Now accepting design partners — Platform teams & regulated enterprises. Limited pilots available. Apply now →
Sign In Request Access
U
Dashboard

Privacy Policy

Last updated: February 4, 2025

Table of Contents
  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Your Code & Data
  5. Information Sharing
  6. Data Security
  7. Data Retention
  8. Your Rights
  9. Cookies & Tracking
  10. Children's Privacy
  11. Changes to Policy
  12. Contact Us

1. Introduction

ArchRails ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Please read this Privacy Policy carefully. By using ArchRails, you consent to the data practices described in this policy.

TL;DR: We collect minimal data needed to provide the service. We don't store your source code. We don't sell your data. Your code stays yours.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Company name (optional)
  • Password (hashed and encrypted)

2.2 GitHub Integration

When you connect your GitHub account, we receive:

  • GitHub username and profile information
  • Repository names and metadata
  • Pull request diffs and metadata (for review purposes)
  • Organization membership (if applicable)

2.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information (operating system, device type)
  • Usage patterns (features used, frequency)
  • Performance data (response times, errors)

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number. We receive:

  • Last 4 digits of card
  • Card type and expiration
  • Billing address
  • Transaction history

3. How We Use Your Information

We use your information to:

Purpose Legal Basis
Provide and maintain the Service Contract performance
Process payments Contract performance
Send service-related communications Legitimate interest
Improve and optimize the Service Legitimate interest
Detect and prevent fraud Legitimate interest
Respond to support requests Contract performance
Send marketing communications (with consent) Consent

4. Your Code & Data

Important: We do NOT store your source code. Pull request diffs are processed in memory and discarded after the review is complete.

4.1 Code Processing

When reviewing pull requests:

  • We fetch the PR diff directly from GitHub
  • The diff is processed in memory by our analysis engine
  • Review comments are generated and posted to GitHub
  • The diff is immediately discarded after processing
  • We do not store, log, or retain your source code

4.2 Tech Design Documents

If you upload tech design documents:

  • Documents are stored encrypted at rest
  • Access is restricted to your account only
  • You can delete documents at any time
  • Documents are permanently deleted within 30 days of account closure

4.3 Review History

We retain metadata about reviews (timestamps, issue counts, status) for analytics and billing purposes. This metadata does not include your source code.

5. Information Sharing

We do not sell your personal information. We may share data with:

5.1 Service Providers

  • AWS - Cloud infrastructure
  • Stripe - Payment processing
  • GitHub - Repository integration
  • Anthropic - AI model provider (for code analysis)

5.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests (e.g., subpoenas, court orders).

5.3 Business Transfers

If ArchRails is acquired or merged, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Security

We implement industry-standard security measures:

  • All data encrypted in transit (TLS 1.3)
  • Data encrypted at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Monitoring and alerting for suspicious activity
  • SOC 2 Type II compliance (in progress)

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Usage logs: Retained for 90 days
  • Billing records: Retained for 7 years (legal requirement)
  • Support tickets: Retained for 2 years
  • Source code: Never stored

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing
  • Withdraw consent: Withdraw consent for marketing

To exercise these rights, contact us at hello@archrails.io.

9. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential cookies: Authentication, security, preferences
  • Analytics cookies: Understanding usage patterns (can be disabled)

We do not use advertising cookies or sell data to advertisers.

You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality.

10. Children's Privacy

ArchRails is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending an email notification (for material changes)

We encourage you to review this policy periodically.

12. Contact Us

For privacy-related questions or to exercise your rights:

We will respond to your request within 30 days.