Privacy Policy

Last updated: May 2026 — By creating an account or using Orion, you confirm that you have read and understood this Privacy Policy.

This Privacy Policy describes how Steep Technologies ("we", "us", or "our") collects, uses, and protects your information when you use the Orion platform ("Service"). By creating an account, you are deemed to have read and accepted this Privacy Policy in full. It supplements the Steep Privacy Policy and is written to meet the Turkish Personal Data Protection Law (KVKK No. 6698) and the EU/UK GDPR. A Turkish-language clarification text is available here.

1. Information We Collect

When you use Orion, we collect the following information:

• Account information — Your username, display name, avatar, and email address provided through Steep Account OAuth. Orion does not store your password.
• Messages and content — Text messages, images, and files you send or receive in direct messages, group chats, and server channels, including reactions, replies, and pins.
• Server and community data — Servers you create or join, channels, roles, membership, friendships, blocks, and friend nicknames.
• AI assistant (Soark) — If you use Soark, your chat history with the assistant is stored to provide the feature (see Section 3).
• Connected services — If you link Spotify, we store the access tokens needed to show your activity; you can disconnect at any time. GIF searches are served via Giphy.
• Usage & diagnostics — In-app activity events, feature usage, and crash/error reports (including app version, error details, and user-agent) used to keep Orion stable and secure.
• Purchases — If you buy Orion Plus or a server boost, our payment provider (Shopier) sends us the order ID, buyer email, product, and payment status. We never see or store your card details.

We do not record voice or video calls.

2. How We Use Your Information

• To operate and deliver the Orion Service.
• To authenticate your identity via Steep Account.
• To ensure the security and integrity of the platform and prevent abuse.
• To communicate with you about your account or the Service.
• To improve and develop new features (using aggregated, anonymized data only).

We process this data to perform our contract with you, for our legitimate interest in keeping Orion secure and improving it, to comply with legal obligations, and, where applicable, with your consent. We never sell your data or use it for third-party advertising.

3. AI Features (Soark)

Soark is an in-app AI assistant. When you use it:

• Your conversations are stored only to provide the assistant and your own history.
• You can turn the assistant off while using Orion, and you can delete your Soark history at any time.
• The content you share with Soark is used only to generate your response — it is never used to train models or for any other secondary purpose.
• Soark runs on Steep’s own infrastructure; your prompts are not sent to third-party AI providers.

4. Cookies & Local Storage

Orion stores your Steep session token, basic profile, and preferences (such as theme) in your browser’s local storage to keep you signed in. We do not use advertising or third-party tracking cookies.

5. End-to-End Encryption

Orion offers optional end-to-end encrypted direct messages. For these, only your device’s public keys are stored on our servers; private keys never leave your device, and we cannot read end-to-end encrypted messages.

6. Data Sharing & Service Providers

We do not sell, rent, or share your personal data for advertising or marketing. We share data only with trusted providers needed to run the Service, under confidentiality obligations:

• Steep Account — for authentication and identity.
• Shopier — to process Orion Plus and boost purchases.
• Spotify — only if you choose to connect your account.
• Giphy — to provide GIF search.
• Cloudflare — for content delivery, DDoS protection, and secure tunneling.

We may also disclose data when required by a valid legal process or to protect the rights and safety of our users.

7. International Data Transfers

Some providers (such as Cloudflare and Spotify) may process data outside Türkiye and the EEA, including in the United States. Where this happens we rely on appropriate safeguards such as Standard Contractual Clauses and the providers’ own compliance frameworks.

8. Data Retention

Messages and content are retained until you or the relevant server owner delete them, or until your account is deleted. Security and diagnostic logs are kept for a limited period. Upon an account deletion request, your personal data is removed within 30 days, except where retention is required by law.

9. Security

All data transmitted between your device and our servers is encrypted using industry-standard TLS. We apply server-side security practices, access controls, and abuse monitoring to prevent unauthorized access. If a breach is likely to put your rights at risk, we will notify affected users and the relevant authority without undue delay (generally within 72 hours).

10. Your Rights

Under KVKK Art. 11 and GDPR Art. 15–22, you have the right to access, correct, export, restrict, object to, or delete your personal data, and to withdraw consent. To exercise these rights, contact us at [email protected]; we respond within 30 days. You may also complain to the Turkish Data Protection Authority (KVKK Kurumu) or your local EU supervisory authority.

11. Children’s Privacy

Orion is not intended for children under 13. Minors should use the Service only with the consent and supervision of a parent or legal guardian.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy, contact us at [email protected].