● Legal

Privacy Policy

How Arka AI collects, uses, and protects information — and your rights as a data subject.

Effective Date: June 14, 2026  ·  Last Updated: June 14, 2026

This Privacy Policy is currently in effect. Enterprise platform data practices are additionally governed by a separate Data Processing Agreement (DPA) executed with each customer. For questions, contact success@arkainc.ai.

Contents

  1. Introduction
  2. Who We Are
  3. Information We Collect
  4. How We Use Information
  5. Legal Basis for Processing (GDPR)
  6. Data Sharing and Subprocessors
  7. International Data Transfers
  8. Data Retention
  9. Your Rights
  10. Cookies and Tracking
  11. Security
  12. Zero-Training Policy
  13. Children's Privacy
  14. Changes to This Policy
  15. Contact Us
  16. Governing Law

1. Introduction

Arka AI, Inc. ("Arka AI," "we," "us," or "our") is committed to protecting the privacy and security of information entrusted to us. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our website (arkainc.ai), our Enterprise Outcome Operating System platform, and our managed services.

Arka AI operates in two distinct capacities:

  • Data Controller: When we collect and process information about visitors to our website and contacts who engage with us directly.
  • Data Processor: When we process business data on behalf of our enterprise customers in the course of delivering our managed services and platform. Our obligations as Data Processor are governed by the applicable Data Processing Agreement (DPA) with each customer.

This Policy applies primarily to our role as Data Controller. If you are an end user of an Arka AI enterprise customer, please refer to that customer's privacy notice for information about how your data is handled.

2. Who We Are

Arka AI, Inc. is a Delaware corporation with principal operations in Southbury, Connecticut, United States. We build and operate a governed AI execution platform that helps enterprises deliver measurable business outcomes through policy-bound Digital Workers, human oversight, and sealed evidence on every cycle.

For privacy inquiries, contact us at:
Arka AI, Inc.
146 Willow Creek Estates Dr, Southbury, Connecticut 06488, USA
success@arkainc.ai

3. Information We Collect

3.1 Information You Provide to Us

  • Contact Information: Name, email address, company name, job title, and phone number when you contact us, request a discovery call, or subscribe to communications.
  • Account Information: Credentials and profile information for Mission Control access.
  • Communications: Content of emails, messages, or other communications you send to us.

3.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • Usage Data: Pages visited, time spent, referring URLs, browser type, device type, and IP address.
  • Cookies and Similar Technologies: See Section 10 (Cookies) for details.

3.3 Customer Business Data (Processor Role)

In delivering our managed services, we process business data provided by our enterprise customers. This may include operational data, workflow inputs, and personnel information processed as part of mission execution. We process this data solely on behalf of and under the instructions of our customers, as governed by our Data Processing Agreement. We do not use this data for any purpose other than delivering the contracted services.

4. How We Use Information

We use the information we collect to:

  • Deliver and operate our platform and managed services
  • Respond to inquiries and communicate with prospects and customers
  • Provide customer support and manage accounts
  • Monitor platform performance, security, and reliability
  • Send service-related communications and, where consented, marketing communications
  • Comply with legal obligations and enforce our agreements
  • Protect against fraud, abuse, and unauthorized access

6. Data Sharing and Subprocessors

Arka AI does not sell your personal data. We do not share personal data with third parties for their own marketing purposes.

We may share information with the following categories of recipients:

6.1 Infrastructure and Service Providers

  • Cloud Infrastructure: Amazon Web Services (AWS) — our primary cloud infrastructure provider. Customer data is hosted on AWS enterprise infrastructure in the United States.
  • Communications Providers: Email and notification service providers used to deliver service communications.
  • Analytics Providers: Website analytics tools used to understand aggregate site usage.

A current list of subprocessors is available upon request at success@arkainc.ai.

6.2 Professional Advisors

We may share information with attorneys, accountants, and other professional advisors under confidentiality obligations.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will provide notice of any such change and, where required by law, obtain consent.

6.4 Legal Requirements

We may disclose information where required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Arka AI, our customers, or others.

7. International Data Transfers

Arka AI is headquartered in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For transfers of personal data from the EEA or UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission. To obtain a copy of applicable transfer mechanisms or to request more information, contact us at success@arkainc.ai.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including providing services, complying with legal obligations, resolving disputes, and enforcing agreements.

General retention guidelines:

  • Website and contact data: Up to 3 years from last interaction
  • Customer account data: Duration of the customer relationship plus 3 years
  • Execution logs and evidence records: As specified in the applicable customer agreement, typically 1–7 years based on regulatory requirements
  • Legal and compliance records: As required by applicable law

When data is no longer required, we securely delete or anonymize it in accordance with our data lifecycle procedures.

9. Your Rights

9.1 Rights for EEA/UK Residents (GDPR)

If you are located in the EEA or UK, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal obligations.
  • Restriction: Request that we restrict processing in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Where processing is consent-based, withdraw it at any time.
  • Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

9.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, or disclose.
  • Right to Delete: Request deletion of personal information we have collected, subject to exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: Arka AI does not sell or share personal information for cross-context behavioral advertising.
  • Right to Limit Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide our services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at success@arkainc.ai. We will respond within the timeframes required by applicable law — 30 days for GDPR requests and 45 days for CCPA requests, with a possible extension of an additional 45 days where reasonably necessary.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to operate and improve the site. We use the following categories of cookies:

  • Strictly Necessary: Required for the website to function correctly. These cannot be disabled.
  • Analytics: Help us understand how visitors interact with our site in aggregate — pages visited, time on site, referral sources. Used solely to improve website performance.
  • Preferences: Remember your settings and preferences across visits.

We do not use advertising cookies or cross-site behavioral tracking cookies.

You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

11. Security

Arka AI implements enterprise-grade security measures to protect information against unauthorized access, alteration, disclosure, or destruction:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Tamper-evident execution ledger for all mission activity
  • Role-based access controls and comprehensive audit logging
  • SOC 2 Type II certification in progress
  • Arka Governance Standard governance standard applied to all platform execution

In the event of a data breach affecting your personal data, we will notify affected parties and applicable regulators as required by law — within 72 hours for EEA supervisory authorities under GDPR where required, and within applicable timeframes under other regulations.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

12. Zero-Training Policy

Arka AI does not use customer data to train, fine-tune, or improve AI foundation models — ever.

Your business logic, proprietary data, workflows, and execution outcomes remain isolated within your environment and are never aggregated to improve services for other customers. This commitment is enforced architecturally through our multi-tenant isolation design and contractually through our customer agreements.

13. Children's Privacy

Our platform and services are designed exclusively for enterprise use and are not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold, we will delete it promptly. If you believe we may have collected such information, please contact us at success@arkainc.ai.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised effective date. For material changes, we will provide additional notice as appropriate — for example, by email notification to active customers or a prominent notice on our website.

Your continued use of our website or services after any update constitutes acceptance of the revised policy. We encourage you to review this page periodically.

15. Contact Us

For privacy questions, requests to exercise your rights, subprocessor lists, data processing agreements, or concerns about our data practices, please contact us:

Arka AI, Inc.
146 Willow Creek Estates Dr, Southbury, Connecticut 06488, USA
success@arkainc.ai

For EEA or UK residents, you also have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Delaware, USA, without regard to its conflict of law provisions. Nothing in this section limits your statutory rights under applicable data protection law, including GDPR or CCPA.