Arche Industries, Inc.
Privacy Policy
Last updated: July 9, 2026
Arche Industries, Inc. (“Arche,” “we,” “us,” or “our”) provides this Privacy Policy to describe how we collect, use, and share information about you when you visit arche.co and its subdomains, create an account, or use our products and services, including our AI agent (“Smith”) and our community design catalog (“Scrapyard”) (collectively, the “Services”). Capitalized terms not defined here have the meanings given in our Terms of Service at arche.co/terms.
By using the Services, you acknowledge the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, do not use the Services.
1. Information We Collect
Information You Provide
- Account information. When you create an account, we collect your name, email address, and profile information. If you sign in through a third-party identity provider such as Google, we receive information from that provider such as your name, email address, and profile picture, as permitted by your settings with that provider.
- User Content. We collect the content you submit to and generate through the Services, including your conversations with Smith (agent chat transcripts); your interactions with tools within Smith, including scripts you edit, build scripts, and CAD operations; files, designs, and other materials you upload or create; and content you publish to Scrapyard.
- Scrapyard activity. We collect the signals you provide in Scrapyard and your interactions with catalog parts and other users’ designs (for example, views, reactions, and uses of shared parts).
- Feedback and communications. We collect feedback you submit through the in-product feedback tool and information you provide when you contact us, respond to surveys, or communicate with us.
- Payment information. Payments are processed by our third-party payment processor, currently Stripe. Your full payment card details are provided directly to and stored by Stripe, not by Arche. We receive and retain limited transaction information, such as the payment method type, the last four digits of your card, your billing details, and your transaction history.
Information We Collect Automatically
- Usage and log data. We collect information about your use of the Services, including features used, Token consumption, pages viewed, actions taken, timestamps, and referring pages.
- Session replays. We record and replay sessions of your interactions with the Services’ interfaces (for example, mouse movements, clicks, scrolling, and inputs within the product) to understand how the Services are used, diagnose problems, and improve the product.
- Device and connection information. We collect information about the device and connection you use to access the Services, including IP address, operating system, browser type, device identifiers, and approximate location derived from your IP address.
- Cookies and similar technologies. We and our service providers use cookies, web beacons, local storage, and similar technologies to operate the Services, keep you signed in, remember preferences, and analyze usage. See Section 6 (Cookies and Analytics).
Information from Third Parties
We may receive information about you from third parties, including identity providers (such as Google, when you use single sign-on), our payment processor (such as transaction confirmations and fraud signals from Stripe), and publicly available sources.
2. How We Use Information
We use the information we collect to:
- provide, operate, maintain, and secure the Services, including authenticating you, metering Token usage, and processing subscriptions and purchases;
- develop, improve, and train the Services and Arche’s underlying models, software, and technology, including using your User Content and usage information for machine learning and product development, as described in our Terms of Service;
- provide customer support and respond to your requests;
- personalize your experience and the content and features you see;
- monitor and analyze usage, performance, and trends, including through session replays;
- communicate with you about the Services, including transactional messages (such as receipts, usage notices, and changes to terms) and, subject to your opt-out rights, marketing communications about Arche products and features;
- detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service or applicable law; and
- comply with legal obligations and enforce our agreements and rights.
Human review. Your User Content, Scrapyard activity, feedback, and session replays may be reviewed by Arche’s employees and contractors for the purposes described above, including operating, supporting, securing, and improving the Services and investigating abuse. Please do not submit information to the Services that you do not want reviewed for these purposes.
De-identified and aggregated data. We may de-identify or aggregate information so that it no longer reasonably identifies you and use and share that information for any lawful purpose. We will not attempt to re-identify de-identified data, except as permitted by law to test the effectiveness of our de-identification.
3. How We Share Information
We share personal information as follows:
- Service providers. With vendors and contractors that perform services on our behalf, such as cloud hosting and infrastructure providers, third-party AI model providers that process your Inputs to generate Outputs, payment processing (Stripe), analytics and session-replay providers, and customer support tools. These providers are permitted to use personal information only to provide services to us. Our third-party AI model providers do not use your Inputs or Outputs to train their own models; however, they may retain Inputs and Outputs for a limited period to monitor for misuse and enforce their usage and safety policies, after which such data is deleted in accordance with their retention policies.
- Other users. When you publish content to Scrapyard or another shared area of the Services, that content — together with attribution information such as your username — is visible to other users of the Services. Content is shared with other users only when you take an affirmative action to publish it.
- Legal and safety. When we believe disclosure is required by or permitted under applicable law, regulation, subpoena, or other legal process, or is necessary to protect the rights, property, safety, or security of Arche, our users, or the public, or to detect, prevent, or respond to fraud, abuse, or security issues.
- Business transfers. In connection with, or during negotiations of, a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, in which case personal information may be among the transferred assets.
- Affiliates. With our corporate affiliates, if any, consistent with this Privacy Policy.
- With your consent. With your consent or at your direction.
We do not sell your personal information for money, and we do not share it with third parties for cross-context behavioral advertising.
4. Data Retention
We retain personal information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, including maintaining your account, complying with legal, tax, and accounting obligations, resolving disputes, enforcing our agreements, and for security and backup purposes. Retention periods vary by data type; for example, account records are retained while your account is active, and User Content is retained while your account is active and for a reasonable period thereafter. Information used to train or improve our models and technology, and de-identified or aggregated data, may be retained after account deletion, and improvements to our models and Services derived from your information are not affected by deletion of your account.
5. Security
We use administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, and unauthorized access, disclosure, alteration, and destruction. However, no method of transmission or storage is completely secure, and we cannot guarantee the security of your information. You are responsible for maintaining the confidentiality of your account credentials.
6. Cookies and Analytics
We use the following categories of cookies and similar technologies:
- Strictly necessary. Required for the Services to function, including authentication, session management, and security. These cannot be disabled through our Services.
- Functional and analytics. Used to remember your preferences, measure how the Services are used, and improve performance. We currently use PostHog for analytics and session replay, and we may use additional analytics providers (such as Google Analytics) in the future. Any additional providers will be subject to the practices described in this Privacy Policy.
You can manage cookies through your browser settings; disabling certain cookies may impair the Services. Our Services do not respond to “Do Not Track” browser signals.
7. Your Rights and Choices
- Account information. You may access and update certain account information through your account settings, and you may delete your account in your account settings or by contacting support@arche.co. Deleting your account will remove your access to the Services; note the retention terms in Section 4.
- Marketing opt-out. You may opt out of marketing emails by following the unsubscribe instructions in those emails or by contacting us at support@arche.co. We will still send you transactional and service messages.
- Cookies. See Section 6.
U.S. State Privacy Rights
Depending on your state of residence (including California, Colorado, Connecticut, Texas, Virginia, and others), you may have rights to: (a) know and access the personal information we process about you; (b) correct inaccurate personal information; (c) delete your personal information; (d) obtain a portable copy of your personal information; (e) opt out of “sales,” “sharing,” or targeted advertising (as noted in Section 3, we do not sell or share personal information for these purposes); and (f) not receive discriminatory treatment for exercising your rights. You may exercise these rights by contacting us at privacy@arche.co. We will verify your request using information associated with your account. You may authorize an agent to submit requests on your behalf, and you may appeal a denial by replying to our decision notice.
For purposes of the California Consumer Privacy Act, as amended (“CCPA”), the categories of personal information we collect are described in Section 1, the purposes are described in Section 2, and the categories of recipients are described in Section 3. We do not use or disclose sensitive personal information for purposes requiring a right to limit under the CCPA.
Users in the EEA, UK, and Switzerland
If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases: performance of our contract with you (providing the Services); our legitimate interests (including securing, improving, and developing the Services and our models, preventing abuse, and marketing our Services), balanced against your rights and freedoms; compliance with legal obligations; and your consent, where required (which you may withdraw at any time). You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority — though we ask that you contact us first at privacy@arche.co so we can try to resolve your concern.
International Data Transfers
Arche is based in the United States, and your information will be transferred to, stored, and processed in the United States and other countries that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate safeguards for such transfers, such as the European Commission’s Standard Contractual Clauses and/or certification under the EU-U.S. Data Privacy Framework.
8. Children’s Privacy
The Services are intended for users 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided personal information to us, please contact us at privacy@arche.co and we will take appropriate steps to delete the information and terminate the account.
9. Third-Party Sites and Services
The Services may contain links to, or interoperate with, websites and services that we do not operate, including Google sign-in and Stripe checkout. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you as required by applicable law (for example, by email or in-product notice) and update the “Last Updated” date above. Your continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy, except where consent is required by law.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, contact us at:
Arche Industries, Inc.
Email: privacy@arche.co