ARCAContact

Privacy Policy

Last updated: February 2026

Arca (“Arca,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals whose personal data we process. This Privacy Policy describes how Arca Technologies, Inc. collects, uses, discloses, and protects personal data in connection with our websites, applications, and services (collectively, the “Services”).

Arca provides an AI-powered legal assistance platform that integrates with customer-authorized third-party data sources to support legal workflows.

Questions about this Privacy Policy may be directed to contact@arca.inc.

1. Scope

This Privacy Policy applies to personal data processed by Arca in connection with:

  • Our website and marketing activities
  • Customer accounts and authorized users
  • Customer-authorized integrations with third-party services
  • Communications and support interactions

Arca generally acts as:

  • a data processor when processing customer data and integrated content on behalf of customers, and
  • a data controller for account management, billing, website analytics, and marketing-related data.

2. Personal Data We Collect

a. Information You Provide

  • Name, email address, job title, company name
  • Account credentials and authentication information
  • Communications with Arca (support tickets, emails, feedback)
  • Billing and payment-related contact information

b. Integrated Third-Party Data (Customer Data)

At the direction of customers and subject to explicit authorization, Arca may access and process data from third-party services such as:

  • Email (e.g., Gmail)
  • Messaging and collaboration tools (e.g., Slack)
  • Document storage and file repositories (e.g., Google Drive)
  • Contract lifecycle management systems (e.g., Ironclad)

Arca only accesses data that customers explicitly authorize through each integration and only for the purpose of providing the Services. The scope of access is limited by the permissions granted by the customer and the configuration of each integration.

c. Usage and Technical Data

  • IP address
  • Device and browser type
  • Log data, timestamps, and usage metrics
  • Authentication, access, and security logs

d. Cookies and Similar Technologies

We use cookies and similar technologies to operate our website, maintain sessions, and understand usage patterns. You may control cookies through your browser settings.

3. How We Use Personal Data

Arca uses personal data to:

  • Provide, operate, and improve the Services
  • Authenticate users and manage accounts
  • Process customer-authorized data from integrated sources
  • Generate AI-assisted outputs in response to user requests
  • Maintain security, logging, and auditability
  • Process transactions and manage billing
  • Provide customer support and respond to inquiries
  • Comply with legal obligations

Arca:

  • Does not sell or license Customer Data to third parties
  • Does not use Customer Data, including prompts, inputs, outputs, files, or logs, to train, retrain, fine-tune, or otherwise improve any generalized machine learning or AI models
  • Processes Customer Data solely to provide, maintain, secure, and support the Services in accordance with customer instructions
  • Does not disclose Customer Data to third parties except to authorized subprocessors under confidentiality obligations, or as required by applicable law

4. AI Processing and Customer Control

When customers connect third-party integrations:

  • Data is accessed only when requested by an authorized user or system workflow
  • Data is processed for the specific legal or operational task requested
  • Customers retain control over connected data sources and may revoke access at any time

Arca's AI features operate on customer-provided and customer-authorized data and are designed to respect permission boundaries and organizational access controls.

5. Legal Bases for Processing (GDPR)

Where applicable, Arca processes personal data based on:

  • Performance of a contract
  • Legitimate business interests (e.g., security, service improvement)
  • Compliance with legal obligations
  • Consent, where required (e.g., certain integrations or communications)

6. Sharing and Disclosure of Personal Data

Arca may share personal data with:

  • Service providers and subprocessors (e.g., cloud hosting, authentication, monitoring) under contractual confidentiality and security obligations
  • Professional advisors (legal, accounting)
  • Government authorities where required by law

A current list of subprocessors is available upon request or via Arca's Trust Center.

If Arca receives a legal request, subpoena, or court order for Customer Data, Arca will, to the extent legally permitted, provide prompt notice to the affected Customer and cooperate with the Customer in responding to such request.

7. Data Security

Arca implements administrative, technical, and organizational safeguards designed to protect personal data, including:

  • Least-privilege access controls
  • Encryption in transit
  • Monitoring and logging
  • Incident response procedures

Access to Customer Data is restricted to authorized Arca personnel who require access to provide the Services and who are bound by confidentiality obligations. Arca maintains logical separation of Customer Data across customer environments.

Additional details are available in Arca's Security Policy.

8. Data Retention and Deletion

Arca retains personal data only as long as necessary to:

  • Provide the Services
  • Fulfill customer instructions
  • Comply with legal obligations

Customer Data obtained through integrations is retained and deleted in accordance with customer configurations, contractual commitments, and applicable law. Customers may revoke integration access at any time.

9. International Data Transfers

Arca may process and store personal data in the United States and other jurisdictions. Where required, Arca relies on appropriate safeguards such as standard contractual clauses to support international data transfers.

10. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of personal data
  • Restrict or object to processing
  • Receive a copy of your data
  • Withdraw consent where applicable

Requests may be submitted to contact@arca.inc.

11. California Privacy Rights

California residents have the right to:

  • Know what personal data is collected and how it is used
  • Request deletion of personal data
  • Opt out of the sale or sharing of personal data (Arca does not sell personal data)
  • Not be discriminated against for exercising privacy rights

Requests may be submitted to contact@arca.inc.

12. Children's Privacy

The Services are not intended for children under 13, and Arca does not knowingly collect personal data from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date reflects the most recent revision. Material changes will be communicated as required by law.

14. Contact

Arca Technologies, Inc.
contact@arca.inc