Privacy Policy
1. Who We Are
ArcHive ("ArcHive," "we," "our," or "us") is the operator of the ArcHive mobile application and this website. ArcHive is a private social accountability platform that helps people document their personal growth through shared goals with friends.
This Privacy Policy explains how we collect, use, store, and share information about you when you use our App or visit our website. It also explains your rights regarding your personal data.
If you have questions about this Policy or how we handle your data, please contact us at privacy@arc-hive.io.
2. What We Collect
We collect only what is necessary to provide ArcHive's features. Here is a breakdown:
| Category | What it includes | Required? |
|---|---|---|
| Account information | Display name, username, email address or phone number, password (hashed), profile photo | Required |
| Profile content | Bio, current arc/goal description | Optional |
| Hive data | Hive names, goals, goal categories, duration, member lists, invite codes you generate or use | Required |
| User content | Photos and videos you post as check-ins, captions you write, reactions you give | Required to use posting features |
| Activity data | Streak counts, check-in history, consistency scores, hive completion records, day numbers | Required |
| Buzz conversations | Messages you send to and receive from the Buzz AI agent, including goal onboarding answers | Optional |
| Device information | Device type, operating system, app version, timezone (used for midnight streak cut-off logic) | Required |
| Usage data | Features accessed, actions taken, session timestamps — for beta analytics only | Required |
We do not collect: your precise GPS location, contacts list, microphone audio, camera footage beyond what you intentionally post, or any payment information (ArcHive is free during beta).
3. How We Collect It
Directly from you
Most data we collect comes directly from you when you:
- Create an account and fill in your profile
- Create or join a Hive
- Post a photo, video, or caption as a check-in
- React to another member's post
- Send messages to Buzz
- Answer goal onboarding questions when starting a Hive
Automatically from your device
When you use the App, we automatically collect:
- Device type and operating system version
- App version and session timestamps
- Local timezone (for accurate midnight streak calculation)
- Crash reports and error logs (to fix bugs during beta)
- Basic usage analytics — which features are used, how often
From other users
When another user invites you to a Hive using your invite code, we receive the connection between your account and theirs. We do not collect data about you from any third-party data brokers or advertising platforms.
4. How We Use Your Data
We use your data for the following purposes, all directly related to operating ArcHive:
Core service operation
- Creating and managing your account
- Running the Hive system — creating hives, managing memberships, generating invite codes
- Storing and displaying your posts to your Hive members
- Calculating and displaying streaks, consistency scores, and completion stats
- Powering the Rank leaderboard within your Hives
- Building your profile's arc history
Buzz AI agent
- Sending your Buzz conversation history and goal context to the Anthropic Claude API to generate personalized responses
- Storing conversation history to maintain context between sessions
- Using your streak data and check-in history to personalize Buzz's insights
Beta improvement
- Analyzing usage patterns to understand which features are working and which need improvement
- Processing crash reports and error logs to fix bugs
- Tracking the beta success metrics described in our product brief (e.g., day-7 retention, posting rates)
Communication
- Sending streak reminders and grace day notifications (push notifications, opt-in)
- Sending important updates about the beta program or these Terms
- Responding to your support requests
We do not use your data for advertising. We have no advertising business model. We do not build advertising profiles, sell data to advertisers, or allow third-party ad targeting through ArcHive.
5. Who We Share Your Data With
We share your data only in the following circumstances:
Within your Hive
Other members of your Hive can see:
- Your display name, username, and profile photo
- Your check-in posts (photos, videos, captions) within that Hive
- Your current streak, day number, and whether you've posted today
- Your position on the Hive's leaderboard
- Your completed arc history (visible on your profile if they share a Hive with you)
Your email address, phone number, Buzz conversations, and private account settings are never visible to other users.
Service providers
We use a small number of third-party services to operate ArcHive. Each has been selected for reliability and data protection standards:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All app data including account info, posts, hive data, and media files |
| Anthropic | Powers the Buzz AI agent | Your Buzz conversation messages, goal context, and streak data — sent per session to generate AI responses |
| Apple (iOS) | App distribution and push notifications | Push notification tokens; standard App Store analytics |
Legal requirements
We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of ArcHive, our users, or the public.
Business transfers
If ArcHive is acquired, merged, or its assets are transferred, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
We never sell your data
We do not sell, rent, or trade your personal information to any third party for any purpose, including advertising or marketing.
6. Buzz AI & Third-Party AI Processing
Buzz is powered by the Anthropic Claude API. When you send a message to Buzz, the following data is transmitted to Anthropic's servers to generate a response:
- Your message content
- Relevant conversation history (stored in our database)
- Contextual data: your display name, current Hive name, goal, current streak, and goal onboarding answers
Important: Your Buzz conversations are processed by Anthropic's AI systems. Anthropic's own privacy practices apply to this processing. We encourage you to review Anthropic's Privacy Policy. We have selected Anthropic as a provider with strong data protection commitments, and your data is transmitted securely over HTTPS.
Anthropic may use your conversation data in accordance with its own policies. We do not send Anthropic your email address, phone number, or any data beyond what is listed above.
If you do not wish to use Buzz, you may simply not open the Buzz chat drawer. No conversation data is sent to Anthropic unless you actively initiate a Buzz session.
7. Data Storage & Security
Where your data lives
Your data is stored on Supabase's infrastructure. Supabase uses PostgreSQL databases and object storage (for photos and videos), hosted on cloud infrastructure in the United States. Supabase is SOC 2 Type II compliant.
Security measures
We implement the following security practices:
- All data is transmitted over HTTPS with TLS encryption
- Passwords are hashed and never stored in plain text
- Row-Level Security (RLS) is enforced in our database — each user can only access data they are authorized to see
- Media files (photos and videos) are stored in private buckets accessible only through authenticated requests
- Invite codes are single-use entry points and can be revoked by the Hive creator
Beta limitations
As a beta product, our security posture is strong for this stage but continues to be developed. We recommend not posting highly sensitive personal information to the App. No security system is perfect, and we cannot guarantee absolute security.
If you become aware of a security vulnerability, please contact us immediately at security@arc-hive.io.
8. Data Retention
We retain your data for as long as your account is active or as needed to provide the service.
| Data type | Retention period |
|---|---|
| Account information | Until you delete your account, then within 30 days |
| Posts (photos, videos, captions) | Until deleted by you or your account is deleted |
| Hive data and membership records | Until the Hive is archived and all members have deleted their accounts, or upon request |
| Streak and activity data | Until account deletion |
| Buzz conversations | 12 months of rolling history, or until account deletion |
| Usage analytics (anonymized) | Up to 24 months in aggregated, anonymized form |
| Error logs | 90 days |
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law. Anonymized aggregate data (e.g., "X% of beta users completed a 30-day hive") may be retained indefinitely as it cannot identify you.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data. We honor these rights regardless of where you live.
- Access — Request a copy of the personal data we hold about you.
- Correction — Ask us to correct inaccurate or incomplete data about you.
- Deletion — Request deletion of your personal data. You can also delete your account directly in the App.
- Portability — Request a machine-readable export of your data so you can take it elsewhere.
- Restriction — Ask us to limit how we process your data in certain circumstances.
- Objection — Object to certain types of processing, including analytics.
To exercise any of these rights, email us at privacy@arc-hive.io. We will respond within 30 days. We may need to verify your identity before processing your request.
California residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we collect and the right to opt out of the "sale" of personal information. We do not sell personal information, so the opt-out right does not apply. To exercise your other CCPA rights, contact us at the address below.
EEA and UK residents (GDPR / UK GDPR)
If you are located in the European Economic Area or the United Kingdom, you have rights under the GDPR and UK GDPR respectively, including those listed above. Our legal basis for processing your data is primarily contract performance (operating the App you signed up for) and legitimate interests (improving the beta product). You may also have the right to lodge a complaint with your local supervisory authority.
10. Children's Privacy
ArcHive is not designed for or directed at children under the age of 13. We do not knowingly collect personal information from children under 13.
If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will delete that information promptly. This is in compliance with the Children's Online Privacy Protection Act (COPPA).
Users aged 13–17 may use ArcHive with parental or guardian consent. If you are a parent or guardian and believe your child has created an account without your consent, please contact us at privacy@arc-hive.io.
11. Push Notifications
ArcHive may send you push notifications for:
- Streak reminders ("You haven't posted yet today")
- Grace day alerts ("You missed a day — your grace day has been used")
- Weekly Buzz insights
- Hive activity (members posting, completion events)
- Important App updates during beta
Push notifications require your explicit permission, which iOS will request when you first use the App. You can disable notifications at any time in your device's Settings app. Disabling notifications will not affect your ability to use ArcHive, but you may miss streak reminders.
To send push notifications, your device's push token is shared with Apple's Push Notification Service (APNs). This is standard practice for all iOS apps.
12. Cookies & Analytics
The ArcHive mobile app does not use cookies. This website (arc-hiveinfo.com) uses only essential cookies necessary for basic functionality such as remembering your scroll position in these legal documents.
Analytics
During the beta period, we use basic usage analytics within the App (not this website) to understand how features are being used. This data is:
- Tied to your account during the beta to help us understand individual and aggregate usage patterns
- Used only for product improvement — never for advertising
- Not shared with third-party analytics providers (e.g., we do not use Google Analytics, Mixpanel, or similar platforms in the beta)
We may add additional analytics tooling as the product matures. We will update this Policy if and when we do.
13. International Data Transfers
ArcHive is operated from the United States. Our infrastructure (Supabase) is hosted in the United States. If you are accessing ArcHive from outside the United States, please be aware that your data will be transferred to, processed, and stored in the United States.
For users in the EEA or UK, we ensure that transfers of personal data to the United States are protected by appropriate safeguards. Supabase is GDPR-compliant and provides Standard Contractual Clauses (SCCs) for data transfers.
By using ArcHive, you consent to this transfer.
14. Changes to This Policy
We may update this Privacy Policy as ArcHive develops beyond the beta phase. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you via the App or email for significant changes
- In some cases, ask for your renewed consent before continuing to process your data
We encourage you to review this Policy periodically. Continued use of ArcHive after changes are posted constitutes your acceptance of the updated Policy.
15. Contact & Data Requests
For privacy questions, data access requests, deletion requests, or any concerns about how we handle your data, please reach out to us directly.
For security vulnerabilities, please use the security contact address rather than the general privacy address.
Privacy & data requests
Access, deletion, correction, and portability requests. We respond within 30 days.
Security vulnerabilities