Legal
Privacy Policy
Effective: 1 May 2026 · Last updated: 7 July 2026
This Privacy Policy explains how ArchiTrack (operated by Anand Shreyas Vyas, a sole proprietorship registered in Mumbai, India under GSTIN registered in the proprietor's legal name; hereinafter "ArchiTrack", "we", "us", "our") collects, uses, stores, and shares information when you use the website at architrack.ai, the application at app.architrack.ai, and related services (collectively, the "Service").
By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
1. Who this policy applies to
This policy applies to:
- Visitors to the public ArchiTrack website
- People who join the waitlist or request access
- Account holders (paying customers) and their invited collaborators, team members, and clients who interact with the Service
2. Information we collect
2.1 Account & identity
- Sign-in details: name, email address, profile photo and Google account identifier (we use Google Sign-In via Firebase Authentication).
- Waitlist data: name, email, role/profession, and any free-text you submit through the waitlist form.
2.2 Workspace content you provide
- Project data — names, descriptions, dates, addresses, budgets, status
- Tasks, milestones, phases, comments, scratchpad notes, reminders
- Orders, payables, receivables, invoices, payment records and installments
- Vendors, clients, team members, contracts and signing details
- Files and images you upload (drawings, BOQs, photos, attachments)
- AI Companion / AI Assistant conversations and the prompts you submit
2.3 Automatically collected data
- Device & log data: IP address, browser, OS, language, timestamps, pages viewed, request errors
- Usage analytics: aggregate events used to measure feature use and reliability
- Cookies & local storage: for session management, remembering your view preferences (e.g. dark mode), and security checks (Firebase App Check)
2.4 Information about other people
When you add a client, vendor, team member, or collaborator, you provide us with personal data about them (e.g. name, email, phone). You confirm that you have the necessary right and consent to share their information with us for this purpose.
3. How we use your information
- To deliver the Service — host your workspace, process your inputs, and show you your data on request
- To run AI features — when you use the AI Companion / AI Assistant, your prompts and the relevant workspace context are sent to our AI provider (currently Anthropic) to generate a response. We do not use your data to train AI models
- To communicate with you — service announcements, security alerts, billing notices, and support replies
- To improve the Service — debug issues, measure feature use in aggregate, plan improvements
- To process payments — invoice you for paid plans and meet GST obligations
- To prevent abuse and fraud — rate-limiting, App Check verification, and investigating suspected misuse
- To comply with law — respond to lawful requests, enforce our Terms of Service, defend our rights
4. Sharing with third parties
We do not sell your personal data. We share data with the following categories of service providers strictly to operate the Service:
- Google Cloud Platform / Firebase — authentication, database (Cloud Firestore), file storage (Cloud Storage), Cloud Functions, hosting, App Check, and Cloud Logging
- Anthropic, PBC — to process AI prompts and return AI-generated responses. Per Anthropic's API policy, customer prompts are not used to train Anthropic's models
- Email and notification providers — to send transactional emails and (if you opt in) WhatsApp Business notifications
- Payment processors and accounting providers — when you pay for a plan
- Error monitoring (Sentry) — to capture crash reports and uncaught exceptions for debugging
- Legal and regulatory authorities — only when we are required by law to do so
- An acquirer or successor entity — in the event of a merger, acquisition, financing, or sale of all or part of the business, with notice where required
5. Where your data is stored
Your workspace data — including projects, tasks, files, messages, and AI conversations — is hosted on Google Cloud Platform infrastructure in the us-central1 region (Iowa, United States). Some image thumbnail processing runs in asia-southeast1 (Singapore). AI requests sent to our AI provider may be processed in the United States. By using the Service you acknowledge and consent to this transfer and storage outside India, as permitted under Section 16 of the Digital Personal Data Protection Act, 2023.
6. Data retention
- Active accounts: we retain your workspace data for as long as your account is active
- After account closure: your workspace data is deleted immediately upon confirmed account deletion from our live systems. Deleted data then ages out of our disaster-recovery copies: point-in-time recovery history within 7 days, and weekly encrypted backups as they expire (retained for up to 14 weeks). After that, residual copies may persist briefly in our cloud provider's internal replication and deletion pipeline (per Google Cloud's data-deletion practices, typically fully purged within 180 days, and usually much sooner). Some records may be retained longer to satisfy tax, legal, or accounting obligations
- AI conversations: the global AI Assistant retains conversations for 30 days; per-project AI Companion retains for 15 days. Both are then automatically deleted
- Backups and disaster recovery: we maintain database point-in-time recovery data for 7 days and weekly encrypted database backups retained for up to 14 weeks, used solely for disaster recovery and data restoration. Deleted data leaves live systems immediately, leaves point-in-time recovery history within 7 days, and leaves weekly backups as those backups expire (up to 14 weeks), after which it is purged from our cloud provider's internal systems per Google Cloud's deletion timeline (typically within 180 days)
- Activity logs: retained for as long as the workspace is active
7. Security
We use reasonable and appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), encryption at rest (provided by Google Cloud), Firestore security rules, Firebase App Check, role-based access controls within your workspace, and signed download URLs for files. However, no system is perfectly secure. We cannot guarantee absolute security, and you use the Service at your own risk.
8. Your rights
Subject to applicable law (including the Digital Personal Data Protection Act, 2023), you may have the following rights:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Request deletion of your account and personal data
- Export a copy of your workspace data in a machine-readable format
- Withdraw consent for optional processing (such as marketing emails)
- Nominate another individual to exercise your rights in case of your death or incapacity
- File a grievance with our Grievance Officer (see Contact)
To exercise these rights, email us at support@architrack.ai from the email address associated with your account. We will respond within a reasonable timeframe and in accordance with applicable law.
9. For Users in the European Union / EEA / UK (GDPR)
If you are located in the European Union, the European Economic Area, or the United Kingdom, the General Data Protection Regulation (GDPR) and/or the UK GDPR apply to our processing of your personal data, and this section applies in addition to (not instead of) the rest of this policy. Business customers who use ArchiTrack to manage personal data of their own clients, vendors, and team members should also review our Data Processing Addendum for business customers.
9.1 Legal bases for processing
We rely on the following legal bases under Article 6 GDPR:
- Contract (Art. 6(1)(b)): providing the Service — hosting your workspace, processing your inputs, running the features you use — and billing you for paid plans.
- Legitimate interest (Art. 6(1)(f)): security and fraud prevention (rate-limiting, Firebase App Check), error diagnostics via Sentry (with PII scrubbing applied to reports), and processing portal recipients' email addresses to deliver client portal access.
- Consent (Art. 6(1)(a)): usage analytics, which run only after you give consent via the in-app consent banner. You can withdraw consent at any time from the same banner or your settings.
- Legal obligation (Art. 6(1)(c)): compliance with tax, accounting, and other legal requirements, and responses to lawful requests from authorities.
9.2 Your GDPR rights
In addition to the rights listed above, you have the right to:
- Access — obtain a copy of the personal data we hold about you
- Rectification — have inaccurate personal data corrected
- Erasure — have your personal data deleted ("right to be forgotten")
- Restriction — restrict processing in certain circumstances
- Portability — receive your data in a structured, commonly used, machine-readable format
- Objection — object to processing based on legitimate interest
You can exercise these rights via in-app account deletion (Settings), in-app data export ("Download my data" in Settings), or by emailing support@architrack.ai from the email address associated with your account.
9.3 International transfers
Your data is hosted on Google Cloud in the us-central1 region (United States). Where data of EU/EEA/UK users is transferred outside those territories, transfers are safeguarded via the EU-US Data Privacy Framework certifications of Google, Twilio, SendGrid, and Sentry, and Standard Contractual Clauses where applicable, including with Anthropic.
9.4 Specific processing notes
- Client portal: portal recipients' email addresses are processed under legitimate interest to deliver client portal access.
- WhatsApp notifications: phone numbers are shared with Twilio and Meta (WhatsApp) solely for message delivery. Recipients can reply STOP to opt out at any time.
- Analytics and error monitoring: analytics run only after you consent via the banner; error monitoring (Sentry) continues under legitimate interest with PII scrubbing.
- Emails: notification emails include an unsubscribe link (security emails are exempt, as they are necessary to protect your account).
9.5 Complaints and EU representative
You have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or the place of the alleged infringement.
EU representative: to be appointed — contact support@architrack.ai.
10. Children's data
The Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
11. Cookies and tracking
We use a minimum set of cookies and local storage entries needed to operate the Service: session cookies for sign-in, local storage for your in-app preferences (such as which view you last used or your dark-mode setting), and Firebase App Check tokens. We do not use third-party advertising or marketing trackers on the application.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will notify you via the application or by email, and update the "Last updated" date at the top of this page. Continued use of the Service after a change constitutes acceptance of the updated policy.
13. Contact & Grievance Officer
For questions or to exercise your rights:
- Grievance Officer: Anand Shreyas Vyas, Sole Proprietor, ArchiTrack
- Email: support@architrack.ai
- Jurisdiction: Mumbai, Maharashtra, India
Please also read our Terms of Service, which govern your use of the Service, and our Data Processing Addendum for business customers.