AARQOHome

Privacy Policy

Last updated: 6 June 2026

1. Who we are

Arqo ("Arqo", "we", "us") is operated by Arqo, a sole establishment licensed in Dubai, United Arab Emirates (Dubai Media City, Dubai Development Authority, licence no. 105721). For the purposes of data-protection law, we are the controller of the personal data described in this policy.

For any privacy question, or to exercise your rights, contact us at hello@arqo.studio.

2. What we collect

We collect as little as possible, and only what we need to run the service for you:

  • Account data — your name and email, so you can sign in and we can contact you.
  • Your content — the brand, project, and strategy information you choose to enter. This is yours; we process it only to generate your outputs and run the service, and we treat it as confidential (see section 5).
  • Usage and billing data — basic logs of how the service is used, including AI processing volumes and cost records, for billing, security, and reliability.
  • Payment data — handled by our payment processor, Stripe. We do not store your full card details — only limited information such as your subscription status and the last digits and brand of your card.
  • Technical data — IP address, device and browser information, and the essential cookies needed to run the service (see our Cookie Notice).

3. How we use your data, and our legal bases

  • To provide and operate the service, including processing your content through AI to generate outputs — performance of our contract with you.
  • To bill you and manage your subscription — performance of contract / legal obligation.
  • To secure the service, prevent abuse, and apply fair-use limits — our legitimate interests.
  • To respond to support requests — performance of contract / legitimate interests.
  • To send you marketing about Arqo — only with your consent, which you can withdraw at any time.
  • To meet legal, accounting, and tax obligations — legal obligation.

We may also use aggregated, de-identified information — which does not identify you or reveal your content — to operate, secure, and improve the service.

4. AI processing of your content

Your content is processed by our AI provider, Anthropic, to generate strategy and content outputs. Under Anthropic's commercial (API) terms, your content is not used to train AI models — it is sent only to return results to you. For enterprise customers, additional data-protection arrangements (including a Data Processing Addendum and reduced data-retention terms) are available on request. See our Subprocessor List for details.

5. Confidentiality of your content

We treat the content you put into Arqo as confidential, and we keep our own access to it to a minimum.

Our personnel do not access your content except where you have asked us to (for example, to resolve a support issue you have raised), or where it is necessary to maintain security, prevent fraud or abuse, or comply with the law. Any such access is limited to authorised personnel on a need-to-know basis and protected by multi-factor authentication, and administrative actions are recorded in an internal audit log.

Your content is encrypted in transit and at rest. We do not use your content for advertising, and we do not sell it.

6. Who we share data with

We share data only with the service providers ("subprocessors") that help us run Arqo — for hosting, database, payments, email, AI processing, security, and error monitoring. Each is named, with its purpose and location, in our Subprocessor List. We do not sell your personal data, and we do not share it for third-party advertising.

7. International transfers

We are based in the UAE and our providers operate in various countries, including the United States. Where your personal data is transferred outside your country (including outside the UK or EEA), we rely on appropriate safeguards offered by those providers, such as Standard Contractual Clauses.

8. How long we keep it

  • While your account is active, we keep your account and content data so the service works for you.
  • When you delete your account, we delete your content and personal data within 30 days, and we anonymise historical cost records (removing the link to you) so that only aggregate, non-identifying information remains.
  • Billing and tax records we keep for up to 7 years, because UAE and other applicable tax and accounting laws require us to retain them.
  • Backups may persist for a short additional period before they are cycled out in the ordinary course.

9. Your rights

Depending on where you live (including under UK and EU GDPR and the UAE PDPL), you may have the right to access your data, correct it, delete it, export it (portability), object to or restrict certain processing, and withdraw consent. You can export or delete your data from your account settings, or contact us at hello@arqo.studio. You may also have the right to complain to your local data-protection authority.

10. Security

We protect your data with measures including encryption in transit, access controls, and authentication. No system is perfectly secure, but we work to protect your information and to respond to incidents.

11. Children

Arqo is not intended for anyone under 18, and we do not knowingly collect data from children.

12. Changes

We may update this policy. We will post the updated version here with a new "last updated" date, and notify you of material changes where required.

13. Contact

Questions or requests: hello@arqo.studio.