ArcPulseLabs

Legal

Privacy Policy

Last updated: April 23, 2026

This policy explains what personal data ArcPulseLabs collects, why we collect it, how we protect it, and what rights you have. It applies to the public marketing site at arcpulselabs.com and to client engagements unless a separate data-processing agreement with you says otherwise.

Who we are

ArcPulseLabs is a software studio. For the purposes of this policy and applicable data-protection law, ArcPulseLabs is the data controller for personal data collected through this website. For data processed on behalf of a client inside an application we build for them, the client is the controller and ArcPulseLabs acts as a processor under the terms of the relevant engagement.

Contact for privacy matters: [email protected].

What we collect

On this marketing site we collect very little. If you email us, we receive the address you write from and the contents of your message. The site does not use analytics, advertising trackers, or third-party cookies. Our web server logs standard request metadata (IP address, user-agent, URL, timestamp) for a short period to protect the service and investigate abuse.

Inside client applications we build, the data collected is whatever that application requires to function, as defined by the client. We document it in the engagement and do not repurpose it.

Why we process it

We process the information above to respond to inquiries you send us, to operate and secure our website, to perform the services you've engaged us for, and to comply with legal obligations. We rely on legitimate interest for routine site operation and security, on contract performance for client work, and on consent where the law requires it.

How we protect it

Data is encrypted in transit (TLS) and at rest. Access to systems holding personal data is restricted to engineers who need it for a specific task, authenticated with strong credentials, and audited. We maintain backups with the same protections and retain data only as long as we need it for the purpose it was collected.

AI processing

We do not train AI models on client data. When an application we build for you uses third-party AI providers, we configure those providers so your inputs and outputs are not retained beyond processing and are not used to train their models, and we document those configurations in the engagement.

Sub-processors

We use a small number of reputable infrastructure and tooling providers — for example hosting, container registry, DNS, and email. A current list is available on request by emailing [email protected]. Where required, we have data-processing agreements in place with these providers.

Your rights

Depending on where you live, you may have the right to access the personal data we hold about you, to correct it, to have it deleted, to object to or restrict certain processing, and to receive a copy in a portable form. To exercise any of these rights, email [email protected]. We will respond within the timeframe required by applicable law.

International transfers

Our infrastructure providers may process data in jurisdictions outside your own. Where required, we rely on recognized transfer mechanisms such as the EU Standard Contractual Clauses.

Changes

We may update this policy as our services or the law change. Material changes will be reflected in the "last updated" date above and, where appropriate, communicated directly.