap tables, pitch decks, and traction metrics. For Allocators, this includes thesis parameters and portfolio data.
2. How We Use Your Information
We use your data to: power ORBIT scoring and matching algorithms, operate your autonomous Agent, generate analytics and readiness assessments, facilitate staged revelation between counterparties, comply with regulatory requirements (KYC/AML), and improve Platform functionality. We do not use your data for advertising.
3. Staged Revelation & Data Sharing
ORBIT uses a progressive disclosure model with five levels (L0-L4). At L0-L1, only anonymized aggregate data is shared. At L2, identity is revealed (irreversible, requires your explicit consent). At L3-L4, detailed financials and data room access are shared. You control when and how your data progresses through revelation levels via Human-in-the-Loop (HITL) controls.
4. Data Security
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Agent-to-agent communications use double encryption. We maintain SOC 2 Type I compliance (targeting Type II by M9). Access to production systems requires multi-factor authentication and is logged for audit. Data room documents are watermarked per viewer.
5. Data Retention
Active account data is retained for the duration of your subscription. Upon termination, your ESO is archived (not deleted) for regulatory compliance. Financial transaction records are retained for 7 years per SEC/FINRA requirements. You may request data export at any time. Anonymized, aggregated data may be retained indefinitely for platform improvement.
6. Third-Party Services
We use select third-party providers for: cloud infrastructure (Vercel, Supabase), payment processing (Stripe), sanctions screening, and analytics. These providers are contractually bound to protect your data and only process it as instructed by NAMIA. We do not sell your personal data to third parties.
7. International Data Transfers
ORBIT operates across the US, Brazil, UAE, and Saudi Arabia. Data may be transferred between jurisdictions to facilitate cross-border matching. We comply with applicable data protection regulations in each jurisdiction, including LGPD (Brazil), DIFC Data Protection Law (UAE), and applicable US state privacy laws.
8. Your Rights
You have the right to: access your personal data, correct inaccurate data, request data deletion (subject to regulatory retention requirements), export your data in machine-readable format, withdraw consent for optional data processing, and object to automated decision-making. Exercise these rights by contacting privacy@namiagroup.com.
9. Cookies & Tracking
We use essential cookies for authentication and session management. We use analytics cookies (with consent) to understand Platform usage patterns. We do not use third-party advertising trackers. You can manage cookie preferences through your browser settings.
10. Changes to This Policy
We will notify you of material changes via email and Platform notification at least 30 days before they take effect. Continued use after changes constitutes acceptance. Previous versions of this policy are available upon request.