Back to Home

Security

Last updated: December 1, 2025

Your code is yours. We built Orbit to keep it that way.

Our approach

Local-first

Your code lives on your machine, not our servers. Orbit is a native desktop app — projects never leave your computer unless you use AI features.

Privacy by design

We minimize data collection. No telemetry is required to use Orbit. Analytics are optional and never include code content or project names.

Transparent AI

When you use AI features, we tell you exactly what data is sent and where. Only the context relevant to your prompt is transmitted — never your entire codebase.

Your control

Bring your own API key for direct access to Anthropic. You decide what context the agent sees and what stays local.

What we don't do

  • Store your source code on our servers
  • Train AI models on your code
  • Share your code with third parties
  • Access your projects without your action
  • Collect telemetry without your consent

How AI features handle your data

When you use the AI agent, relevant code context is sent to Anthropic's Claude API to generate responses. This is the only time code leaves your machine. We do not store transmitted code on our servers — requests are stateless.

With Bring Your Own Key (BYOK), data goes directly from your machine to Anthropic under your own account and API agreement.

What's sent

  • The file(s) relevant to your prompt
  • Project context needed for accurate responses
  • Your prompts and questions

What's never sent

  • Your entire codebase
  • Files unrelated to the current task
  • Personal information or credentials
  • Project names or directory structure (with BYOK)

Anthropic's privacy policy: anthropic.com/privacy

Infrastructure

Encryption in transit

All network communication uses TLS 1.3.

Authentication

Sign in with Claude (Anthropic OAuth) or use your own API key directly.

No server-side code storage

Your code is never stored on Orbit servers. AI requests are stateless — context is sent, response is returned, nothing is retained.

Anthropic data policy

Anthropic does not train on API data. Your code sent via the Claude API is not used for model training.

Data we collect

Account data

Email address and authentication credentials when you sign in with Claude. If you use BYOK exclusively, no account is required.

Analytics (optional)

Feature usage patterns and crash reports to help us improve the product. This never includes code content, file names, or project structure. You can opt out entirely.

Responsible disclosure

We welcome responsible disclosure of security vulnerabilities. Report issues via our contact form or email us at hello@recursive.ac.

We aim to respond within 48 business hours and do not pursue legal action against good-faith security researchers.

Security questions?

We're happy to discuss how Orbit protects your data.

Contact us