Legal
Privacy Policy.
Last updated: 2026-05-11 · Version 1
TL;DR
01The short version
We collect the minimum we need to run ORB: a first name, a phone or email, your build history, and any allergies, prescriptions, or conditions you choose to share. We use that to personalize Sage and keep you safe from incompatible ingredients. We do not sell your data, share it with advertisers, or train models on your conversations. Health information is treated with extra care and purged within 30 days of account deletion.
02What we collect
Account: a first name and either a phone number or an email address — whichever you used to create the account. Profile (entirely optional): allergies, prescriptions, conditions, sensitivities, goals, sex, weight, age band, and a pregnancy/breastfeeding flag if applicable. Usage: builds you compose, votes you cast on DROPS, orders you place, formulas you save. Errors and analytics: anonymous error reports and product-event counters (e.g. "intake_completed", "order_fired") with no raw medical strings, plus standard Vercel page-view analytics.
03Why we collect it
Account fields let us link your builds to one identity across devices and contact you about orders. Profile fields let Sage personalize suggestions and filter ingredients that conflict with your stated allergies, prescriptions, or conditions. Usage data improves the recommendation engine. Errors and analytics let us find and fix bugs without sending us your messages. None of this is used to sell you third-party products or build advertising profiles.
04Where it lives
Account and profile records live in Upstash Redis on the Vercel Marketplace, encrypted in transit and at rest. Hosting, page-view analytics, and Speed Insights run on Vercel. Error reports go to Sentry. Product events go to PostHog. Conversation traffic with Sage routes through Anthropic and OpenAI, who process inference requests but do not retain the conversation transcript beyond the session. Each provider is contractually bound to handle data on our behalf only.
05What we DON'T do
- We do not sell your data to third parties.
- We do not share your data with advertisers or data brokers.
- We do not train AI models on your conversations or formulas.
- We do not embed third-party tracking pixels or social-media trackers.
- We do not combine your ORB data with data purchased from outside sources.
06Health data specifically
Allergies, prescriptions, conditions, sensitivities, and pregnancy/breastfeeding flags are treated with extra care. They are stored in Upstash Redis encrypted in transit, isolated under your account key, and never shared with any third party including the AI providers that route conversation inference. Sage receives a summarized profile context (e.g. "user has 3 allergens, 2 conditions") rather than the raw entries when possible. Health data is subject to deletion on account close (see section 11).
07Cookies
We set one signed session cookie called st_auth for the private-preview password gate, and one signed cookie called st_account for your logged-in session. Both are HttpOnly, Secure, and SameSite=Lax. Vercel Analytics may set additional first-party cookies for page-view tracking; you can opt out by disabling JavaScript or by using a browser-level analytics blocker. We do not use third-party cookies.
08Children
ORB is not intended for anyone under 13. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, please email privacy@slicetease.com (placeholder) and we will delete the account and any associated data promptly.
09Your rights
You have the right to access, correct, or delete your personal data. You can edit profile fields directly in the intake wizard and rename your handle in the YOU dashboard. To download a copy of your data or to request deletion, email privacy@slicetease.com (placeholder). We will respond within 30 days. You may also withdraw consent for medical-data processing at any time — doing so will deactivate the compatibility-engine filters, but the rest of ORB will continue to work.
10California / EU residents
If you live in California, you have specific rights under the California Consumer Privacy Act (CCPA) including the right to know, the right to delete, the right to opt out of sale (we do not sell), and the right to non-discrimination. If you live in the European Union or the United Kingdom, you have rights under the GDPR including access, rectification, erasure, restriction, portability, and objection. Detailed CCPA/GDPR disclosures will appear in the v2 policy. Until then, email privacy@slicetease.com and we will honor any qualifying request.
11Data retention
Active accounts are retained indefinitely so your formulas and history stay accessible. Inactive accounts (no sign-in for 24 months) are flagged for review and may be archived or deleted. When you delete your account, we purge personal data within 30 days, including profile, prefs, and identity records. Aggregate, fully anonymized analytics (e.g. counters of "how many users completed intake this week") may be retained beyond that point because they cannot be tied back to you.
12Changes
We may update this policy from time to time. Material changes will be announced via an in-app banner; minor edits (typos, formatting, clarifications) are trackable via the version stamp and "Last updated" date at the top of this page. Continued use of ORB after a material change takes effect constitutes acceptance of the new policy.
13Contact
Privacy questions: privacy@slicetease.com (placeholder). For general inquiries, see the Terms of Service.