Privacy Policy

We collect information you directly provide to us, including:

• Account Information: Name, email address, and password when you create an account
• Profile Information: Optional profile details you choose to add
• Content: Architecture diagrams, documentation, workflows, and other content you create
• Communications: Messages, feedback, and support requests you send us
• Payment Information: Billing details processed through our payment providers (we do not store full payment card numbers)

When you use Archflow, we automatically collect certain information:

• Usage Data: Features used, actions taken, time spent, and interaction patterns
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, pages viewed, and referring URLs
• Cookies and Similar Technologies: Information collected through cookies, pixels, and local storage

We may receive information from third parties, including:

• Authentication providers if you sign in using OAuth (Google, GitHub, etc.)
• Analytics providers that help us understand usage patterns
• Payment processors regarding transaction status

We use the information we collect to:

• Provide the Service: Create and manage your account, store your content, and deliver our features
• Improve and Develop: Analyze usage patterns, fix bugs, and develop new features
• Personalize Experience: Customize the Service based on your preferences and usage
• Communicate: Send service updates, security alerts, and support messages
• Process Payments: Handle billing, invoicing, and subscription management
• Ensure Security: Detect and prevent fraud, abuse, and security incidents
• Comply with Law: Meet legal obligations and respond to lawful requests
• Power AI Features: Process your input to provide AI-assisted documentation and analysis through Archie

Archflow includes AI-powered features, including our assistant "Archie." When you use these features:

• Your input (such as system descriptions, documentation requests, and architecture details) is processed to generate responses
• We use third-party AI providers (such as OpenAI or Azure OpenAI) to power these features
• Your data may be transmitted to these providers for processing, subject to their privacy policies
• We do not use your content to train AI models without your explicit consent
• AI-generated content is not reviewed by humans unless you report an issue

You can choose not to use AI features, though this may limit certain functionality.

We may share your information in the following circumstances:

4.1 With Your Consent

We share information when you direct us to, such as when you share diagrams or collaborate with team members.

4.2 Service Providers

We work with third-party service providers who perform services on our behalf:

• Cloud hosting and infrastructure (e.g., Azure, Vercel)
• Payment processing
• Analytics and monitoring
• Email delivery
• AI processing services

4.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

4.4 Business Transfers

If Archflow is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.5 Aggregated Data

We may share aggregated, anonymized data that cannot identify you for analytics, research, or marketing purposes.

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records as required by law

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes. Some information may persist in backups for a limited period.

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication mechanisms
• Regular security assessments and updates
• Access controls limiting who can access your data
• Monitoring for suspicious activity

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You can access your data through your account settings. You can export your diagrams and documentation at any time.

7.2 Correction

You can update your account information through your profile settings.

7.3 Deletion

You can delete your account and associated data. Some information may be retained as required by law.

7.4 Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link or updating your preferences.

7.5 Cookies

You can manage cookie preferences through your browser settings. Note that disabling cookies may affect functionality.

7.6 Do Not Track

We currently do not respond to "Do Not Track" browser signals.

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. When we transfer data internationally, we:

• Use appropriate safeguards such as standard contractual clauses
• Ensure our service providers maintain adequate protection
• Comply with applicable data transfer regulations

If you are located in the European Union or European Economic Area, you have additional rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@archflow.app. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us at privacy@archflow.app.

Archflow is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@archflow.app, and we will take steps to delete such information.

We use cookies and similar technologies to:

• Essential Cookies: Required for the Service to function (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand how you use our Service to improve it
• Performance Cookies: Monitor and optimize Service performance

You can control cookies through your browser settings. Blocking certain cookies may limit functionality.

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will provide notice through the Service or via email.

Your continued use of Archflow after changes become effective constitutes your acceptance of the revised Privacy Policy.

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

For data protection inquiries from EU/EEA users, you may also contact our Data Protection representative at the same address.