Privacy Policy - Orbit AI Management LLC

Full Policy

1. Introduction and Scope

This Privacy Policy applies to Orbit AI Management LLC, a Delaware limited liability company with its principal place of business at 580 Howard Street, Suite 300, San Francisco, California 94105, United States. We operate a venture capital fund investing in early-stage technology companies, and we maintain this website to provide information about our fund, team, portfolio, and investment activities.

This Privacy Policy applies to all visitors to our website at orbitai-matter.com, founders and entrepreneurs who submit pitch materials or inquiries to us, limited partners and prospective limited partners in our fund, service providers and vendors who interact with us, and any other individuals who communicate with us in connection with our business activities.

We are committed to compliance with applicable privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the EU General Data Protection Regulation (GDPR) for individuals in the European Economic Area, and other applicable state and federal privacy laws.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you interact with us, including:

Contact Information: Your name, email address, phone number, mailing address, and professional title when you contact us, submit a pitch, or request information.
Company Information: Information about your company, including company name, stage of development, industry, business description, financial information, team composition, and pitch deck materials when you submit a founder inquiry.
Professional Background: Your professional history, educational background, LinkedIn profile, and other professional information when you communicate with us in a professional capacity.
Communications Content: The content of emails, messages, forms, and other communications you send us.
Investment-Related Information: For limited partners and prospective limited partners, we may collect financial information, accreditation documentation, tax identification information, and banking information as required by applicable securities laws and fund administration requirements.
Event Information: Registration information and attendance records for events we host or attend.

2.2 Information We Collect Automatically

When you visit our website, we automatically collect certain information through cookies and similar technologies, including:

Log Data: IP address, browser type and version, operating system, referral URL, pages visited, time of visit, and other standard web server log information.
Device Information: Device type, screen resolution, language settings, and device identifiers.
Usage Information: How you navigate our website, what content you view, what links you click, and how long you spend on each page.
Cookie Data: Data stored in cookies and similar tracking technologies as described in our Cookie Policy.
Location Data: General geographic location inferred from IP address.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

Professional networking platforms, including LinkedIn and AngelList, when you or others share information about your professional background or company.
Public databases, news sources, and data providers that compile information about companies and executives.
Referrals from existing portfolio founders, limited partners, or other members of our network who recommend that we speak with you.
Fund administration service providers who assist with limited partner onboarding and compliance.
Background check and identity verification services used in connection with investment activities and anti-money laundering compliance.

3. How We Use Your Information

3.1 Investment Activities

We use personal information to evaluate investment opportunities, including conducting due diligence on founding teams and companies, communicating with founders about their companies, preparing investment analysis and recommendations for our investment committee, and managing our portfolio company relationships.

3.2 Fund Operations

For limited partner relationships, we use personal information to process fund subscriptions and redemptions, provide fund reporting and financial statements, communicate about fund performance and portfolio updates, comply with tax reporting obligations (including K-1 issuances), conduct investor verification and accreditation processes, and fulfill anti-money laundering and know-your-customer compliance obligations.

3.3 Website Operations and Communications

We use automatically collected information to operate and improve our website, analyze traffic patterns and user behavior, respond to your inquiries and communications, send you information you request about our fund and investment activities, and maintain the security and integrity of our systems.

3.4 Legal and Compliance

We use personal information to comply with applicable laws and regulations, respond to legal process and government requests, enforce our legal agreements, and protect the rights and safety of our fund, team, and stakeholders.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area, we process personal information under the following lawful bases as defined in Article 6 of the GDPR:

Contractual Necessity (Article 6(1)(b)): Processing necessary to perform our obligations under agreements with limited partners and other contractual relationships.
Legal Obligation (Article 6(1)(c)): Processing required by applicable securities laws, anti-money laundering regulations, and other legal obligations.
Legitimate Interests (Article 6(1)(f)): Processing for our legitimate interests in operating our fund business, evaluating investment opportunities, and maintaining communications with founders and investors, where these interests are not overridden by your privacy rights.
Consent (Article 6(1)(a)): Where we have obtained your explicit consent to process your information, such as for certain marketing communications.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: We share information with third-party service providers who assist us with fund administration, accounting, legal services, technology infrastructure, data analytics, and other business operations. These providers are contractually required to use your information only to provide services to us and to maintain appropriate security measures.
Investment Partners and Co-Investors: In connection with investment opportunities, we may share founder and company information with potential co-investors, advisors, or syndicate partners who are subject to confidentiality obligations.
Legal and Regulatory: We may disclose information in response to valid legal process, including court orders, subpoenas, regulatory inquiries, and government investigations, or when we believe disclosure is required to comply with applicable law or to protect the rights, property, or safety of our fund, team, or others.
Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the successor entity, subject to applicable privacy commitments.
With Your Consent: We may share information in other circumstances with your explicit consent.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit and at rest, access controls limiting information access to authorized personnel, regular security assessments of our systems and processes, employee training on data security and privacy practices, and incident response procedures for addressing potential data breaches.

Despite our security measures, no data transmission or storage system is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at privacy@orbitai-matter.com.

In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify you and applicable regulatory authorities within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and 34.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including:

Founder pitch materials and communications: 5 years from initial contact or last communication, or longer if required by applicable law.
Portfolio company information: Duration of investment relationship plus 7 years for legal and compliance purposes.
Limited partner records: Duration of fund relationship plus 10 years for legal, tax, and regulatory compliance purposes.
Website usage data: 13 months from collection.
Email communications: 3 years from receipt unless otherwise required by law or business need.

8. Your Privacy Rights

8.1 GDPR Rights (EEA Residents)

If you are located in the European Economic Area, you have the following rights under GDPR:

Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.
Right to Rectification (Article 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
Right to Erasure (Article 17): You have the right to request deletion of your personal data in certain circumstances.
Right to Restriction of Processing (Article 18): You have the right to restrict our processing of your data in certain circumstances.
Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, machine-readable format and to transmit that data to another controller.
Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making (Article 22): You have rights related to automated processing, including profiling, that produces legal or significant effects.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

8.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right to Know: You have the right to know what personal information we collect, use, disclose, and sell about you.
Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing: We do not sell your personal information. However, you may request that we not share your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes specified by the CPRA.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

9. Exercising Your Rights

To exercise any of the privacy rights described in this policy, please contact us by:

Email: privacy@orbitai-matter.com
Mail: Privacy Team, Orbit AI Management LLC, 580 Howard Street, Suite 300, San Francisco, CA 94105

We will verify your identity before processing requests related to your personal information. We will respond to your request within 30 days (or within the timeframes required by applicable law). We may extend this period by an additional 30 days where necessary, and will inform you of any extension.

If you are a California resident and would like to submit a request through an authorized agent, your agent must provide written authorization from you, and you must verify your own identity with us directly unless you have provided the agent with power of attorney.

10. International Data Transfers

Our operations are primarily based in the United States. If you are located in the EEA, UK, or other jurisdictions with data transfer restrictions, your personal information may be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.

For transfers from the EEA, we rely on Standard Contractual Clauses approved by the European Commission or other appropriate transfer mechanisms as required by GDPR Chapter V. By providing your information, you acknowledge that it may be transferred to and processed in the United States.

11. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website usage. Please see our Cookie Policy at orbitai-matter.com/legal/cookies.html for detailed information about our use of cookies, the specific cookies we use, and how you can manage your cookie preferences.

12. Children's Privacy

Our website and services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a minor without parental consent, we will take steps to delete such information.

13. Third-Party Links

Our website may contain links to third-party websites, portfolio company websites, and other external resources. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. For significant changes, we may also send email notification to individuals who have provided email addresses to us.

Your continued use of our website or continued interaction with us following any changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Information

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

Privacy Team: privacy@orbitai-matter.com
Data Protection Officer: dpo@orbitai-matter.com
EU Representative: eurepresentative@orbitai-matter.com
UK Representative: ukrepresentative@orbitai-matter.com
Mailing Address: Orbit AI Management LLC, Attn: Privacy Team, 580 Howard Street, Suite 300, San Francisco, CA 94105, United States

If you are located in the EEA and are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with your local data protection supervisory authority. For California residents, you may contact the California Privacy Protection Agency (CPPA) if you believe we have violated your rights under the CCPA.

16. Regulatory Compliance Disclosures

Orbit AI Management LLC is a registered investment adviser or exempt reporting adviser, as applicable, under the Investment Advisers Act of 1940. Our privacy practices for limited partner and investor information are also subject to Regulation S-P promulgated by the Securities and Exchange Commission, which governs the privacy of financial information for investors in registered investment companies and registered investment advisers.

We maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of nonpublic personal information about our limited partners and investors, consistent with our obligations under Regulation S-P and applicable state privacy laws.