Effective Date: November 3, 2025

Last Updated: November 3, 2025

Welcome to aiARC. This Privacy Policy explains how we collect, use, share, and protect your personal information when you access or use our services. By using aiARC, you consent to the data practices described in this policy.

1. Information We Collect

Data You Provide

We collect personal data that you provide directly to us, including:

• Your name and email address

• Company or organization name (if applicable)

• Any information you submit through forms, support requests, or correspondence

Third-Party Authentication Providers

You may sign in to aiARC using identity providers such as Google, Microsoft, GitHub, Slack, Okta, or LinkedIn.

When you do so, we collect only the minimum information required to authenticate your identity and link your account — typically:

• Your name

• Your email address

• Your unique user ID from the provider

We do not collect, access, or store any other data (such as emails, files, calendars, repositories, or messages) from your connected account.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To authenticate your identity and provide secure login

• To link your identity provider account to your aiARC profile

• To maintain and manage your aiARC account

• To provide and improve our services and respond to support requests

We do not:

• Access or process data from your connected accounts beyond authentication

• Use your data for targeted or personalized advertising

• Sell, rent, or share your personal information for marketing purposes

3. Sharing and Disclosure

We do not sell or rent your information. We share limited data only in the following cases:

• Service Providers: We may share minimal information with trusted vendors that help us operate our services (for example, cloud hosting or authentication services). These vendors act as data sub-processors and are bound by strict confidentiality and security obligations.

• Legal Requirements: We may disclose data when required by law, regulation, or valid legal process.

• With Your Consent: We will share information only if you explicitly authorize it (for example, when connecting a third-party integration).

We do not transfer or disclose authentication data to any third party for purposes other than providing the aiARC service.

4. Data Protection and Security

We take the security of your data seriously and use industry-standard safeguards, including:

• Encryption in transit and at rest (TLS/HTTPS and AES-256)

• Strict access control and authentication management

• Network isolation and continuous security monitoring

• Periodic audits and vulnerability assessments

These safeguards are designed to protect your information from unauthorized access, alteration, or disclosure.

5. Data Retention and Deletion

We retain personal and authentication data only for as long as necessary to operate your account and provide our services.

• When you delete your aiARC account or revoke access via your identity provider, all associated data (name, email, and user ID) is deleted from our systems within 30 days.

• For enterprise users authenticated via Single Sign-On (SSO), we retain user data only while your organization maintains an active aiARC subscription or until your administrator revokes access.

• You can revoke aiARC’s access to your identity provider at any time through your provider’s account settings (for example, your Google Account Permissions page).

We do not retain authentication data beyond the period necessary for legitimate business purposes.

6. International Data Transfers

aiARC operates in the United States. If you access our services from outside the U.S., your information may be transferred to and processed in the U.S. or other jurisdictions that may not provide the same level of data protection.

We take appropriate measures to ensure your information remains protected in accordance with this Privacy Policy and applicable law.

7. Your Rights and Choices

You have the right to:

• Access, update, or delete your account information

• Revoke aiARC’s access to your authentication provider account at any time

• Request deletion of your data by contacting us at privacy@aiarc.io

• Opt out of non-essential communications

We comply with applicable data privacy laws such as the GDPR, CCPA, and other regional regulations regarding access and deletion rights.

8. Children’s Privacy

aiARC is not directed toward children under the age of 13, and we do not knowingly collect personal information from them.

If we learn that we have inadvertently collected such information, we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be reflected with a new “Last Updated” date.

Significant changes will be communicated through our website or via email notice.

10. Contact Us

If you have any questions about this Privacy Policy or our data handling practices, please contact us:

aiARC, Inc.

Email: privacy@aiarc.io

Website: https://www.aiarc.io/privacy

11. Summary of Authentication Data Handling

12. Compliance with Platform Policies

aiARC’s use and transfer of information received from third-party authentication providers (including Google, Microsoft, GitHub, Slack, Okta, and LinkedIn) adheres to each provider’s respective data and API usage policies.

For Google users, aiARC’s use and transfer of information received from Google APIs comply with the Google API Services User Data Policy, including the Limited Use requirements.

Thank you for trusting aiARC.

We are committed to protecting your privacy and ensuring transparency in how we handle your information.