Privacy Policy
How Arcitix collects, uses, and protects personal data, and the rights you have under the GDPR, UK GDPR, and CCPA/CPRA. Last updated May 16, 2026.
1. Who We Are (Data Controller)
Arcitix AI Security ("Arcitix", "we", "us") is the data controller for personal data processed through this website and our client engagements. For any privacy matter, contact our privacy team at privacy@arcitix.com. EU/UK visitors may also reach our Data Protection point of contact at dpo@arcitix.com.
2. Information We Collect
We only collect what we need:
- Information you give us — name, work email, phone, company, inquiry type, and the contents of messages submitted via our contact form, email, or calls.
- Engagement information — company context, security requirements, and limited technical detail needed to scope and deliver work, governed by the relevant signed agreement.
- Technical information — server logs (IP address, user agent, timestamps, requested URL) generated automatically for security, abuse prevention, and reliability.
- Cookies and similar technologies — see our Cookie Policy. Non-essential cookies are set only with your consent.
We do not knowingly collect data from children under 16, and we do not intentionally collect special-category data through this website.
3. How We Use Your Data & Legal Bases (GDPR Art. 6)
- Respond to your enquiry and provide services — performance of a contract, or steps taken at your request before entering a contract.
- Operate, secure, and improve the website — our legitimate interests in running a safe, reliable service (balanced against your rights).
- Analytics and marketing cookies — your consent, which you may withdraw at any time.
- Meet legal, tax, security, and regulatory obligations — compliance with a legal obligation.
4. Sharing & Disclosure
We do not sell personal data and we do not "share" it for cross-context behavioural advertising. We disclose personal data only to: processors acting on our instructions (e.g. hosting, email, infrastructure providers under data-processing agreements); professional advisors; a successor entity in a merger or acquisition; or authorities where required by law. All processors are bound by confidentiality and security obligations.
5. International Data Transfers
We operate remotely and may process data outside your country, including in the United States. Where data leaves the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum) together with supplementary measures. A copy of the relevant safeguard is available on request.
6. Data Retention
We keep personal data only as long as necessary for the purpose it was collected. Indicative periods: contact-form enquiries that do not become engagements are deleted within 24 months; engagement records are retained for the term of the contract plus the period required for legal, tax, and security obligations; server logs are kept for a short rolling window for security and diagnostics. When no longer needed, data is securely deleted or anonymised.
7. Your Rights
Subject to applicable law, you have the right to: access your data; request rectification or erasure; restrict or object to processing; data portability; and to withdraw consent at any time without affecting prior processing. Under the CCPA/CPRA, California residents have the right to know, delete, correct, and opt out of sale/sharing (we do neither), and not to be discriminated against for exercising these rights.
To exercise any right, email privacy@arcitix.com. We respond within the timeframes required by law (generally one month under the GDPR, 45 days under the CCPA) and may need to verify your identity first. You may use an authorised agent where the law allows.
8. Cookies & Consent
We use strictly necessary cookies to run the site, and functional, analytics, and marketing cookies only with your consent. You can review or change your choice any time via the Cookie settings link in the footer. Full detail is in our Cookie Policy.
9. Security
We apply access controls, least-privilege handling, encryption in transit, and reasonable technical and organisational safeguards appropriate to the risk. No method of transmission or storage is perfectly secure, but we work to protect personal data and to notify affected individuals and regulators of qualifying breaches as required by law.
10. Complaints
If you have concerns, please contact us first so we can help. You also have the right to lodge a complaint with your supervisory authority — for example, your national Data Protection Authority in the EEA, or the UK Information Commissioner's Office (ICO) at ico.org.uk.
11. Changes & Contact
We may update this policy to reflect changes in law or our practices; the "last updated" date above will change accordingly. For any privacy question or request, email privacy@arcitix.com.