Does Orbitcheck work with my ecommerce platform?

Yes! We provide native integrations for Shopify, WooCommerce, BigCommerce, and Magento. For custom platforms, our API-first approach means you can integrate with any system.

How fast is the validation?

Lightning fast. Our p95 response time is under 150ms, with cached responses returning in under 50ms.

What's included in Early Access?

60 days free on the Growth plan, white-glove setup, free address audit, bulk CSV cleaning up to 50k rows, dedicated Slack support, and weekly optimization calls.

Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of and is subject to the Orbitcheck Terms of Service or other written agreement governing your use of the Services (the "Agreement") between Orbitcheck ("Processor") and the customer entity identified in the Agreement ("Controller"). This DPA applies to Processor's Processing of Personal Data on behalf of Controller in connection with the Services.

If you require a countersigned copy of this DPA, contact dpa@orbitcheck.io.

1. Definitions

"Data Protection Laws" means all laws and regulations applicable to the Processing of Personal Data, including the EU GDPR, UK GDPR, Swiss FADP, and U.S. state privacy laws such as the CCPA/CPRA.

"Personal Data" means any information relating to an identified or identifiable natural person that Processor Processes on behalf of Controller.

"Processing" means any operation performed on Personal Data, including collection, validation, normalization, deduplication, storage, caching, or deletion.

"Services" means Orbitcheck's data validation, deduplication, entity resolution, and risk-driven order control services.

"Subprocessor" means any third party engaged by Processor to Process Personal Data on behalf of Controller.

"SCCs" means the European Commission's Standard Contractual Clauses for data transfers.

2. Scope, Instructions, and Purpose

Processor will Process Personal Data only on documented instructions from Controller, including as necessary to provide, maintain, secure, and improve the Services, and to comply with law.

3. Roles and Responsibilities

Controller determines the purposes and means of Processing. Processor acts as a processor/service provider and will not "sell" or "share" Personal Data for advertising or purposes other than providing the Services.

4. Security Measures

Processor implements appropriate technical and organizational measures to protect Personal Data, including:

Encryption in transit and at rest
Access controls and least privilege
Multi-factor authentication for administrative access
Network and application security
Logging and monitoring
Vulnerability and patch management
Business continuity and disaster recovery
Vendor risk management

5. Security Incidents

Processor will notify Controller without undue delay (within 72 hours) upon becoming aware of a Security Incident affecting Personal Data, and will provide information about the nature of the incident and measures taken.

6. Subprocessors

Controller authorizes Processor to engage Subprocessors. Processor will impose data protection obligations on Subprocessors and provide notice of new Subprocessors. Controller may object to a new Subprocessor on reasonable grounds within 15 days of notice.

7. International Data Transfers

Processor may Process Personal Data globally, subject to appropriate transfer mechanisms including the SCCs, UK International Data Transfer Addendum, and Swiss addendum as applicable.

8. Retention and Deletion

Processor retains Personal Data only as long as necessary to provide the Services. Retention is configurable by plan (typically 7–365 days). Upon termination or request, Processor will delete or return Personal Data.

9. California (CCPA/CPRA) Terms

To the extent the CCPA/CPRA applies, Processor acts as Controller's "service provider" and/or "contractor" and will not sell or share Personal Information, or use it for purposes other than providing the Services.

Annex I — Details of Processing

Subject Matter: Processing Personal Data submitted by Controller via API, connectors, and dashboard to provide data validation services.

Categories of Data Subjects: Customers and prospective customers of Controller (consumers and business contacts), Controller's personnel.

Categories of Personal Data:

Identification and contact: full name, email address, phone number.
Addresses: shipping/billing address lines, city, region, postal code, country.
Tax identifiers: EU VAT ID, ES NIF/NIE, BR CPF/CNPJ, MX RFC, AR CUIT, CL RUT, PE RUC/DNI.
Order and account metadata: order IDs, external customer IDs, timestamps, reason codes.
Technical data: IP addresses, user agent, API credential identifiers, event logs.

Last updated: 2025-10-16