Privacy Policy

Overview

Arc Labs Private Limited (“Arc Labs”, “we”, “our”, or “us”) is an AI-agent infrastructure company headquartered in Bangalore, India. We build open-source cognitive infrastructure — including Recall (memory), Plan (planning), and Reason (reasoning) — for developers building AI agents.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites (arc-labs.ai, recall.arc-labs.ai, docs.arc-labs.ai), use our cloud services, interact with our open-source software, or communicate with us.

What We Collect

Information you provide directly:

• Account information (name, email, organization) when you sign up for the Recall cloud service
• Payment information processed through our payment provider (Stripe) — we do not store card details
• Communications when you email us, submit feedback, file issues, or participate in our Discord
• Contributions to our open-source repositories on GitHub

Information collected automatically:

• Basic analytics data (page views, referrer, country) via privacy-respecting analytics
• Technical information (browser type, device type, IP address) in server logs
• API usage metrics (request counts, latency, error rates) for cloud service customers

How We Use Information

• Provide, maintain, and improve our products and services
• Process payments and manage your cloud service account
• Respond to your inquiries and support requests
• Send service-related communications (outage notifications, security alerts, billing)
• Monitor and analyze usage patterns to improve reliability and performance
• Comply with legal obligations and enforce our terms

We do not use your data for advertising, sell it to third parties, or train AI models on your content.

Recall Product Data

Recall is designed with data ownership as a core principle. How your data is handled depends on your deployment mode:

Cloud Service

If you use the Recall cloud service, the following additional terms apply:

• Your memories, embeddings, and entity data are stored in encrypted databases in your selected region
• We retain your data for the duration of your subscription plus 30 days after account closure
• You can export all your data at any time via the API or dashboard
• You can request full deletion of your data, which we will process within 30 days
• We maintain audit logs of administrative access to customer data

Cookies & Analytics

Our websites use minimal, privacy-respecting analytics. We do not use third-party advertising cookies or cross-site tracking.

• Essential cookies: Session management, authentication state, and CSRF protection
• Analytics: Privacy-respecting, aggregate-only analytics to understand page views and usage patterns. No personal identifiers are stored.
• Preferences: Theme settings and dashboard preferences stored locally in your browser

We do not use Google Analytics, Facebook Pixel, or any advertising-related tracking technology.

Data Sharing

We do not sell, rent, or trade your personal information. We may share information with:

• Service providers: Payment processing (Stripe), cloud infrastructure (AWS/GCP), email delivery — all bound by data processing agreements
• Legal requirements: When required by law, subpoena, or court order
• Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice

Data Retention

We retain your personal information only as long as necessary for the purposes described in this policy:

• Account data: duration of your account plus 30 days
• Server logs: 90 days
• Analytics data: 12 months (aggregated, no personal identifiers)
• Payment records: as required by tax and accounting regulations (typically 7 years)
• Support correspondence: 2 years after last interaction

Security

We implement industry-standard security measures including:

• Encryption at rest (AES-256) and in transit (TLS 1.3)
• Regular security audits and dependency scanning
• Role-based access control for internal systems
• Incident response procedures with 72-hour notification for confirmed breaches

Our open-source code is publicly auditable. Security issues can be reported to security@arc-labs.ai.

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your personal data
• Export your data in a machine-readable format
• Object to or restrict certain processing activities
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@arc-labs.ai. We will respond within 30 days.

International Transfers

Arc Labs is headquartered in Bangalore, India. If you are accessing our services from outside India, your information may be transferred to and processed in India. We ensure appropriate safeguards are in place for any international data transfers in accordance with applicable data protection laws.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email (for registered users) or a prominent notice on our website at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact Us

If you have questions or concerns about this Privacy Policy: