ORbit is built for healthcare from the ground up. Every query is facility-scoped and enforced by row-level security, every change is audit-logged, and access is governed by role — so you can move fast without adding risk.
Protected health information is handled to HIPAA standards end to end — the platform was built for healthcare from the ground up, not adapted to it.
Facility isolation is enforced in the database itself. Row-level security on every table means a user can only ever see data within their authorized facility.
Every action is logged and traceable, with audit history built into every table — so compliance and investigation never depend on reconstructing what happened.
Access is governed by role, so each person sees the data appropriate to their job and nothing more. The right data for the right person, by default.
All data is transmitted over HTTPS/TLS, and stored on managed, access-controlled infrastructure (PostgreSQL via Supabase, hosting via Vercel).
ORbit does not use advertising SDKs or cross-app/cross-site tracking. Patient and operational data is for operating your facility — not for anyone else.
Operational data is yours. Case milestones, timestamps, and procedural information are entered by your authorized staff and used to run and improve your facility's operations. Aggregated analytics are accessible to your authorized administrators.
Retention & deletion. Data is retained while your account is active or as needed to provide the service. Facility administrators may request deletion of facility data.
Service providers. We share data only with the providers needed to operate the service — database hosting, web hosting, and push-notification delivery — never for advertising.
For full detail, see our Privacy Policy and Terms of Service.
We're happy to walk your team through how ORbit protects patient data on your own deployment.