Privacy Policy

Last updated: 7/23/2025

1. Introduction

Welcome to Archways ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS management platform.

2. Data Controller and Processor Roles

Archways acts as a data controller when collecting and using personal information you provide directly to us — such as during account registration, subscription management, or support communications.

When customers input data into our platform for evaluation or matching purposes (e.g., software inventories or requirements), Archways acts as a data processor, handling that data on behalf of the customer in accordance with their instructions and applicable data protection laws.

Where required, Archways offers a Data Processing Agreement (DPA) that outlines our obligations as a processor under applicable data protection laws. Please contact us to request a copy.

3. Information We Collect

3.1 Personal Information

We collect personal information that you provide to us, including but not limited to:

  • Name and contact information (email address, phone number)
  • Account credentials
  • Organization details
  • Payment information (processed securely through our payment providers)
  • Communications you send to us

3.2 Usage Information

We automatically collect certain information when you use our services:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns and preferences
  • Performance data

3.3 Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Maintain your session
  • Remember your preferences
  • Analyze usage patterns (with your consent)
  • Provide customer support (with your consent)

4. How We Use Your Information

We use your information to:

  • Provide and maintain our services
  • Process transactions and manage subscriptions
  • Send important service updates and notifications
  • Respond to your requests and provide customer support
  • Improve and personalize our services
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • With your consent, send marketing communications

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Contract: To provide our services and fulfill our agreement with you
  • Legitimate Interests: To improve our services, ensure security, and conduct business operations
  • Consent: For marketing communications and analytics
  • Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third parties that help us operate our business (e.g., Supabase for data storage, Clerk for authentication, Vercel for hosting)
  • Analytics Providers: PostHog for product analytics (with your consent)
  • Customer Support: Intercom for customer communications (with your consent)
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

We do not sell your personal information to third parties.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Employee training on data protection

8. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Portability: Receive your data in a structured format
  • Objection: Object to certain processing activities
  • Restriction: Request limited processing of your data
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, please contact us at privacy@archways.ai

9. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. When determining retention periods, we consider:

  • The duration of our relationship with you
  • Legal and regulatory requirements
  • The nature of the data collected
  • Potential legal claims

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions
  • Other lawful transfer mechanisms

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Cookie Policy

We use the following types of cookies:

  • Necessary Cookies: Essential for website functionality
  • Analytics Cookies: Help us understand usage patterns (requires consent)
  • Marketing Cookies: Used for customer support and communications (requires consent)

EU users will be presented with a cookie consent banner to manage their preferences.

13. Third-Party API Usage

13.1 Google Workspace API Limited Use Compliance

Our application's use of information received from Google Workspace APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

13.2 Google Services Integration

We integrate with the following Google services to provide our SaaS management platform:

  • Google Workspace Admin SDK: To discover and analyze SaaS applications used within your organization
  • Gmail API: To scan email accounts for vendor invoices and billing information

13.3 Data Usage Restrictions

When accessing data through Google Workspace APIs, we:

  • Only access the minimum data necessary to provide our core SaaS management features
  • Do not use Google Workspace data for advertising purposes
  • Do not use Google Workspace data to develop, improve, or train generalized AI or ML models
  • Limit data usage to providing the specific features visible in our application interface
  • Do not create permanent copies or databases of Google Workspace data beyond what is necessary for service delivery

13.4 Data Security for Google Workspace Data

We treat all data obtained through Google Workspace APIs with the highest security standards, ensuring:

  • Secure transmission and storage of all Google Workspace data
  • Organization-level access controls and token isolation
  • Regular security assessments and monitoring
  • Compliance with Google's security requirements for API access

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Archways

Email: privacy@archways.ai

Address: Archways AI, 12 Branch Place, London N1 5DU, United Kingdom

For EU residents: You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your personal data appropriately.