Privacy Policy

1. Data Controller

Arcamatrix is the data controller. Contact: support@arcamatrix.com

2. Data We Collect

• Account data: email address, hashed password
• Usage data: token consumption, session metadata
• Payment data: processed by Stripe (we do not store card details)
• Analytics: anonymous usage via PostHog (opt-in via cookie consent)

3. Legal Basis (GDPR Art. 6)

• Contract performance: account, billing, service delivery
• Consent: analytics cookies (revocable at any time)
• Legitimate interest: security monitoring, fraud prevention

4. Data Storage

All data is stored on EU-based infrastructure (Hetzner, Helsinki/Falkenstein, Germany). No data is transferred outside the EU/EEA.

5. Data Retention

Account data is retained while your account is active. Upon deletion, all personal data is removed within 30 days. Chat logs and AI-generated content are purged immediately.

6. Your Rights (GDPR Art. 15-22)

• Access: request a copy of your data
• Rectification: correct inaccurate data
• Erasure: delete your account and all associated data
• Portability: export your data in machine-readable format
• Objection: opt out of analytics processing

Exercise your rights via the GDPR section in your account settings or by emailing us.

7. Cookies

We use essential cookies (session, CSRF) and optional analytics cookies (PostHog). Analytics cookies are only set after explicit consent via our cookie banner.

8. Third-Party Processors

• Stripe (payments) — US, EU SCCs
• Brevo (transactional email) — EU
• Sentry (error tracking) — EU
• PostHog (analytics, opt-in) — EU

9. Contact

Data protection inquiries: support@arcamatrix.com