Privacy Policy

Effective: July 2026 · Last updated: July 2026

1. Who We Are

ArcHive ("ArcHive," "we," "our," or "us") is the operator of the ArcHive mobile application and this website. ArcHive is a private social accountability platform that helps people document their personal growth through shared goals with friends.

This Privacy Policy explains how we collect, use, store, and share information about you when you use our App or visit our website. It also explains your rights regarding your personal data.

If you have questions about this Policy or how we handle your data, please contact us at [email protected].

2. What We Collect

We collect only what is necessary to provide ArcHive's features. Here is a breakdown:

CategoryWhat it includesRequired?
Account informationDisplay name, username, email address or phone number, password (hashed), profile photoRequired
Profile contentBio, current arc/goal descriptionOptional
Hive dataHive names, goals, goal categories, duration, member lists, invite codes you generate or useRequired
User contentPhotos and videos you post as check-ins, captions you write, reactions you giveRequired to use posting features
Activity dataStreak counts, check-in history, consistency scores, hive completion records, day numbersRequired
Buzz conversationsMessages you send to and receive from the Buzz AI agent, including goal onboarding answersOptional
Device informationDevice type, operating system, app version, timezone (used for midnight streak cut-off logic)Required
Usage dataFeatures accessed, actions taken, session timestamps — for beta analytics onlyRequired

We do not collect: your precise GPS location, contacts list, microphone audio, camera footage beyond what you intentionally post, or any payment information (ArcHive is free during beta).

3. How We Collect It

Directly from you

Most data we collect comes directly from you when you:

Automatically from your device

When you use the App, we automatically collect:

From other users

When another user invites you to a Hive using your invite code, we receive the connection between your account and theirs. We do not collect data about you from any third-party data brokers or advertising platforms.

4. How We Use Your Data

We use your data for the following purposes, all directly related to operating ArcHive:

Core service operation

Buzz AI agent

Beta improvement

Communication

We do not use your data for advertising. We have no advertising business model. We do not build advertising profiles, sell data to advertisers, or allow third-party ad targeting through ArcHive.

5. Who We Share Your Data With

We share your data only in the following circumstances:

Within your Hive

Other members of your Hive can see:

Your email address, phone number, Buzz conversations, and private account settings are never visible to other users.

Service providers

We use a small number of third-party services to operate ArcHive. Each has been selected for reliability and data protection standards:

ProviderPurposeData shared
SupabaseDatabase, authentication, file storageAll app data including account info, posts, hive data, and media files
AnthropicPowers the Buzz AI agentYour Buzz conversation messages, goal context, and streak data — sent per session to generate AI responses
Apple (iOS)App distribution and push notificationsPush notification tokens; standard App Store analytics

Legal requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of ArcHive, our users, or the public.

Business transfers

If ArcHive is acquired, merged, or its assets are transferred, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We never sell your data

We do not sell, rent, or trade your personal information to any third party for any purpose, including advertising or marketing.

6. Buzz AI & Third-Party AI Processing

Buzz is powered by the Anthropic Claude API. When you send a message to Buzz, the following data is transmitted to Anthropic's servers to generate a response:

Important: Your Buzz conversations are processed by Anthropic's AI systems. Anthropic's own privacy practices apply to this processing. We encourage you to review Anthropic's Privacy Policy. We have selected Anthropic as a provider with strong data protection commitments, and your data is transmitted securely over HTTPS.

Anthropic may use your conversation data in accordance with its own policies. We do not send Anthropic your email address, phone number, or any data beyond what is listed above.

If you do not wish to use Buzz, you may simply not open the Buzz chat drawer. No conversation data is sent to Anthropic unless you actively initiate a Buzz session.

7. Data Storage & Security

Where your data lives

Your data is stored on Supabase's infrastructure. Supabase uses PostgreSQL databases and object storage (for photos and videos), hosted on cloud infrastructure in the United States. Supabase is SOC 2 Type II compliant.

Security measures

We implement the following security practices:

Beta limitations

As a beta product, our security posture is strong for this stage but continues to be developed. We recommend not posting highly sensitive personal information to the App. No security system is perfect, and we cannot guarantee absolute security.

If you become aware of a security vulnerability, please contact us immediately at [email protected].

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the service.

Data typeRetention period
Account informationUntil you delete your account, then within 30 days
Posts (photos, videos, captions)Until deleted by you or your account is deleted
Hive data and membership recordsUntil the Hive is archived and all members have deleted their accounts, or upon request
Streak and activity dataUntil account deletion
Buzz conversations12 months of rolling history, or until account deletion
Usage analytics (anonymized)Up to 24 months in aggregated, anonymized form
Error logs90 days

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law. Anonymized aggregate data (e.g., "X% of beta users completed a 30-day hive") may be retained indefinitely as it cannot identify you.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights regardless of where you live.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

California residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we collect and the right to opt out of the "sale" of personal information. We do not sell personal information, so the opt-out right does not apply. To exercise your other CCPA rights, contact us at the address below.

EEA and UK residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, you have rights under the GDPR and UK GDPR respectively, including those listed above. Our legal basis for processing your data is primarily contract performance (operating the App you signed up for) and legitimate interests (improving the beta product). You may also have the right to lodge a complaint with your local supervisory authority.

10. Children's Privacy

ArcHive is not designed for or directed at children under the age of 13. We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will delete that information promptly. This is in compliance with the Children's Online Privacy Protection Act (COPPA).

Users aged 13–17 may use ArcHive with parental or guardian consent. If you are a parent or guardian and believe your child has created an account without your consent, please contact us at [email protected].

11. Push Notifications

ArcHive may send you push notifications for:

Push notifications require your explicit permission, which iOS will request when you first use the App. You can disable notifications at any time in your device's Settings app. Disabling notifications will not affect your ability to use ArcHive, but you may miss streak reminders.

To send push notifications, your device's push token is shared with Apple's Push Notification Service (APNs). This is standard practice for all iOS apps.

12. Cookies & Analytics

The ArcHive mobile app does not use cookies. This website (arc-hiveinfo.com) uses only essential cookies necessary for basic functionality such as remembering your scroll position in these legal documents.

Analytics

During the beta period, we use basic usage analytics within the App (not this website) to understand how features are being used. This data is:

We may add additional analytics tooling as the product matures. We will update this Policy if and when we do.

13. International Data Transfers

ArcHive is operated from the United States. Our infrastructure (Supabase) is hosted in the United States. If you are accessing ArcHive from outside the United States, please be aware that your data will be transferred to, processed, and stored in the United States.

For users in the EEA or UK, we ensure that transfers of personal data to the United States are protected by appropriate safeguards. Supabase is GDPR-compliant and provides Standard Contractual Clauses (SCCs) for data transfers.

By using ArcHive, you consent to this transfer.

14. Changes to This Policy

We may update this Privacy Policy as ArcHive develops beyond the beta phase. When we make material changes, we will:

We encourage you to review this Policy periodically. Continued use of ArcHive after changes are posted constitutes your acceptance of the updated Policy.

15. Contact & Data Requests

For privacy questions, data access requests, deletion requests, or any concerns about how we handle your data, please reach out to us directly.

For security vulnerabilities, please use the security contact address rather than the general privacy address.

Privacy & data requests

Access, deletion, correction, and portability requests. We respond within 30 days.

[email protected]

Security vulnerabilities

[email protected]