Privacy Policy

1. Introduction

Arkhos Inc. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our website and services.

As a European-first company based in Paris, France, we comply with the General Data Protection Regulation (GDPR) and ensure your data sovereignty.

2. Data We Collect

2.1 Waitlist Information

When you join our waitlist, we collect:

• Email address
• Language preference (EN/FR)
• Signup timestamp
• Source of signup (e.g., landing page)

2.2 Technical Data

We automatically collect:

• Browser type and version
• IP address (anonymized)
• Page visit timestamps

3. How We Use Your Data

We use your information to:

• Send you updates about Arkhos platform launch
• Provide early access to beta features
• Improve our services based on user feedback
• Comply with legal obligations

4. Data Storage & Security

Your data is stored on Supabase servers located in the European Union. We implement industry-standard security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Row-level security (RLS) policies
• Regular security audits
• Access controls and authentication

5. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing of your data

To exercise these rights, contact us at: contact@arkhos.io

6. AI Act Compliance

Arkhos uses AI technology (Claude Sonnet 4.5) to generate code. In compliance with the EU AI Act:

• Transparency: All code is generated by AI, clearly disclosed to users
• Human Oversight: Generated code is provided for human review and validation
• Accuracy: We use state-of-the-art models with deterministic guardrails
• Data Governance: No training on user data; all interactions are sovereign and private
• Risk Classification: Code generation is considered limited-risk AI under EU AI Act

7. Cookies

We use only essential cookies to:

• Remember your language preference
• Store your cookie consent choice

We do not use third-party tracking cookies or analytics that compromise your privacy.

8. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data only:

• With service providers (e.g., Supabase for hosting) under strict data processing agreements
• When required by law or legal process
• To protect our rights or safety

9. Contact Us

For privacy-related questions or requests:

10. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Waitlist data: Until platform launch or until you request deletion
• Inactive accounts: 3 years of inactivity
• Legal obligations: As required by French law

11. Data Transfers

✅ EU Data Residency Guaranteed
Your data remains in the European Union. All infrastructure is hosted on EU-based servers (Supabase/Scaleway in France). We do not transfer data outside the EU.

12. Legal Basis for Processing (GDPR Article 6)

We process your data based on:

• Consent: You provide explicit consent when joining the waitlist
• Legitimate Interest: To operate and improve our services
• Legal Obligation: To comply with applicable French and EU laws

13. Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with the French data protection authority:

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. Continued use of our services after changes constitutes acceptance of the updated policy.