This notice explains what information ORION OS collects, where it lives, how it is used, and what control you and your organization have over it. It applies to the ORION OS platform, each organization's dedicated instance, the public demo, and the companion Discord bot. ORION OS is a third-party tool for the Star Citizen community and is not affiliated with Cloud Imperium Games.
I. The Short Version
- Your organization owns its own database — literally. The org creates and manages the database account itself; ORION OS connects to it to run the service. If the license ends, the org still has its database.
- ORION OS does not require an email address to create an account. Accounts are identified by an org-issued ID and a handle.
- We do not sell data, run advertising, or use tracking or third-party ad cookies. One cookie exists: your session.
- Your organization controls its members' records and decides who within the org can see them. ORION OS operates the application layer.
II. What We Collect
2.1. Account Data
When an account is created on an organization's instance, the following is stored in that organization's own database: an org-issued member ID (e.g., LOG-12-0347), a display handle, a password (stored only as a bcrypt hash — neither your organization nor ORION OS can read it), and your rank, division, and billet assignments within the organization. Optionally, you may link a Discord account or record an RSI handle; both are voluntary. Because the database belongs to your organization, your account record is held by your organization, and the ORION OS platform processes it in order to sign you in and run the features your organization licensed.
2.2. Operational Content
ORION OS exists to run an organization, so the organization's database stores whatever its members put into it: rosters, mission plans and after-action reports, dispatch and SAR logs, intel entries, training and certification records, awards and nominations, calendar events and RSVPs, messages in org channels, finance and payout records, and inventory data. This content belongs to the organization.
2.3. Sensitive Content (Solace)
The Solace module is primarily an in-game medical record: fiction about your character — injuries, treatments, and casualty events inside the Star Citizen universe. However, organizations may choose to record real-world welfare information about members there as well, for any reason they see fit. That choice belongs to the organization, and the organization is responsible for it. Access to Solace is restricted by the permission engine to roles your organization explicitly grants and is not visible to the general roster. If your organization records real health or welfare information about you, it should do so with your knowledge and consent — such information can qualify as special-category data under laws like the GDPR, and the obligations that follow rest with the organization as the controller of its records.
2.4. Technical Data
To keep the platform running and secure we process: session tokens (the cookie that keeps you signed in), timestamps and audit logs of administrative actions, a durable event log of system activity (e.g., "mission completed", "member promoted"), and error/diagnostic reports. Diagnostic data may include technical context about the error; it is used solely to fix defects.
2.5. Payment Data
License payments are handled by an external payment processor. ORION OS never sees or stores card numbers; we retain only a payment reference, amount, and date against the commission record.
2.6. What We Do Not Collect
No real names are required. No email is required. No government IDs, no precise location, no advertising identifiers, no analytics profiles built across sites. In-game characters, ships, and lore content are game fiction; we treat handles as the only identifier that may relate to a real person.
III. Where Data Lives
Each organization provisions its own dedicated database, on its own account, using a setup script we supply. We typically ask tenants to use Supabase (managed PostgreSQL) for best compatibility with the platform. The organization chooses the account, the project, and the hosting region — including EU regions, which matters for European organizations (see Section VIII). The organization then supplies connection credentials so the ORION OS platform can operate against that database; those credentials are stored encrypted in the platform registry. Uploaded files (e.g., emblems, attachments) are stored on managed blob storage operated by ORION OS. The application layer runs on managed cloud infrastructure; error diagnostics are processed by a monitoring service. If your organization enables the Discord integration, notifications you configure are sent to your organization's own Discord server and are then subject to Discord's terms and privacy policy.
IV. How Data Is Used
We use data for exactly four things: (1) operating the service — authentication, permissions, notifications, and the features your organization licensed; (2) security — audit trails, abuse prevention, and session management; (3) support — diagnosing faults you report; and (4) license administration — issuing keys, renewal advisories, and enforcing the terms of the ODL-V2.2 license. We do not use your data for advertising, profiling, or training third-party AI systems, and we do not share it across organizations.
V. Who Can See Your Data
5.1. Within Your Organization
Visibility inside an instance is governed by your organization's permission configuration. Officers and administrators your organization designates can see member records appropriate to their grants. Your organization — not ORION OS — decides who holds those roles.
5.2. ORION OS Operations
ORION OS staff do not provision, log into, or browse tenant databases. Your organization creates its own database, runs the setup script itself, and manages its own database account; what it hands over is a connection credential, which the platform uses solely to operate the service on the organization's behalf. To be precise rather than absolute: holding that credential means platform-level access exists as a technical capability — we do not use it outside of running the service, and your organization can revoke or rotate the credential at any time from its own account, immediately cutting off all platform access.
5.3. Third Parties
We share data only with the infrastructure providers named in Section III, acting on our instructions, and where required by law. We do not sell or rent data to anyone.
VI. Retention & Deletion
Because the database belongs to your organization, the organization always retains its data — through expiration, the Grace State, and decommission. If a license expires, platform access becomes read-only for 14 days and then ends, but the organization's database, on the organization's own account, never leaves its possession; keeping, exporting, or deleting it thereafter is entirely the organization's decision through its own database provider. What ORION OS deletes at decommission is the platform-side material we hold: the stored connection credentials, uploaded files on our blob storage, and the instance's registry record, all within thirty (30) days. Commission records (who licensed what, when, and payment references) are retained for the licensor's bookkeeping.
VII. Your Choices & Rights
- Access & correction: Your profile, rank history, and records are visible in-app; corrections go through your organization's administrators, who control the roster.
- Export: Organizations can export through the platform at any time — and because they own the database account, they also have direct access to all of their data independent of the platform.
- Deletion: You may ask your organization to remove your account. An organization may end its use of ORION OS at any time; we delete platform-side material within thirty (30) days (Section VI), and the organization deletes or keeps its own database as it chooses.
- Discord unlinking: A linked Discord account can be unlinked in Settings at any time.
VIII. EU/UK Members (GDPR & UK GDPR)
8.1. Roles
For member and operational data inside an organization's instance, your organization is the data controller — it decides what is recorded about its members and why — and ORION OS acts as a processor, operating the platform on the organization's documented instructions under the ODL-V2.2 license and this notice. For commission and licensing records (Section 2.5), ORION OS is the controller.
8.2. Legal Bases
Where the GDPR applies, ORION OS processes platform data as necessary to perform the license agreement with your organization (Art. 6(1)(b)) and for legitimate interests in securing and maintaining the service (Art. 6(1)(f)). Any special-category data an organization chooses to record in Solace is recorded under the organization's own legal basis, which should ordinarily be the member's explicit consent (Art. 9(2)(a)).
8.3. Data Location & Transfers
Your organization picks its own database hosting region when it creates its database account — European organizations can and should select an EU region, in which case member records rest in the EU. The application layer, blob storage, and diagnostics are operated on infrastructure that may process data in the United States; where that constitutes an international transfer, it occurs under the providers' standard safeguards (such as Standard Contractual Clauses or Data Privacy Framework participation).
8.4. Exercising Rights
Rights of access, rectification, erasure, restriction, portability, and objection over member records should be directed to your organization, as the controller of those records; we will assist the organization in honoring them. For commission records, or if your organization is unresponsive, contact us directly at the address in Section XI. You also have the right to lodge a complaint with your local supervisory authority.
IX. Security
Passwords are hashed with bcrypt and never stored in plaintext. Each organization's database is wholly separate from every other organization's, with row-level security policies inside it. Connection credentials are encrypted at rest in the platform registry. Administrative actions are audit-logged. Sessions use random tokens with no personal data embedded. No system is perfectly secure; if we become aware of a breach affecting your organization's data, we will notify the organization's authorized representative without undue delay.
X. Age Requirement
ORION OS is not directed at children. You must be at least 16 years old (or the minimum age of digital consent in your jurisdiction, if higher) to hold an account. If we learn an account belongs to someone below that age, we will remove it.
XI. Changes & Contact
If this notice changes materially, we will notify organizations through the in-app notification system and update the effective date above. Continued use after the effective date constitutes acceptance.
Questions, rights requests, or concerns: privacy@orionos.app
This is an unofficial Star Citizen fan site, not affiliated with the Cloud Imperium group of companies.