ArchAstro

ArchAstro

Developer Portal

Sign inCreate account

Privacy Policy

This Privacy Policy describes how ArchAstro, Inc. ("ArchAstro," "we," "our," or "us") processes personal data in connection with our enterprise platform and services (the "Services").

1. Scope of Data Processing

This policy applies to personal data for which ArchAstro acts as a controller (for example, business contact and account management data). For Customer Data processed through the Services, ArchAstro acts as a processor/service provider under customer instructions, as set out in the applicable master services agreement ("MSA"), data processing agreement ("DPA"), and order form.

In the event of conflict between this policy and a signed customer agreement, the signed customer agreement governs.

1.1 Controller Data (ArchAstro as Controller)

  • Business contact data (name, work email, title, organization).
  • Commercial and account data (contracting and billing contacts, support interactions).
  • Website and product access metadata (IP address, browser/device metadata, timestamps).

1.2 Customer Data (ArchAstro as Processor/Service Provider)

Customers may submit data to the Services, including prompts, files, memory content, integration payloads, agent logs, and workflow artifacts. ArchAstro processes this data only:

  • On documented instructions from the customer.
  • To provide and support the Services.
  • In accordance with applicable contractual terms.

2. Purposes of Processing

ArchAstro processes controller data to:

For Customer Data, ArchAstro processes data solely for service delivery, including model inference and related platform operations such as routing, security monitoring, observability, debugging, and incident response.

  • Provide and administer accounts.
  • Secure the Services and detect misuse.
  • Provide support and customer communications.
  • Operate, maintain, and improve service reliability and performance.
  • Meet legal and contractual obligations.

3. AI/LLM Processing Commitments

  • ArchAstro does not use Customer Data to train ArchAstro-owned models.
  • ArchAstro uses third-party model providers/subprocessors only to perform customer-requested inference and related functionality.
  • ArchAstro does not authorize third-party model providers to use Customer Data for model training where restricted by our contractual terms and technical configuration.
  • ArchAstro may process limited telemetry/metadata (for example latency, token counts, model identifiers, error rates) to operate and improve the Services; such processing does not change ownership or controller/processor roles defined in customer agreements.

4. Legal Bases (Where Applicable)

Where required by law, ArchAstro relies on one or more legal bases for controller processing, including:

  • Performance of a contract.
  • Legitimate interests (for example service security and reliability).
  • Compliance with legal obligations.
  • Consent, where legally required.

5. Disclosure and Subprocessors

ArchAstro does not sell personal data. ArchAstro may disclose data to:

ArchAstro maintains a subprocessor list and will provide relevant subprocessor information through customer documentation or the contract process.

  • Approved subprocessors and infrastructure providers under contractual confidentiality and data protection obligations.
  • Professional advisors (legal, audit, insurance) under confidentiality obligations.
  • Competent authorities when required by law or valid legal process.
  • Successors in connection with a corporate transaction, subject to appropriate protections.

6. Security Measures

ArchAstro maintains administrative, technical, and organizational safeguards designed to protect data, including access controls, encryption in transit, encryption at rest, logging, and security monitoring.

Security commitments, audit rights, and incident obligations are governed by the applicable MSA/DPA and security exhibits.

7. Incident Notification

If ArchAstro confirms a security incident affecting Customer Data, ArchAstro will notify the affected customer without undue delay and in accordance with applicable contractual and legal requirements.

8. International Data Transfers

ArchAstro is headquartered in the United States. Where required by applicable data protection law, ArchAstro implements appropriate safeguards for cross-border transfers (for example, contractual transfer mechanisms) as set out in applicable customer agreements.

9. Retention and Deletion

  • Controller data is retained according to business need, legal obligations, and recordkeeping requirements.
  • Customer Data retention, deletion, and export timelines are governed by the customer contract and service configuration. Upon termination or expiration, ArchAstro handles Customer Data per contractual commitments.

10. Data Subject Requests

For controller data, individuals may request access, correction, deletion, or restriction, subject to applicable law.

For Customer Data processed by ArchAstro as processor/service provider, requests should be directed to the relevant customer as controller.

Requests may be sent to: privacy@archastro.ai

11. Changes to This Policy

ArchAstro may update this policy periodically. The updated version will include a revised "Last updated" date. Material changes will be communicated as required by law or contract.

12. Contact

ArchAstro, Inc.