Arc
Sign inStart now

Privacy

Privacy Policy

Last updated: May 17, 2026

Your transformation is personal. We treat your data the same way. This Privacy Policy explains what we collect, why we collect it, how we protect it, and the choices you have. By using Arc you consent to the practices described here.

1. Information we collect

Account information. Your email address, an encrypted password (or Google sign-in identifier), and any profile details you provide.

Journal content. Photos, notes, measurements, medication logs, milestones, and any other content you choose to add to your journal.

Usage data. Limited technical information such as device type, browser, approximate region (from IP), and basic interaction events that help us keep the Service reliable.

Cookies. We use a small number of essential cookies to keep you signed in. We do not use advertising or cross-site tracking cookies.

2. How we use your information

We use the information we collect to: (a) deliver the journal features you use; (b) authenticate you and secure your account; (c) provide customer support; (d) improve the Service through aggregate, non-identifying analytics; and (e) communicate important account or product updates.

We do not sell your personal data, do not share it with advertisers, and do not use your journal content to train third-party AI models.

3. How your data is protected

Your content is transmitted over TLS and stored in encrypted databases and object storage. Access is restricted by row-level security policies so that only your account can read your journal. Internal access is limited to authorized personnel for support and operations, under strict confidentiality.

4. Sharing

We share data only with trusted infrastructure providers strictly necessary to operate the Service (for example, our managed database and authentication provider), and only to the extent required to deliver the Service to you. These providers act as data processors under contractual obligations to protect your information.

5. Data retention

We keep your data for as long as your account is active. When you delete your account, we delete your journal content and personal data within 30 days, except where retention is required by law (for example, billing records).

6. Your rights

You can access, export, correct, or delete your data at any time from your account settings. You can also withdraw consent or object to certain processing by contacting us. If you are in the EU/EEA, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA, including the right to lodge a complaint with your local data protection authority.

7. Children

Arc is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.

8. International transfers

Your data may be processed in countries other than your own. When we transfer data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses to ensure your data remains protected.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and notify you of material changes in the app or by email.

10. Contact

Privacy questions or requests? Email us at privacy@arc.app.