Blue Orchid.

Legal

Privacy Policy

Effective April 17, 2026

This policy explains what information Blue Orchid (“we”, “us”) collects when you use blueorchid.world and the applications we build and operate. It applies to the main Blue Orchid site and to any Blue Orchid application that links to this policy, including OAuth applications that access data from services like Google on your behalf.

Information you provide

We collect information you give us directly, such as when you:

  • Subscribe to our newsletter (email address).
  • Submit an intake, consulting inquiry, or lead-capture form (name, email, company, and any details you include).
  • Book a call through our scheduling tools (name, email, and calendar information).
  • Authorize one of our applications to connect to a third-party service such as Google, Slack, or similar (see Connected services below).

Information collected automatically

When you visit the site we collect limited technical information to operate and improve it:

  • Basic analytics (page views, referrer, device type, country) through Google Analytics.
  • Standard server logs for reliability and abuse prevention (IP address, user agent, timestamps).
  • Local-storage values used to remember your preferences on the site (for example, which persona view you selected). These stay on your device and are not sent to our servers.

Connected services (OAuth and integrations)

Some Blue Orchid applications connect to third-party services such as Google (Gmail, Drive, Calendar), Slack, Notion, or similar tools. When you authorize one of these connections:

  • We request only the scopes required for the feature you are using and nothing more.
  • Access tokens are stored encrypted and used only to perform the actions you requested.
  • Data retrieved from a connected service is not sold, shared with advertisers, or used to train general-purpose AI models.
  • You can revoke access at any time from the connected service's security or permissions page (for Google, that is myaccount.google.com/permissions). Revoking access removes our ability to read further data.

Use of Google user data conforms with the Google API Services User Data Policy, including the Limited Use requirements.

How we use information

  • To deliver the products and services you request.
  • To respond to inquiries, schedule calls, and send the newsletter you subscribed to.
  • To understand how the site is used and improve content and performance.
  • To prevent fraud, abuse, and security incidents, and to meet legal obligations.

Service providers

We use a small set of trusted vendors to run our services. Each processes data on our behalf under its own security and privacy controls:

  • Vercel (site hosting and serverless functions).
  • Supabase (database and application storage).
  • Beehiiv (newsletter delivery).
  • Calendly (scheduling).
  • Google Analytics (site analytics).
  • Cloud AI providers (for example, Anthropic and OpenAI) used inside our applications to process prompts and content on your behalf.

We do not sell personal information, and we do not share it with third parties for their own marketing.

Data retention

We keep information only as long as needed for the purpose it was collected or as required by law. Newsletter subscriptions are kept until you unsubscribe. Consulting and intake records are kept for the life of the client relationship plus a reasonable archive period. OAuth tokens are revoked when you disconnect a service or stop using the application.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, email us at the address below. We will verify your identity and respond within a reasonable timeframe.

You can unsubscribe from the newsletter at any time using the link in any email.

Security

We use industry-standard measures to protect information, including encryption in transit (HTTPS), encrypted storage for secrets and tokens, and access controls limiting who on our team can read your data. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

Children

Our services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided information to us, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date above and, if the change is significant, by a notice on the site or email to active users.

Contact

Questions about this policy or your data? Email us at privacy@blueorchid.world.

See also our Terms of Service.