Privacy Policy

Effective Date: January 14, 2026

At Archade, we distinguish fundamentally between your Public Professional ID (the "Graph") and your Private Account Data. This policy transparently defines how we handle both to build the professional network for the built world.

This Privacy Policy describes how Archade Inc. ("Archade," "we," "us," or "our") collects, uses, and discloses your personal information in connection with our website, mobile applications, and services (collectively, the "Service").

By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

1. Data Collection & Categories

We collect information in three primary categories, treated with distinct levels of privacy and visibility.

1.1 Account Data (Private)

Purpose: Strictly for authentication, billing, and platform operation. Role: Archade acts as Data Controller.

Identity Data: Email address, encrypted password credentials, phone number (for MFA).
Billing Data: Payment card tokens (processed securely via Stripe), billing address, subscription history. We do not store raw credit card numbers.
Communication Data: Private Direct Messages (DMs), non-public support tickets, and email correspondence.
Settings: Notification preferences, privacy toggles, and UI configurations.

1.2 Entity Graph Data (Public Professional Record)

Purpose: To build the searchable, verified index of the built world. This data is public by default. Role: Archade acts as Data Controller for the integrity of the graph.

Professional Profile: Name, headline ("Architect at Studio X"), biography, location.
Attribution & Credit: Projects you have worked on, your specific roles (e.g., "Lead Designer"), dates of involvement.
Firm Associations: Employment history, office affiliations, verified roster status.
Content & Media: Public posts, comments, project images, portfolios, and articles you publish.
Social Connections: Follows, followers, and professional network graph.

1.3 Telemetry & Usage Data (Internal)

Purpose: To optimize performance, security, and product experience. Role: Archade acts as Data Controller.

Device Information: IP address, browser type, OS version, device identifiers.
Usage Logs: Pages visited, duration of session, clickstream data, search queries.
Performance Metrics: Latency, crash reports, error logs.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data based on the following legal grounds:

Context	Legal Basis
Account Creation & Billing	Contractual Necessity: We need this data to provide the Service you requested.
Public Graph & Discovery	Legitimate Interest: To maintain a comprehensive professional registry of the built world, facilitating discovery, hiring, and accurate attribution.
Fraud Prevention & Security	Legitimate Interest: To protect our users and infrastructure from abuse, spam, and attacks.
Marketing Communications	Consent: Where required by law, we obtain your consent before sending promotional emails. You may withdraw consent at any time.
Legal Compliance	Legal Obligation: To comply with tax laws, law enforcement requests, and regulatory requirements.

3. How We Use Data

3.1 To Provide the Service

Creating and managing your account.
Processing payments and preventing fraud.
Authenticating your identity and preventing unauthorized access.

3.2 To Build the Professional Graph

Indexing your professional profile for search discovery.
Connecting your account to Project and Firm entities.
Verifying your claims (e.g., verifying you worked at a specific Firm).

3.3 For Communications

Transactional: Password resets, subscription receipts, security alerts (these cannot be opted out of).
Professional: Job alerts, connection requests, project invites.
Marketing: Product updates and offers (can be opted out).

3.4 For Discovery and Representation

We use Public Entity Graph Data to power discovery, matching, and enrichment—so you and your work can be found and so the built world shows up properly in search, tools, and in the structured data we make available (with credit to real people).

Safety Lock: We do not use private Direct Messages (DMs), payment info, or private account data to build or feed models; we use only what you make public, so representation stays fair and credited.
AI Processing: Content may be processed by automated systems for annotations, embeddings, and analytics. See our AI & Automated Processing Disclosure.

We do not sell your personal data to data brokers. We share data only in the following circumstances:

4.1 Service Providers (Processors)

We utilize trusted third-party vendors to operate critical infrastructure. They process data solely on our instructions and are bound by confidentiality.

Hosting: Vercel, AWS (Infrastructure).
Payments: Stripe (Billing).
Email: Resend, Postmark (Transactional mail).
Analytics: PostHog, Google Analytics (Aggregated usage).

4.2 Public Display

Information you post to your Public Profile, Projects, or Feed is visible to other users and potentially indexed by search engines. You acknowledge that this public visibility is intrinsic to the nature of a professional network.

4.3 How We Separate Your Private Data from Public-Facing Data

We distinguish clearly between private data and public-facing data:

We never share emails, private messages, payment info, or account credentials—with anyone. They are never included in industry insights or in any structured data we make available for research or tools.
Public profiles (what you choose to make visible) are treated as public-facing and may be used as part of the knowledge graph and structured data we make available so practitioners and firms get found and credited. You control what’s public (see How We Use Public Data and Dataset Opt-Out).
Aggregation & anonymization: Where we provide trend data, analytics, or structured data, we aggregate or anonymize; we do not sell raw personal data to data brokers.

4.4 Legal Requirements

We may disclose information if required by law (subpoena, court order) or if we believe in good faith it is necessary to:

Investigate fraud or technical security issues.
Protect the rights and safety of Archade users.

4.5 AI Processing Disclosure

Content may be processed by automated systems for enrichment, annotations, embeddings, and analytics. We do not guarantee correctness of AI-generated outputs. Details are in our AI & Automated Processing Disclosure.

5. Data Retention & Entity Persistence

5.1 Retention Periods

Active Accounts: Data is retained indefinitely to provide the Service.
Deleted Accounts: Account credentials are removed immediately. Billing logs are retained for 7 years (tax law).
Backup Logs: Retained for 30-90 days for disaster recovery.

5.2 The "Entity Persistence" Doctrine

Archade is a registry of record. If you delete your account, your Professional Attribution on public projects may persist in a "Ghost" or "Inactive" state.

Example: If you were the "Lead Architect" on the Burj Khalifa, deletion of your account does not erase the historical fact of your role on that project page.
Rationale: Preservation of the integrity of the built world's history (Legitimate Interest).
Control: You may request anonymization of this record by contacting support.

6. Cookies & Tracking Technologies

6.1 Usage

We use cookies to:

Keep you logged in (Authentication).
Remember your preferences (Theme, Language).
Analyze site traffic (Analytics).

6.2 Control

You can control or delete cookies via your browser settings. However, disabling essential auth cookies will break the application.

7. Your Rights & Choices

7.1 Global Rights

All users, regardless of location, can:

Access: View and download your data.
Rectify: Edit inaccurate profile information.
Delete: Delete your account via Settings.

7.2 Region-Specific Rights

GDPR (Europe): Right to Restriction of Processing, Right to Object, Right to Data Portability.
CCPA/CPRA (California): Right to "Know," Right to "Delete," Right to "Opt-out of Sale/Sharing" (Archade does not sell data).
VCDPA/CPA (Virginia/Colorado): Similar rights to access, correction, and deletion.

To exercise these rights, email privacy@archade.app.

8. Children's Privacy

Archade is a professional network intended for adults. We do not knowingly collect data from children under 16 years of age. If we discover a child's account, we will delete it immediately.

9. Security Measures

We implement enterprise-grade security controls, including:

Encryption: Data at rest (AES-256) and in transit (TLS 1.3).
Access Control: Strict Least-Privilege access for employees.
Audits: Regular security reviews and vulnerability scanning.
Breach Notification: In the event of a breach, we will notify affected users and regulators within 72 hours where required by law.

10. International Data Transfers

Archade Inc. is based in the United States. Your data may be processed in the US and other countries. We rely on Standard Contractual Clauses (SCCs) and adequacy decisions for lawful cross-border transfers.

11. Changes to this Policy

We may update this policy to reflect product changes or legal requirements.

Material Changes: We will notify you via email or a prominent platform banner 30 days prior to enforcement.
Continued Use: Your continued use of Archade after the effective date constitutes acceptance of the new policy.

12. Contact Us

Archade Inc. Attn: Data Protection Officer Email: privacy@archade.app

For security vulnerability reports, please see our Security Policy.

Privacy Policy

Effective Date: January 14, 2026

1. Data Collection & Categories

We collect information in three primary categories, treated with distinct levels of privacy and visibility.

1.1 Account Data (Private)

Purpose: Strictly for authentication, billing, and platform operation. Role: Archade acts as Data Controller.

Identity Data: Email address, encrypted password credentials, phone number (for MFA).
Billing Data: Payment card tokens (processed securely via Stripe), billing address, subscription history. We do not store raw credit card numbers.
Communication Data: Private Direct Messages (DMs), non-public support tickets, and email correspondence.
Settings: Notification preferences, privacy toggles, and UI configurations.

1.2 Entity Graph Data (Public Professional Record)

Purpose: To build the searchable, verified index of the built world. This data is public by default. Role: Archade acts as Data Controller for the integrity of the graph.

Professional Profile: Name, headline ("Architect at Studio X"), biography, location.
Attribution & Credit: Projects you have worked on, your specific roles (e.g., "Lead Designer"), dates of involvement.
Firm Associations: Employment history, office affiliations, verified roster status.
Content & Media: Public posts, comments, project images, portfolios, and articles you publish.
Social Connections: Follows, followers, and professional network graph.

1.3 Telemetry & Usage Data (Internal)

Purpose: To optimize performance, security, and product experience. Role: Archade acts as Data Controller.

Device Information: IP address, browser type, OS version, device identifiers.
Usage Logs: Pages visited, duration of session, clickstream data, search queries.
Performance Metrics: Latency, crash reports, error logs.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data based on the following legal grounds:

Context	Legal Basis
Account Creation & Billing	Contractual Necessity: We need this data to provide the Service you requested.
Public Graph & Discovery	Legitimate Interest: To maintain a comprehensive professional registry of the built world, facilitating discovery, hiring, and accurate attribution.
Fraud Prevention & Security	Legitimate Interest: To protect our users and infrastructure from abuse, spam, and attacks.
Marketing Communications	Consent: Where required by law, we obtain your consent before sending promotional emails. You may withdraw consent at any time.
Legal Compliance	Legal Obligation: To comply with tax laws, law enforcement requests, and regulatory requirements.

3. How We Use Data

3.1 To Provide the Service

Creating and managing your account.
Processing payments and preventing fraud.
Authenticating your identity and preventing unauthorized access.

3.2 To Build the Professional Graph

Indexing your professional profile for search discovery.
Connecting your account to Project and Firm entities.
Verifying your claims (e.g., verifying you worked at a specific Firm).

3.3 For Communications

Transactional: Password resets, subscription receipts, security alerts (these cannot be opted out of).
Professional: Job alerts, connection requests, project invites.
Marketing: Product updates and offers (can be opted out).

3.4 For Discovery and Representation

Safety Lock: We do not use private Direct Messages (DMs), payment info, or private account data to build or feed models; we use only what you make public, so representation stays fair and credited.
AI Processing: Content may be processed by automated systems for annotations, embeddings, and analytics. See our AI & Automated Processing Disclosure.

We do not sell your personal data to data brokers. We share data only in the following circumstances:

4.1 Service Providers (Processors)

We utilize trusted third-party vendors to operate critical infrastructure. They process data solely on our instructions and are bound by confidentiality.

Hosting: Vercel, AWS (Infrastructure).
Payments: Stripe (Billing).
Email: Resend, Postmark (Transactional mail).
Analytics: PostHog, Google Analytics (Aggregated usage).

4.2 Public Display

4.3 How We Separate Your Private Data from Public-Facing Data

We distinguish clearly between private data and public-facing data:

We never share emails, private messages, payment info, or account credentials—with anyone. They are never included in industry insights or in any structured data we make available for research or tools.
Public profiles (what you choose to make visible) are treated as public-facing and may be used as part of the knowledge graph and structured data we make available so practitioners and firms get found and credited. You control what’s public (see How We Use Public Data and Dataset Opt-Out).
Aggregation & anonymization: Where we provide trend data, analytics, or structured data, we aggregate or anonymize; we do not sell raw personal data to data brokers.

4.4 Legal Requirements

We may disclose information if required by law (subpoena, court order) or if we believe in good faith it is necessary to:

Investigate fraud or technical security issues.
Protect the rights and safety of Archade users.

4.5 AI Processing Disclosure

5. Data Retention & Entity Persistence

5.1 Retention Periods

Active Accounts: Data is retained indefinitely to provide the Service.
Deleted Accounts: Account credentials are removed immediately. Billing logs are retained for 7 years (tax law).
Backup Logs: Retained for 30-90 days for disaster recovery.

5.2 The "Entity Persistence" Doctrine

Archade is a registry of record. If you delete your account, your Professional Attribution on public projects may persist in a "Ghost" or "Inactive" state.

Example: If you were the "Lead Architect" on the Burj Khalifa, deletion of your account does not erase the historical fact of your role on that project page.
Rationale: Preservation of the integrity of the built world's history (Legitimate Interest).
Control: You may request anonymization of this record by contacting support.

6. Cookies & Tracking Technologies

6.1 Usage

We use cookies to:

Keep you logged in (Authentication).
Remember your preferences (Theme, Language).
Analyze site traffic (Analytics).

6.2 Control

You can control or delete cookies via your browser settings. However, disabling essential auth cookies will break the application.

7. Your Rights & Choices

7.1 Global Rights

All users, regardless of location, can:

Access: View and download your data.
Rectify: Edit inaccurate profile information.
Delete: Delete your account via Settings.

7.2 Region-Specific Rights

GDPR (Europe): Right to Restriction of Processing, Right to Object, Right to Data Portability.
CCPA/CPRA (California): Right to "Know," Right to "Delete," Right to "Opt-out of Sale/Sharing" (Archade does not sell data).
VCDPA/CPA (Virginia/Colorado): Similar rights to access, correction, and deletion.

To exercise these rights, email privacy@archade.app.

8. Children's Privacy

Archade is a professional network intended for adults. We do not knowingly collect data from children under 16 years of age. If we discover a child's account, we will delete it immediately.

9. Security Measures

We implement enterprise-grade security controls, including:

Encryption: Data at rest (AES-256) and in transit (TLS 1.3).
Access Control: Strict Least-Privilege access for employees.
Audits: Regular security reviews and vulnerability scanning.
Breach Notification: In the event of a breach, we will notify affected users and regulators within 72 hours where required by law.

10. International Data Transfers

11. Changes to this Policy

We may update this policy to reflect product changes or legal requirements.

Material Changes: We will notify you via email or a prominent platform banner 30 days prior to enforcement.
Continued Use: Your continued use of Archade after the effective date constitutes acceptance of the new policy.

12. Contact Us

Archade Inc. Attn: Data Protection Officer Email: privacy@archade.app

For security vulnerability reports, please see our Security Policy.

Privacy Policy

1. Data Collection & Categories

1.1 Account Data (Private)

1.2 Entity Graph Data (Public Professional Record)

1.3 Telemetry & Usage Data (Internal)

2. Legal Basis for Processing (GDPR/UK GDPR)

3. How We Use Data

3.1 To Provide the Service

3.2 To Build the Professional Graph

3.3 For Communications

3.4 For Discovery and Representation

4. Data Sharing & Disclosure

4.1 Service Providers (Processors)

4.2 Public Display

4.3 How We Separate Your Private Data from Public-Facing Data

4.4 Legal Requirements

4.5 AI Processing Disclosure

5. Data Retention & Entity Persistence

5.1 Retention Periods

5.2 The "Entity Persistence" Doctrine

6. Cookies & Tracking Technologies

6.1 Usage

6.2 Control

7. Your Rights & Choices

7.1 Global Rights

7.2 Region-Specific Rights

8. Children's Privacy

9. Security Measures

10. International Data Transfers

11. Changes to this Policy

12. Contact Us

Privacy Policy

1. Data Collection & Categories

1.1 Account Data (Private)

1.2 Entity Graph Data (Public Professional Record)

1.3 Telemetry & Usage Data (Internal)

2. Legal Basis for Processing (GDPR/UK GDPR)

3. How We Use Data

3.1 To Provide the Service

3.2 To Build the Professional Graph

3.3 For Communications

3.4 For Discovery and Representation

4. Data Sharing & Disclosure

4.1 Service Providers (Processors)

4.2 Public Display

4.3 How We Separate Your Private Data from Public-Facing Data

4.4 Legal Requirements

4.5 AI Processing Disclosure

5. Data Retention & Entity Persistence

5.1 Retention Periods

5.2 The "Entity Persistence" Doctrine

6. Cookies & Tracking Technologies

6.1 Usage

6.2 Control

7. Your Rights & Choices

7.1 Global Rights

7.2 Region-Specific Rights

8. Children's Privacy

9. Security Measures

10. International Data Transfers

11. Changes to this Policy

12. Contact Us