Arcvee
Arcvee

Privacy Policy

Last updated: March 28, 2026

At Arcvee, your privacy is fundamental. This policy explains what data we collect, how we use it, and what your rights are.

1. Data Controller

The data controller for your personal data is Arcvee, based in Buenos Aires, Argentina.

Contact: [email protected]

2. Data We Collect

Account data

  • Email address
  • Password (stored encrypted, never in plain text)
  • Phone number (optional)
  • Name (optional)
  • Country, language, and timezone
  • Plan type

User-generated content

All content you send via WhatsApp or upload from the web application, including:

  • Financial transactions (expenses, income, categories, amounts, currency)
  • Pet records and veterinary health
  • Vehicle records (maintenance, documentation)
  • Health records and medical data
  • Fitness routines and sessions
  • Study materials and notes
  • Home inventory and documentation
  • Personal diary entries
  • Habit tracking data
  • Nutrition and meal plans
  • Menstrual cycle data
  • Project notes and files
  • Files (photos, audio, documents)

Usage and analytics data

Through PostHog, we collect (with your consent):

  • Pages visited and interactions on the web app
  • Device type and browser
  • User identification (email, language, country, plan type)

Technical data

  • IP address
  • Access timestamps
  • Browser User-Agent

3. Sensitive Data — Special Notice

Arcvee collects categories of data that may qualify as sensitive under applicable legislation:

  • Health data and medical records
  • Menstrual cycle data
  • Personal diary entries
  • Financial information
  • Nutrition and fitness data

This data is collected and processed solely with your explicit consent, given at the time of registration, and exclusively for the purpose of providing you the service (organizing your personal information).

Under Argentina's Law 25,326 (Art. 7) and the European GDPR (Art. 9), processing sensitive data requires explicit consent. By creating your account and accepting these terms, you grant that consent.

You can delete this data at any time from the application or by requesting the deletion of your account.

4. How We Use Your Data

  • Service delivery: process, organize, and display your content
  • AI processing: analyze and categorize your content using artificial intelligence
  • Personalization: adapt the experience based on your preferences
  • Analytics: improve the product through aggregated usage analysis (with your consent)
  • Security: prevent fraud and unauthorized use
  • Communication: send you relevant information about the service

5. AI Processing and Third Parties

Your content is processed by third-party artificial intelligence services to understand and organize it. This is Arcvee's core functionality.

AI Providers

OpenAI and Google Gemini process your content for natural language analysis, categorization, and organization. These providers operate under their respective data processing agreements. Your content is not used to train their AI models (under API/business terms).

Other third parties

  • Amazon Web Services (AWS S3): secure file storage with temporary access URLs
  • PostHog: product analytics (with your consent)
  • Meta/WhatsApp Business API: messaging platform

Arcvee does not sell your personal data to third parties. We never have and never will.

6. WhatsApp Data

Messages sent through WhatsApp pass through Meta's infrastructure before reaching Arcvee. We recommend reviewing Meta/WhatsApp's privacy policy.

Arcvee stores the content of received messages to provide you the service. Message metadata (phone number, timestamp) is used to identify your account and process your request.

7. Storage and Security

We implement technical and organizational security measures to protect your data:

  • Passwords encrypted with bcrypt (never stored in plain text)
  • Authentication via JWT tokens in secure cookies (HttpOnly, Secure, SameSite=Strict)
  • HTTP security headers (HSTS, XSS protection, framing prevention)
  • Request rate limiting to prevent abuse
  • Files stored on AWS S3 with temporary access URLs (presigned URLs)
  • Encryption in transit (TLS/HTTPS)

No system is 100% secure. While we do our best, we cannot guarantee absolute security.

8. Data Retention

Your data is retained as long as your account is active.

When you request account deletion, a 30-day grace period begins. After that period, all your data is permanently and irreversibly deleted, including:

  • Database records
  • Files stored on S3 (photos, audio, documents)
  • Cached data and processing queues

9. Your Rights

You have the following rights over your personal data:

  • Access: right to know what data we have about you
  • Rectification: right to correct inaccurate data
  • Erasure: right to request deletion of your account and data
  • Portability: right to request a copy of your data in a readable format
  • Objection: right to object to the processing of your data
  • Withdrawal of consent: you can withdraw your consent at any time by deleting your account

To exercise these rights, contact us at [email protected].

10. International Transfers

Your data is processed by servers and service providers that may be located outside Argentina, including the United States (AWS, OpenAI, Google, PostHog).

These international transfers are made under your consent (given by accepting this policy) and in accordance with Art. 12 of Argentina's Law 25,326.

For European Union users, transfers are based on standard contractual clauses and each provider's data processing agreements.

11. Minors

Arcvee is not intended for minors under 16 years of age. We do not knowingly collect data from minors under that age.

If you believe a minor has provided data without parental consent, please contact us so we can delete it.

12. Regional Information

Argentina (Law 25,326)

Your data is protected by Law 25,326 on Personal Data Protection. You have the right to access, rectify, and delete your data under articles 14 to 16. The Agency for Access to Public Information (AAIP) is the supervisory authority.

The NATIONAL DIRECTORATE FOR PERSONAL DATA PROTECTION, the oversight body of Law No. 25,326, has the authority to handle complaints and claims regarding non-compliance with personal data protection regulations.

European Union (GDPR)

If you reside in the EU, you have additional rights under the General Data Protection Regulation, including the right to data portability and to file a complaint with your local data protection authority.

Brazil (LGPD)

If you reside in Brazil, your data is protected by the Lei Geral de Proteção de Dados. You have the right to confirm processing, access your data, correct inaccurate data, and request deletion. The Autoridade Nacional de Proteção de Dados (ANPD) is the supervisory authority.

13. Security Incident Notification

In the event of a security incident that may affect your personal data, we will notify you by email within 72 hours of becoming aware of the incident.

The notification will include the nature of the incident, the data affected, the measures taken, and recommendations to protect yourself.

14. Changes to This Policy

We may update this policy periodically. We will notify you of material changes by email or through an in-app notice.

We recommend reviewing this policy periodically. The last update date is indicated at the beginning of the document.

15. Contact and Regulatory Authority

For inquiries about this policy or to exercise your rights:

[email protected]

Regulatory authorities:

  • Argentina: Agency for Access to Public Information (AAIP) — aaip.gob.ar
  • Brazil: National Data Protection Authority (ANPD) — gov.br/anpd