Privacy Policy

How ArbitrAI handles personal data across products and services.

Last updated: March 9, 2026

1. Scope

This Privacy Policy explains how ArbitrAI collects, uses, discloses, and protects personal data when you use our websites, applications, APIs, evaluations, and related services (the "Services").

This policy applies to customers, prospects, website visitors, and authorized users of customer workspaces.

2. Controller and Contact

ArbitrAI is the data controller for personal data processed for our own business purposes. For privacy inquiries, contact team@arbitrhq.ai.

3. Data We Collect

  • Account and profile data (name, email, role, company, login metadata).
  • Billing and transaction data (invoices, payment status, plan details).
  • Usage and telemetry data (events, logs, diagnostics, device/browser details).
  • Customer-submitted content (documents, prompts, datasets, traces, annotations).
  • Communication data (support requests, sales communications, feedback).
  • Security data (authentication signals, abuse prevention and incident logs).

4. Sources of Data

  • Directly from you and your organization.
  • From workspace administrators and team members.
  • Automatically through your use of the Services.
  • From third-party integrations and service providers you enable.

5. Why We Process Personal Data

We process personal data to provide and operate the Services, maintain security, improve performance, communicate with users, process billing, and comply with legal obligations.

Where GDPR applies, legal bases may include contract performance, legitimate interests, legal obligation, and consent (where required).

6. AI and Data Processing Context

Customer content may be processed through model providers or infrastructure subprocessors to execute evaluations, produce reports, and provide requested features.

We apply reasonable controls to limit access, isolate environments, and maintain auditability. Customers are responsible for ensuring they have lawful grounds to submit data to the Services.

7. Sharing and Disclosure

We do not sell personal data. We may share personal data with trusted providers acting on our instructions, including hosting, analytics, security, communication, and payment vendors.

We may also disclose data when required by law, to protect rights and safety, or in connection with a merger, acquisition, financing, or asset transfer.

8. International Transfers

Where personal data is transferred internationally, we use appropriate safeguards, such as contractual protections and other legally recognized transfer mechanisms.

9. Data Retention

We retain personal data for as long as needed to provide Services, meet contractual and legal obligations, resolve disputes, and enforce agreements.

Retention periods vary by data type, account settings, legal requirements, and operational necessity.

10. Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. No method of transmission or storage is completely secure.

11. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, and receive a portable copy of your personal data. You may also have the right to withdraw consent where processing is based on consent.

To exercise rights, contact team@arbitrhq.ai. We may verify identity before responding.

12. Region-Specific Notices

  • EEA/UK: You may lodge a complaint with your local supervisory authority.
  • California: Residents may have rights under the CCPA/CPRA, including rights to know, delete, correct, and limit certain processing.

13. Cookies and Similar Technologies

We may use cookies and similar technologies for authentication, security, performance, analytics, and product functionality. You can manage cookie preferences through browser settings where applicable.

14. Children's Data

The Services are not directed to children under 16, and we do not knowingly collect personal data from children under 16.

15. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated "Last updated" date.

16. Contact

For privacy questions or requests, email team@arbitrhq.ai.