Last Updated: March 2026

Orbit-12 operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Orbit-12 is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described herein.

 

1. PERSONAL INFORMATION WE COLLECT

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified. We may collect or process the following categories of personal information depending on how you interact with the Services:

Customization Data (Sensitive — Special Handling Applies)

Including your birth date, birth time, and birth location. This data is collected strictly for the sole purpose of generating your personalized Entity Blueprint. Your customization data is submitted via Fillout, our trusted third-party form-building partner, which processes this data on our behalf and is bound by confidentiality and data processing obligations. We explicitly guarantee that your customization data will never be sold, rented, or traded to any third parties. This data is retained for a maximum of 90 days from the date your Entity Blueprint is delivered, after which it will be securely deleted.

Contact Details

Including your name, address, billing address, shipping address, phone number, and email address.

Financial Information

Including credit card, debit card, and financial account numbers, payment card information, transaction details, and payment confirmation. Note: Full payment card details are processed directly by Shopify's secure payment infrastructure and are not stored by Orbit-12.

Account Information

Including your username, password, security questions, preferences, and settings.

Transaction Information

Including the items you view, add to cart, wishlist, purchase, return, exchange, or cancel, and your past transactions.

Communications with Us

Including the information you include in communications with us, for example, when sending a customer support inquiry.

Device and Usage Information

Including information about your device, browser, or network connection, your IP address, unique identifiers, and information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

 

2. SOURCES OF PERSONAL INFORMATION

We may collect personal information from the following sources:

•       Directly from you, including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information.

•       Automatically through the Services, including from your device when you use our products or services or visit our websites, and through the use of cookies and similar tracking technologies (see Section 5 — Cookies & Tracking Technologies).

•       From our service providers, including when we engage them to enable certain technology and when they collect or process your personal information on our behalf.

•       From our partners or other third parties.

 

3. HOW WE USE YOUR PERSONAL INFORMATION

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

Providing, Tailoring, and Improving the Services

We use your personal information to provide you with the Services, including to process payments, fulfill orders, send account notifications, process purchases and returns, manage your account, arrange shipping, facilitate returns and exchanges, and create a customized shopping experience.

Marketing and Advertising

We use your personal information for marketing and promotional purposes, such as to send marketing communications by email via Klaviyo, and to show you targeted advertisements on our Services and on third-party platforms including Meta (Facebook/Instagram) and TikTok, based on your activity and purchases. You may opt out of promotional emails at any time using the unsubscribe link in any email. You may also opt out of targeted advertising — see Section 7 (Your Rights and Choices) for details.

Security and Fraud Prevention

We use your personal information to authenticate your account, provide a secure payment and shopping experience, detect and investigate potential fraudulent or malicious activity, and secure our Services.

Communicating with You

We use your personal information to provide customer support, respond to your inquiries, and maintain our business relationship with you.

Legal Reasons

We use your personal information to comply with applicable law, respond to valid legal process including requests from law enforcement or government agencies, enforce our terms or policies, and protect our rights and the rights of others.

 

4. LEGAL BASIS FOR PROCESSING (EU/UK — GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we are required to inform you of the legal basis on which we process your personal information. The table below sets out our processing activities and the corresponding legal basis:

 

Processing Activity	Legal Basis	Details
Processing orders and payments	Contract Performance	Necessary to fulfill your purchase
Generating your Entity Blueprint using birth data	Contract Performance	Necessary to deliver the product you purchased
Sending promotional/marketing emails	Consent	You may withdraw consent at any time via unsubscribe
Targeted advertising via Meta and TikTok pixels	Consent	Requires your consent via Cookie banner before activation
Fraud prevention and security	Legitimate Interests	To protect Orbit-12 and our customers
Analytics and service improvement (GTM)	Legitimate Interests / Consent	To understand how our Services are used
Compliance with legal obligations	Legal Obligation	To comply with applicable laws and regulations

 

5. COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies on our website to enhance your experience, analyze site traffic, and support our marketing activities. By using the Services, you consent to our use of cookies in accordance with this Privacy Policy. You may control cookie preferences through your browser settings or our Cookie consent banner, though disabling certain cookies may affect the functionality of the Services.

We currently use the following tracking technologies:

 

Tool	Type	Purpose	Data Sent To
Shopify	Essential / Functional	Cart, checkout, account sessions	Shopify Inc. (Canada/USA)
Google Tag Manager (GTM)	Analytics / Marketing	Tag management, analytics tracking	Google LLC (USA)
Meta Pixel (Facebook/Instagram)	Marketing / Advertising	Ad targeting, conversion tracking	Meta Platforms Inc. (USA)
TikTok Pixel	Marketing / Advertising	Ad targeting, conversion tracking	TikTok (ByteDance Ltd.)
Klaviyo	Marketing	Email marketing, behavioral tracking	Klaviyo Inc. (USA)

* Marketing and advertising cookies (Meta Pixel, TikTok Pixel, GTM marketing tags) are only activated upon your explicit consent via our Cookie consent banner. If you are located in the EEA or UK, these cookies will not be set until you provide consent.

 

6. THIRD-PARTY SERVICE PROVIDERS

In addition to the cookie and tracking tools listed in Section 5, we use the following third-party platforms to operate our Services. These are not cookies or browser-based trackers, but your personal information may be transmitted to and processed by these providers as part of our fulfillment and operations:

 

Provider	Type	Purpose	Data Sent To
Fillout	Form Tool (Customer-Facing)	Collects birth data submitted by customers for Entity Blueprint generation	Fillout Inc. (USA)
Airtable	Backend Database	Secure internal database for order fulfillment management; not directly accessed by customers	Airtable Inc. (USA)

* Fillout: When you purchase an Entity Blueprint, you will receive a secure link to a Fillout form to submit your birth data. By submitting this form, you acknowledge that your data will be transmitted to and processed by Fillout on our behalf, solely for the purpose of generating your Blueprint. Fillout is bound by data processing obligations and may not use your data for any other purpose.

 

7. HOW WE DISCLOSE PERSONAL INFORMATION

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

•       With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).

•       With Fillout, our form-building partner, solely to collect your birth data for the purpose of generating your Entity Blueprint. Fillout is bound by data processing obligations and may not use your data for any other purpose.

•       With Klaviyo, our email marketing platform, to manage transactional and promotional communications. You may unsubscribe at any time via the link in any email.

•       With Meta (Facebook/Instagram) and TikTok, to serve targeted advertisements based on your activity, subject to your cookie consent preferences.

•       With Google, via Google Tag Manager, to manage tracking tags and support analytics.

•       With business and marketing partners to provide marketing services and advertise to you, in accordance with their own privacy notices.

•       When you direct, request, or otherwise consent to our disclosure of certain information to third parties.

•       With our affiliates or otherwise within our corporate group.

•       In connection with a business transaction such as a merger or bankruptcy, to comply with applicable legal obligations, to enforce applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

 

8. RELATIONSHIP WITH SHOPIFY

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside.

In addition, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes.

To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/privacy or the Shopify Privacy Portal at https://privacy.shopify.com/en.

 

9. THIRD-PARTY WEBSITES AND LINKS

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Our inclusion of such links does not imply any endorsement of the content on such platforms or of their owners or operators.

 

10. CHILDREN'S DATA

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details below to request that it be deleted. We do not knowingly sell or share personal information of individuals under 16 years of age.

 

11. SECURITY AND RETENTION OF YOUR INFORMATION

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no security measures are perfect or impenetrable, and we cannot guarantee absolute security. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. As a general guide:

•       Customization data (birth data): Retained for a maximum of 12 months from the date your Entity Blueprint is delivered, after which it will be securely deleted.

•       Transaction and account data: Retained for as long as your account is active or as needed to provide Services, and thereafter for a reasonable period to comply with legal obligations.

•       Marketing data: Retained until you opt out or withdraw consent, after which it will be suppressed or deleted in accordance with applicable law.

 

12. YOUR RIGHTS AND CHOICES

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute, may apply only in certain circumstances, and we may decline your request as permitted by law.

Right to Access / Know

You may have a right to request access to personal information that we hold about you.

Right to Delete

You may have a right to request that we delete personal information we maintain about you.

Right to Correct

You may have a right to request that we correct inaccurate personal information we maintain about you.

Right of Portability

You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.

Right to Opt Out of Targeted Advertising

You may have a right to opt out of the processing of your personal information for targeted advertising purposes. You can opt out of targeted advertising by: (1) adjusting your Cookie preferences via our Cookie consent banner; (2) using the opt-out tools provided by Meta (https://www.facebook.com/adpreferences) and TikTok (https://www.tiktok.com/legal/page/us/privacy-policy/en); or (3) contacting us directly at support@orbit12.com.

Managing Email Communication Preferences

We may send you promotional emails via Klaviyo. You may opt out of receiving these at any time by clicking the unsubscribe link in any marketing email. If you opt out, we may still send you non-promotional emails, such as those about your account or orders.

Additional Rights for EU/UK Residents (GDPR)

If you reside in the UK or European Economic Area, and subject to exceptions and limitations provided by local law, you may also exercise the following rights:

•       Objection to Processing: You may have the right to ask us to stop processing your personal information for certain purposes, including direct marketing.

•       Restriction of Processing: You may have the right to ask us to restrict our processing of your personal information in certain circumstances.

•       Withdrawal of Consent: Where we rely on consent to process your personal information (e.g. marketing emails, advertising cookies), you have the right to withdraw this consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

 

13. INTERNATIONAL DATA TRANSFERS

We may transfer, store, and process your personal information outside the country you live in, including to the United States, Canada, and Hong Kong, where our service providers operate.

If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms such as the European Commission's Standard Contractual Clauses (SCCs), or any equivalent contracts issued by the relevant competent authority of the UK, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

 

14. REGIONAL CONSUMER PRIVACY NOTICES

 

15. COMPLAINTS

If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us, or lodge a complaint with your local data protection authority. 

 

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last Updated" date, and provide notice as required by applicable law. Your continued use of the Services after any changes constitutes your acceptance of the revised Privacy Policy.

 

17. CONTACT

For questions about this Privacy Policy or to exercise your privacy rights, contact us at support@orbit12.com.

Data controller: ORBIT-12 Limited, Room A, 19/F, 367-373 King's Road, North Point, Hong Kong.