Privacy Policy

Effective date: 2026-04-20. This policy describes how Arx Security, Inc. ("Arx", "we", "us") collects, uses, and protects information from customers, prospects, and visitors to our websites and services.

Scope

This Privacy Policy applies to arxsec.io, app.arxsec.io, and related Arx products and marketing properties. For processing that Arx performs on behalf of customers under a subscription agreement, the Data Processing Agreement governs.

What we collect

We collect the minimum data needed to operate the service:

  • Account data — name, work email, company, role, and authentication credentials for users who create an Arx account.
  • Usage data — product telemetry (features used, performance, error traces) to improve reliability. IP address and user-agent are retained for security.
  • Marketing data — business contact details you submit through demo requests, newsletter subscriptions, or gated content.
  • Support data — information you share with us while troubleshooting, including logs and screenshots you voluntarily attach.

We do not sell personal data, and we do not use customer content to train general-purpose AI models.

How we use it

We use the data above to provision and secure your account, deliver the product, respond to support requests, send transactional and — where permitted — marketing communications, and meet legal or contractual obligations. We process data on the lawful bases of contract, legitimate interests, and (where required) your consent.

Who we share it with

We share data only with vetted subprocessors that support the service (hosting, email delivery, observability, payment processing). Our full list is published on the Subprocessors page and updated before any material change. We may disclose data when required by law, to enforce our terms, or to protect the rights and safety of users.

How long we keep it

Account and usage data are retained for the life of the account plus a reasonable tail (typically 90 days for most logs, up to 7 years for billing and audit records). Marketing contacts can unsubscribe at any time and are purged from active lists within 30 days.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete personal data we hold about you, and to object to or restrict certain processing. To exercise any of these rights, email privacy@arxsec.io. We respond within 30 days.

Security

Arx operates under SOC 2 Type II and encrypts customer data in transit (TLS 1.3) and at rest (AES-256). Access is least-privilege, audited, and requires hardware MFA for engineering staff. For full detail see the Trust Center.

International transfers

Arx stores data in the United States. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses and the UK International Data Transfer Addendum.

Changes

We may update this policy as our practices evolve. Material changes will be announced by email or in-product notice at least 30 days before they take effect.

Contact

Questions about this policy? Write to:

Arx Security, Inc.
Attn: Legal
legal@arxsec.io