Privacy Policy
1 Introduction
Orchestrate Global Consulting LLC ("OGC," "we," "us," or "our") is committed to protecting the privacy of individuals and organizations that use our software products and services, including BitLoad™ and the OGC Toolbox (collectively, the "Software"), and our website at orchestrateglobalconsulting.com (the "Website").
This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights with respect to it. By installing or using the Software or visiting the Website, you agree to the practices described in this Policy.
2 Scope
This Policy applies to:
- The BitLoad™ desktop application and Excel Add-in
- The OGC Toolbox launcher application
- The OGC Hub cloud licensing and identity management service
- The orchestrateglobalconsulting.com website and any associated web pages
3 Information We Collect
3.1 Information Collected by the Software (Desktop Applications)
When you install and use the Software, the following information is collected for the purpose of license validation and seat management:
| Data Item | Description | How Collected | Stored in Cloud? |
|---|---|---|---|
| License Key | The alphanumeric key issued to your organization | Entered by user during activation | Yes |
| Machine Hash | A one-way SHA-256 hash derived from your computer's hostname, machine architecture, and node name | Generated automatically by the Software | Yes (hash only) |
| User Hash | A one-way SHA-256 hash of the local part of your email address (the portion before the @ symbol) | Derived from email entered during activation | Yes (hash only) |
| Email Domain | The domain portion of your email address (e.g., yourcompany.com) | Derived from email entered during activation | Yes |
| App ID | The identifier of the OGC application being activated (e.g., bitload) | Sent automatically | Yes |
| App Version | The version of the Software installed at the time of activation (e.g., 1.0.1) | Sent automatically | Yes |
| EULA Version | The version of the End User License Agreement in force at the time of activation | Recorded automatically from server | Yes |
| Activation Timestamp | The date and time of initial seat activation and subsequent heartbeat validations | Recorded automatically | Yes |
| IP Address | Your network IP address at the time of IT Admin portal access | Collected by server on admin portal requests | Yes (optional, best-effort) |
3.2 Information NOT Collected by the Software
The following data is explicitly never transmitted to OGC or any third party:
- The contents of any EIB template files
- The contents of any attachment files processed by BitLoad™
- Your plaintext email address (it is hashed before any database write; see Section 5)
- Your computer's hostname or hardware identifiers in plaintext (only the hash is stored)
- Any Workday® data, credentials, or configuration
- Any financial, accounting, or business data processed through the Software
3.3 Information Collected During License Activation
During the initial activation process, your email address is transmitted to the OGC Hub for the sole purpose of delivering a one-time verification code. This transmission occurs over encrypted HTTPS. The plaintext email address is:
- Used in memory only to send the verification email
- Never written to OGC's database
- Permanently discarded after the verification email is sent
3.4 Information Collected via the IT Admin Portal
When an IT administrator accesses the OGC Admin Portal to download installer files, the following is recorded:
- A hash of the administrator's email address (user part only)
- The email domain
- The license key used
- The app and version downloaded
- The timestamp of the download
- The IP address of the request (best-effort; may reflect a proxy address in corporate environments)
3.5 Information Collected via the Website
When you visit orchestrateglobalconsulting.com, standard web server logs may record your IP address, browser type, referring URL, and pages visited. We may use third-party analytics services (such as Google Analytics) that collect similar information. Please refer to those services' privacy policies for details.
4 How We Use Your Information
We use the information described above for the following purposes:
| Purpose | Data Used |
|---|---|
| License validation — confirming that a License Key is active and in good standing | License Key, Machine Hash, User Hash, App ID |
| Seat management — tracking which machines have active seats under a license | Machine Hash, User Hash, License Key, App ID |
| EULA compliance audit — maintaining a permanent record of which version of the Software and EULA was accepted at activation | App Version, EULA Version, Activation Timestamp |
| Fraud prevention and license enforcement — detecting unauthorized use or circumvention of seat limits | Machine Hash, User Hash, License Key, Login Events |
| Software update notifications — informing users when a new version is available | App ID, App Version |
| IT Admin installer distribution — providing authenticated download access to licensed installers | License Key, Email Domain, IP Address |
| Customer support — responding to support requests and diagnosing issues | License Key, App Version, Activation Timestamp |
We do not use your information for:
- Advertising or marketing to third parties
- Sale or rental to any third party
- Profiling or behavioral tracking
- Any purpose unrelated to the operation and support of the Software
5 How We Protect Your Information
All personal identifiers stored in OGC's database are processed through one-way SHA-256 cryptographic hashing before storage. We store a hash, not your name or email. The hash cannot be reversed to recover the original value — even OGC personnel cannot determine the identity of a specific user from the stored hash.
The license state stored on your machine is encrypted using AES-256 (Fernet) with a key derived from your machine's hardware fingerprint using PBKDF2-HMAC-SHA256 (100,000 iterations). This vault file is hardware-locked and cannot be decrypted on any other machine.
All communication between the Software and the OGC Hub uses HTTPS with TLS 1.3. The Software uses the Windows system certificate store to ensure compatibility with corporate TLS-inspection proxies, without requiring custom certificate configuration.
The OGC Hub is hosted on Google Cloud Run within Google Cloud Platform's infrastructure. Data is stored in a managed Cloud SQL (PostgreSQL) instance isolated within a Virtual Private Cloud (VPC). Access to administrative endpoints is protected by a secret token stored in Google Secret Manager.
6 Data Retention
| Data | Retention Period |
|---|---|
| Active Seat records | Retained while the seat is active; marked as revoked, replaced, or expired upon status change. Records are retained for audit purposes. |
| Login event logs | Retained indefinitely for license enforcement and EULA audit purposes |
| Verification codes (one-time activation codes) | Deleted immediately upon use or expiration (15 minutes), whichever comes first |
| IT Admin download logs | Retained indefinitely for audit purposes |
| Local vault file (bitload.vault) | Retained on the user's machine until uninstallation or manual deletion. User is prompted to retain or delete during uninstallation. |
7 Data Sharing and Disclosure
OGC does not sell, rent, or trade your information to any third party.
We may disclose information in the following limited circumstances:
- Service providers: We use Google Cloud Platform to host the OGC Hub. Google processes data on our behalf subject to their data processing agreements and privacy policies.
- Legal requirements: We may disclose information if required to do so by law, court order, or governmental authority.
- Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of OGC's assets, information may be transferred to the successor entity, subject to the same privacy protections described in this Policy.
- Protection of rights: We may disclose information to protect the rights, property, or safety of OGC, our customers, or others, including for fraud prevention and license enforcement purposes.
8 Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your information:
- Access: Request information about what data we hold related to your organization's license
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your organization's seat records (note: this will deactivate the associated license seats)
- Portability: Request a copy of your organization's license and seat data
9 Children's Privacy
The Software is designed for use by business professionals and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
10 International Users
OGC is based in Arizona, United States. If you are accessing the Software or Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
By using the Software, you consent to the transfer of your information to the United States in accordance with this Policy.
11 Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this Policy. We will make reasonable efforts to notify Licensees of material changes, which may include a notice within the Software or an email to the contact address on file for your organization's license.
Continued use of the Software following notice of changes constitutes acceptance of the updated Policy.
12 Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Orchestrate Global Consulting LLC