Trust needs to be explained, not implied.

Q

What data do you collect?

Three categories: (1) knowledge you upload — pricing, case studies, positioning; (2) deal context — notes you paste, account details, transcripts you choose to share; (3) account metadata — who you are, your team, billing. That's the full list.

Q

Do you train a foundation model on my data?

No. We do not train any foundation model on customer data. When we say Orion "learns your business," we mean it retrieves from your knowledge base at inference time — your data stays yours.

Q

Does the LLM provider see my data?

The content of the prompts Orion sends on your behalf is processed by our LLM provider (currently Anthropic) under their enterprise terms with zero retention for training. We can share the specific DPA on request.

Q

Where is my data stored?

Encrypted at rest in our Supabase-hosted Postgres (US region today). Encrypted in transit via TLS. Private data residency options are on the Enterprise roadmap for teams that need EU or other regional storage.

Q

What does Orion actually do with your data?

Retrieves relevant pieces of your knowledge base for a given deal, combines it with the context you provide, and generates advice — briefs, MAPs, champion materials, coaching on next steps.

Q

Does it take actions on my behalf?

Not today. Orion is advisory: it writes, recommends, and drafts. It does not send emails, update CRMs, or take any action without a human reviewing and executing. Action-taking capabilities are on the roadmap and will be gated by explicit user approval.

Limit

It does not invent facts about your deals.

Orion cannot "know" things you haven't told it. If you ask about an account and haven't fed it context, it will say so rather than hallucinate. When it does cite specifics, those come from your knowledge base — and it will tell you which document.

Limit

It does not send, post, or sign anything.

Orion generates drafts. You ship them. We do not auto-send emails, auto-post to Slack, auto-update CRM fields, or execute any irreversible action. This is deliberate — AI drafts should always pass a human gate.

Limit

It does not share your knowledge base with other customers.

Every workspace is a walled garden. Your knowledge base is tenant-isolated — another customer's Orion will never retrieve from your documents, and we do not mine one team's deals, playbook, or closing patterns to improve another team's advice. Platform-level improvements (better prompts, better UX, better default behaviors) roll out to everyone; customer content never leaves its workspace.

Limit

It does not replace human judgment on high-stakes calls.

Orion is explicit about its confidence. On pricing edge cases, legal language, compensation logic, and anything involving a signed commitment, it defers to you — by design. If it cannot defend an answer with your context, it will tell you so.

Q

Can I delete my data?

Yes. Any document, deal, or workspace can be deleted on demand, with deletion propagated to backups within 30 days. Full-account deletion removes all personal data; we retain anonymized usage metrics only where needed for security and billing.

Q

Can I control who on my team sees what?

Role-based access (admin / rep / view-only) and deal-level permissions are available today for paid Team tier and will be part of the Enterprise offering. On Founder and Starter, access controls are workspace-level.

Q

Can I see what Orion did on my behalf?

Yes. Every deal room has an activity log. Every generation records what context Orion used. You can audit the trail any time.

Q

Can I export everything?

Yes. Knowledge base, deals, generations — all exportable as structured data (JSON / CSV) on request. We'll be self-serving this in the product soon.

Q

Where are you on SOC 2?

SOC 2 Type II is on the roadmap and is the anchoring commitment for our Enterprise launch. We are implementing the control set today; a formal audit window is planned before Enterprise GA.

Q

What about HIPAA / FedRAMP / ISO 27001?

Not today. Orion is not appropriate for PHI or government-classified workloads at this stage. If you have a specific compliance requirement, tell us — it helps us prioritize.

Q

Can you sign a DPA / MSA?

We have a standard DPA available today. MSAs are signed on request for Enterprise prospects. Email hello@orionsales.app and we'll route you to the right template.

Q

How do you handle a security issue?

Report to security@orionsales.app. We acknowledge within one business day, triage within three, and commit to transparent disclosure for issues that affect customer data.