Privacy Policy

Last updated: February 14, 2026

1. Introduction

Arcus ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI governance platform, website, and related services (collectively, the "Service").

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, job title, and organizational affiliation.
  • Organization Data: Company name, country of operation, industry sector, and employee count for compliance assessment purposes.
  • AI System Data: Descriptions, purposes, data types, decision categories, and deployment contexts of the AI systems you register for risk classification.
  • Waitlist Information: Email address and optional company name submitted through our waitlist form.
  • Communications: Information you provide when you contact us for support or feedback.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Cookies: We use essential cookies for authentication and session management. See Section 5 for details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the Service, including AI risk classification, compliance documentation, and governance analytics.
  • To process and complete AI system risk assessments, generating classification results, applicable regulation references, and compliance recommendations.
  • To create and manage your account, authenticate your identity, and provide customer support.
  • To send you service-related notifications, classification alerts, and compliance updates.
  • To analyze usage patterns and improve user experience, platform performance, and classification accuracy.
  • To comply with legal obligations, including EU AI Act and Australian Privacy Act requirements.
  • To detect, prevent, and address technical issues, security vulnerabilities, and fraudulent activity.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Service Providers: We share data with trusted third-party providers who assist us in operating the Service, including cloud hosting (Supabase), AI processing (Anthropic Claude), and analytics providers. These providers are contractually bound to protect your data.
  • Within Your Organization: Team members within your organization can access shared AI system data, classification results, and compliance documents based on their assigned roles.
  • Legal Requirements: We may disclose your information when required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • With Your Consent: We may share your information for any other purpose with your explicit consent.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Preference Cookies: Store your settings such as theme preference (light/dark mode) and language selection.
  • Analytics Cookies: Help us understand how the Service is used and identify areas for improvement. You can opt out of analytics tracking.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

6. Data Security

We implement industry-standard security measures to protect your information:

  • All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Access to personal data is restricted to authorized personnel on a need-to-know basis.
  • Row Level Security (RLS) policies ensure data isolation between organizations at the database level.
  • Regular security assessments and vulnerability scanning are conducted to maintain platform integrity.
  • AI system data submitted for classification is processed securely and is not used to train third-party AI models.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Rectification: Request correction of inaccurate or incomplete personal information.
  • Erasure: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a structured, commonly used, machine-readable format.
  • Restriction: Request limitation of processing of your personal information.
  • Objection: Object to processing of your personal information for certain purposes.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days as required by applicable law.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Your continued use of the Service after changes constitutes acceptance of the revised policy.