ArchDocArchDoc
Get started
Back to home
Legal

Privacy Policy

Last updated: February 22, 2026

Effective date: February 22, 2026

ArchDoc ("we", "us", or "our") operates the ArchDoc platform accessible at https://archdoc.dev (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

This policy is drafted to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable privacy laws.

1. Data Controller / Business Identity

For purposes of the GDPR and related EU/UK data protection law, ArchDoc is the data controller of personal data collected through the Service.

Company: ArchDoc

Privacy contact: contactarchdoc@gmail.com

Data Protection Officer (DPO): contactarchdoc@gmail.com

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: name, email address, password (hashed), organization name, and role.
  • Profile information: profile photo and biography (optional).
  • Payment information: billing name, billing address, and payment method details (processed and stored by our payment processor; we do not store raw card numbers).
  • Content you create: documents, diagrams, comments, sign-off decisions, and any other content you submit to the Service.
  • Communications: emails or support tickets you send us.
  • GitHub OAuth tokens: when you connect a GitHub account, we store an OAuth access token to enable repository sync on your behalf.

2.2 Information Collected Automatically

  • Log data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps.
  • Device data: device identifiers, screen resolution, and language settings.
  • Usage data: features used, clicks, navigation paths, and session duration.
  • Cookies and similar technologies: see Section 5 below.

2.3 Information from Third Parties

  • Google Analytics: aggregated and pseudonymised usage and demographic statistics.
  • Google Ads: conversion and advertising attribution data.
  • GitHub: repository metadata and OAuth profile information when you connect a GitHub account.
  • Payment processors: transaction status and last-four card digits for display purposes.

3. How We Use Your Information

We use personal data for the following purposes and rely on the corresponding legal bases under the GDPR:

PurposeGDPR Legal Basis
Providing and operating the ServicePerformance of a contract (Art. 6(1)(b))
Account registration and authenticationPerformance of a contract (Art. 6(1)(b))
Processing payments and managing subscriptionsPerformance of a contract (Art. 6(1)(b))
Sending transactional emails (receipts, sign-off notifications)Performance of a contract (Art. 6(1)(b))
Responding to support requestsLegitimate interests (Art. 6(1)(f))
Improving and securing the ServiceLegitimate interests (Art. 6(1)(f))
Analytics (Google Analytics)Consent (Art. 6(1)(a)) — via cookie consent banner
Advertising and conversion tracking (Google Ads)Consent (Art. 6(1)(a)) — via cookie consent banner
Sending marketing emails (opt-in only)Consent (Art. 6(1)(a))
Complying with legal obligationsLegal obligation (Art. 6(1)(c))

4. How We Share Your Information

We do not sell your personal information. We share data only as follows:

  • Service providers (data processors): third-party vendors that help us operate the Service (e.g., cloud hosting, payment processing, email delivery, analytics) under written data processing agreements.
  • Google LLC: for Google Analytics (analytics) and Google Ads (advertising). Data may be transferred to and processed in the United States. Google participates in the EU–US Data Privacy Framework.
  • GitHub, Inc.: repository data is exchanged via the GitHub API when you connect a GitHub account. Governed by GitHub’s own Privacy Policy.
  • Team members: document content you create is visible to other members of your workspace as determined by your organization’s access settings.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
  • Legal requirements: when required by law, court order, or governmental authority, or to protect the rights and safety of ArchDoc, our users, or the public.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. You can control cookies through our cookie consent banner and your browser settings.

CategoryProviderPurposeConsent required?
Strictly necessaryArchDocSession management, authentication, securityNo
AnalyticsGoogle Analytics 4Site usage statistics, page performanceYes
AdvertisingGoogle Ads / DoubleClickConversion tracking, remarketing audiencesYes
PreferencesArchDocTheme and language preferencesNo

For EU/EEA/UK visitors, we display a cookie consent banner on first visit. Analytics and advertising cookies are only set after you give consent. You may withdraw consent at any time by clicking "Cookie settings" in the footer.

For California residents, we treat cookies used for targeted advertising as a "sharing" of personal information for cross-context behavioural advertising. You may opt out via the "Do Not Sell or Share My Personal Information" link in the footer or by enabling a Global Privacy Control (GPC) signal in your browser — which we honour automatically.

More information about Google’s data practices: policies.google.com/privacy.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, which may not provide the same level of data protection as your home country. Where required, we rely on appropriate transfer mechanisms including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • The EU–US Data Privacy Framework (for transfers to certified US organisations).
  • The UK International Data Transfer Agreement (UK IDTA) for transfers from the UK.

7. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. We will also retain and use data as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account data is retained for the lifetime of your account plus up to 90 days after deletion (for recovery purposes).
  • Billing records are retained for 7 years to satisfy tax and accounting obligations.
  • Server logs are retained for up to 12 months.
  • Analytics data (Google Analytics) is subject to Google’s own retention settings (default: 14 months).

8. Your Rights (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR / UK GDPR:

  • Right of access (Art. 15): obtain a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
  • Right to restriction (Art. 18): restrict how we process your data in certain circumstances.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent (Art. 7(3)): withdraw consent at any time where processing is based on consent.
  • Right to lodge a complaint: file a complaint with your local data protection authority (e.g., the ICO in the UK or a supervisory authority in your EU member state).

To exercise any of these rights, contact us at contactarchdoc@gmail.com. We will respond within 30 days (extendable to 90 days for complex requests with notice).

9. Your Rights Under the CCPA / CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

  • Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: request that we delete personal information we have collected about you, subject to certain exceptions.
  • Right to correct: request that we correct inaccurate personal information.
  • Right to opt out of sale/sharing: we do not sell personal information for monetary consideration. However, we share data with Google for targeted advertising, which may constitute "sharing" under the CPRA. You may opt out via the "Do Not Sell or Share My Personal Information" link in the footer or by enabling a GPC signal.
  • Right to limit use of sensitive personal information: we do not use sensitive personal information beyond what is necessary to provide the Service.
  • Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights.

Submitting a request: Email us at contactarchdoc@gmail.com with the subject line "California Privacy Request". We will verify your identity before processing the request and respond within 45 days (extendable by a further 45 days with notice).

Authorised agent: You may designate an authorised agent to submit a request on your behalf by providing written authorisation and verifying your own identity with us.

Categories of personal information collected (CCPA categories):

  • Identifiers (name, email address, IP address)
  • Commercial information (subscription plan, billing records)
  • Internet or other electronic network activity information (usage logs, cookies)
  • Geolocation data (approximate, derived from IP)
  • Professional or employment-related information (organisation name, job role)
  • Inferences drawn from the above to create a user profile

10. Children’s Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately at contactarchdoc@gmail.com and we will delete it promptly.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular security reviews. For more information, see our Security page.

12. Third-Party Links

Our Service may contain links to third-party websites, including GitHub. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date above, and — where required by law — by sending you an email notification. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: contactarchdoc@gmail.com

DPO: contactarchdoc@gmail.com

Website: https://archdoc.dev