Privacy Policy

1. Who We Are

Arch AI ("we," "us," or "our") operates the architectural rendering platform at arch-ai.link. For questions about this policy, contact us at support@arch-ai.link.

2. Information We Collect

2.1 Account Information

When you sign in with Google, we receive and store:

• Your name and email address
• Your Google profile picture URL
• A unique identifier from Google used to recognise your account

We do not receive or store your Google password. Authentication is handled entirely by Google's OAuth 2.0 service.

2.2 Files and Renderings

When you use Arch AI, we store:

• Architectural images and files you upload
• AI-generated rendering images produced from your uploads
• Prompts, labels, and notes you attach to files or render jobs
• Thumbnail images generated from your files

These files are stored on Amazon Web Services and are accessible only to your account.

2.3 Usage and Activity Data

We automatically collect:

• Rendering history (job status, AI model used, timestamps, credit cost)
• Credit balance and subscription tier
• Storage usage totals

2.4 Device and Push Notification Tokens

If you use the Arch AI mobile app and grant notification permission, we store your device push token to send you notifications when renderings complete or account events occur (e.g., low credits). You can revoke notification permission at any time in your device settings.

2.5 Payment Information

Payments are processed by Stripe. We do not store your card number, CVV, or bank details. We store only Stripe customer and subscription IDs in order to manage your subscription. For details on how Stripe handles your payment data, see stripe.com/privacy.

2.6 Analytics

We use Mixpanel to collect anonymised page-view and feature-usage data on our marketing website. This helps us understand which features are most useful. Mixpanel may set cookies or use device identifiers. You can opt out via mixpanel.com/optout.

2.7 Email Logs

Transactional emails (subscription confirmations, refund notices, account deletion warnings) are sent via Brevo. We store your email address for this purpose. We do not send marketing emails unless you separately opt in.

3. How We Use Your Information

Purpose	Legal Basis
Authenticate your account and maintain your session	Contract performance
Store and deliver your uploaded files and generated renderings	Contract performance
Process payments and manage subscription status	Contract performance
Send transactional notifications (render complete, billing events)	Contract performance / Legitimate interest
Track credit usage and enforce subscription limits	Contract performance
Analyse aggregate usage to improve the platform	Legitimate interest
Detect and prevent fraud, abuse, or security threats	Legitimate interest / Legal obligation
Comply with applicable law and respond to legal requests	Legal obligation

4. Third-Party Services

We share data with the following third parties only to the extent necessary to operate the Service:

• Google OAuth — authentication. Your sign-in is governed by Google's Privacy Policy.
• Amazon Web Services — cloud infrastructure (compute, storage, databases) located in us-east-2 (Ohio, USA).
• Stripe — payment processing. Governed by Stripe's Privacy Policy.
• Brevo — transactional email delivery.
• Mixpanel — anonymised analytics on the marketing website.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

5. Data Retention

• Account data: retained for the lifetime of your account, plus 30 days after deletion.
• Uploaded files and renderings: retained while your account is active. Deleted within 30 days of account deletion.
• Stripe webhook event logs: retained for 90 days for billing dispute resolution.
• Push notification tokens: retained while your account is active; removed on account deletion.

6. Data Security

We implement industry-standard safeguards including:

• All data transmitted over HTTPS/TLS
• Files stored encrypted buckets

If you believe your account has been compromised, contact us immediately at support@arch-ai.link.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate data
• Deletion: request deletion of your account and all associated data — available directly in your account settings under the subscription page
• Portability: request your data in a machine-readable format
• Objection: object to processing based on legitimate interest
• Withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email support@arch-ai.link. We will respond within 30 days.

8. Children's Privacy

Arch AI is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Cookies and Local Storage

The Arch AI web app uses browser localStorage and sessionStorage (not cookies) to store your authentication token. No tracking cookies are set by the app itself. The marketing website uses Mixpanel analytics which may use cookies or device fingerprinting — see Section 2.6 for opt-out options.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• The "Last Updated" date at the top of this page will be revised
• For material changes, we will notify you by email or via an in-app notice
• Continued use of the Service after the effective date constitutes acceptance of the updated policy

11. Contact Us