Privacy Policy

Last updated: February 2, 2026

ARCHWAY AI INC. (“Archway”, “we”, “us”, or “our”) operates the website located at www.tryarchway.ai and the Archway platform (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, and password when you create an account.
• Organization Information: Organization or company name.
• Payment Information: Billing details processed through Stripe. We do not store credit card numbers on our servers.
• Bridge Code: Source code you write and deploy through the platform.
• Customer Secrets: API credentials and other secrets submitted by your customers through the customer portal, encrypted at rest using AES-256-GCM.
• Communications: Messages you send to us via email or in-app chat (Intercom).

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, bridge invocation logs (inputs, outputs, timestamps, duration).
• Device Information: Browser type, operating system, IP address.
• Cookies: We use essential cookies for authentication and session management. Our third-party providers (Intercom, Stripe) may set additional cookies.

1.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your name, email address, and profile identifier from Google. We do not access your Google contacts, calendar, or other data.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process payments and manage subscriptions
• Send transactional emails (verification codes, invitations, bridge error notifications)
• Monitor and log bridge invocations for debugging and auditing
• Improve the Service and develop new features
• Respond to your support requests
• Enforce our Terms of Use and protect against misuse

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

• Service Providers: We use third-party services to operate the platform:
  • Vercel — Hosting and serverless function execution
  • Neon — PostgreSQL database hosting
  • Stripe — Payment processing
  • Intercom — Customer support and help center
  • Google — OAuth authentication
• Legal Requirements: If required by law, subpoena, or other legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: When you explicitly authorize sharing.

4. Data Security

We implement industry-standard security measures to protect your data:

• Customer secrets are encrypted at rest using AES-256-GCM with per-organization derived keys
• All data is transmitted over HTTPS/TLS
• Passwords are hashed using bcrypt
• Bridge code undergoes automated security scanning before deployment
• Organization-level data isolation ensures users only access their own organization's data
• JWT-based authentication with token versioning for session invalidation

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your account information for as long as your account is active. Bridge invocation logs are retained for operational and debugging purposes. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

6. Your Rights

6.1 All Users

You may:

• Access and update your account information through the Settings page
• Delete your account by contacting us at support@tryarchway.ai
• Opt out of non-essential communications

6.2 California Residents (CCPA)

If you are a California resident, you have the right to: (a) request disclosure of the categories and specific pieces of personal information we have collected; (b) request deletion of your personal information; and (c) opt out of the sale of personal information (we do not sell personal information). To exercise these rights, contact us at support@tryarchway.ai.

6.3 European Residents (GDPR)

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to access, rectify, port, and erase your data, and the right to restrict or object to processing. Our legal basis for processing is contract performance (to provide the Service) and legitimate interest (to improve the Service and prevent misuse). To exercise these rights, contact us at support@tryarchway.ai.

7. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: support@tryarchway.ai