Privacy Policy
Last updated: April 15, 2026
Orchestration Era (“we,” “us,” or “our”) operates the Orchestration Era platform at app.orchestrationera.com and the marketing website at orchestrationera.com. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.
1. Data We Collect
Account Data
When you create an account, we collect your email address and a password. We never see or store your plaintext password. If you enable two-factor authentication, we store the configuration needed to verify your second factor.
Organization & Roster Data
You may create organizations and add roster entries (team member names, reporting relationships, and architecture assignments). Assessment data you enter (competency levels, notes, 9-box placements, coaching plans) is stored in our database associated with your organization.
Billing Data
Payment processing is handled entirely by Stripe. We do not receive or store credit card numbers, bank account details, or other payment credentials.
Usage & Diagnostic Data
If you opt in to automatic error reporting, we collect diagnostic data when errors occur (error messages, browser info, recent app actions). No personally identifiable information is included in error reports. You can opt out at any time by unchecking “Automatically send error reports” in the bug report dialog (Help menu > Report a Bug).
AI Feature Data
Orchestration Era offers several AI-powered features, all of which send data to third-party AI services for processing. Our AI providers are contractually prohibited from training on inputs submitted through their APIs.
- Coaching plans and architecture generation: your assessment data is sent to our AI provider. Person names are anonymized before transmission (replaced with placeholders) so no personally identifiable information reaches any third party.
- AI Maturity assessment: your responses to the maturity questionnaire are sent to our AI provider to generate a maturity profile and coaching guidance. No roster or person data is included.
- In-app help search: when you ask a question in the help panel, the question text is sent to third-party AI services for embedding and answer generation, along with short excerpts from our public documentation. Questions are rate-limited. These providers do not retain your content for training.
- AI Briefing: the weekly AI leadership briefing is generated offline by our team and pushed to the app as a finished artifact. No user data is sent to any AI provider as part of viewing the briefing.
All AI features require explicit consent before first use, and consent can be withdrawn at any time from Settings.
Staff Use of AI Development Tools
Our engineering team uses AI-assisted development tools for building, debugging, and maintaining the Service. During the course of this work, these tools may process customer data stored in our infrastructure (for example, when investigating a bug report or verifying a fix against staging or production data).
When a development session may involve customer data, it is conducted under commercial API termsthat prohibit the AI provider from training on inputs. This is the same class of agreement used by the product’s own AI features.
Routine development work that does not involve customer data (writing new features, refactoring code, updating documentation) may use separate AI tooling subscriptions that never access your data.
Email Communications
We send transactional emails (invitations, review period notifications, password resets) via Resend. We store your email address for this purpose. We do not send marketing emails unless you explicitly opt in.
2. How We Use Your Data
- To provide and operate the Orchestration Era platform
- To authenticate your identity and secure your account
- To process subscription payments via Stripe
- To send transactional emails (invitations, notifications, password resets)
- To generate AI-powered coaching plans and architectures (with anonymized data)
- To diagnose and fix bugs (if you opt in to error reporting)
- To develop, debug, and maintain the Service using AI-assisted engineering tools under commercial API terms that prohibit training on inputs (see “Staff Use of AI Development Tools” above)
- To enforce plan limits and subscription status
3. Data Storage & Security
All data is stored on infrastructure hosted in the United States. Data is encrypted at rest and in transit. We never see or store your plaintext password; authentication uses a secure protocol where your password is verified without being transmitted to our servers.
Internal platform administration (user support, marketplace review, billing oversight) is performed from a separate admin tool that requires multi-factor authentication. Admin access is limited to the Orchestration Era team and is used only to operate the Service, respond to support requests, or comply with legal obligations.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| AWS | Cloud infrastructure & authentication | All platform data |
| Stripe | Payment processing | Email, plan selection |
| Third-party AI providers | AI features and engineering development tooling | Anonymized assessment data (no names); maturity responses; help-search questions. May include customer data when investigating production issues. Commercial API terms prohibit training on inputs |
| Resend | Transactional email delivery | Email address, email content |
| Google Analytics (GA4) | Marketing website analytics | Anonymized page views, referral source, device/browser info (IP anonymized; only on orchestrationera.com, not the app; requires cookie consent) |
We do not sell, rent, or share your data with advertisers or data brokers.
5. Data Retention
- Account & organization data: Retained while your account is active. Deleted upon account deletion request.
- AI-generated content (coaching plans, maturity reports): retained for a limited period, then automatically deleted.
- Error reports and audit logs: Retained for a limited period for debugging and compliance purposes, then automatically deleted.
- Marketplace submissions: Published Marketplace listings are community resources retained indefinitely under the license granted at submission (see Terms of Service, Section 4). If you delete your account, your author attribution is anonymized but the listing remains available. Pending (unpublished) submissions are deleted with your account.
6. Your Rights
You have the right to:
- Access your data. Export your data via the app (Settings > data export) or by contacting us
- Delete your account and all associated data via Settings > Delete Account. Published Marketplace listings are retained (with anonymized attribution) per the license in our Terms of Service. To request removal of a published listing, contact us
- Archive roster persons (hides from roster, preserves data) or permanently delete them (cascade-deletes all associated data)
- Opt out of automatic error reporting at any time by unchecking “Automatically send error reports” in the bug report dialog (Help menu > Report a Bug)
- Withdraw consent for AI features. AI coaching is opt-in and requires explicit consent before first use
For GDPR data subject requests or any privacy questions, contact us at info@orchestrationera.com.
7. Cookies & Local Storage
Cookies
The marketing website (orchestrationera.com) uses Google Analytics (GA4) to understand how visitors find and use the site. Google Analytics sets first-party cookies to distinguish unique visitors and track session activity. IP addresses are anonymized before processing. Google Analytics is only loaded after you accept the cookie consent banner. If you decline, no analytics cookies are set and no data is sent to Google.
The application (app.orchestrationera.com) does not use cookies or tracking pixels of any kind.
Local Storage
Both the marketing website and the app use browser localStorage to store session management tokens, user preferences (such as theme and consent choices), and UI state. No data from localStorage is sent to third parties.
8. Children’s Privacy
Orchestration Era is a business tool not directed at individuals under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to account holders. The “Last updated” date at the top indicates when the policy was last revised.
10. Contact
For all inquiries: info@orchestrationera.com