Privacy Policy

Last updated: May 19, 2026

This Privacy Policy explains how Arendel collects, uses, shares, and protects information about you when you use the Arendel deal operations platform.

1. Information We Collect

  • Account info — name, email, phone, title, profile picture (provided directly or via OAuth at sign-up).
  • Deal & document content — files, comments, tasks, notes, and other content you upload.
  • Usage data — actions you take in the app (deals viewed, documents accessed, tasks completed), captured for the in-app activity log.
  • Technical data — IP address, browser user-agent, viewport size, recent console errors when you submit feedback through the in-app widget.
  • AI generation logs — for each AI-drafted document we record the user, deal, prompt tokens, completion tokens, model, and success status.

2. How We Use Information

  • To provide and improve the Service.
  • To send transactional emails (invites, task reminders, document shares, signature requests, feedback resolutions).
  • To investigate security incidents and abuse.
  • To respond to your support requests.

We do not sell your personal information. We do not use your uploaded deal content to train any AI model (yours or anyone else’s).

3. Third-Party Processors

We use the following sub-processors to deliver the Service. Each is contractually obligated to protect your data:

  • Clerk — authentication, sessions, MFA.
  • Neon — managed PostgreSQL database (US-East).
  • Cloudflare R2 — file storage (S3-compatible, no egress fees).
  • Vercel — Next.js hosting (US-East).
  • Resend — transactional email delivery (with Amazon SES as upstream).
  • Anthropic — Claude API for AI document drafting (when feature is enabled).
  • Sentry — error monitoring and session replay (sampled).
  • Slack — optional team-channel notifications (if your org has connected Slack).
  • Stripe — billing (Owner-tier only).

4. Data Sharing

We share your information only:
  • With other users on the same deal, scoped by the access level you were granted.
  • With the sub-processors listed above, to operate the Service.
  • If required by law (subpoena, court order, legal process), after notifying you unless prohibited.
  • In connection with a corporate transaction (merger, acquisition, sale of assets), in which case the acquirer assumes these obligations.

5. Security

We use industry-standard safeguards including TLS in transit, encryption at rest (Neon + R2), per-org isolation, role-based access control, and audit logging. Documents uploaded to Arendel are routed directly to Cloudflare R2 via presigned URLs and are never persisted to our application servers.

6. Retention

We retain deal data for as long as your organization maintains an account. When an organization is deleted, deal data is removed within 30 days, except where retention is required by law (eg subpoena response, audit). Archived documents persist beyond deal deletion for compliance purposes; you can permanently delete them at any time from the archived-documents admin page.

7. Your Rights

Depending on your jurisdiction, you may have rights to: access the personal data we hold about you, correct inaccuracies, request deletion, object to processing, and port your data. To exercise any of these, contact support@arendel.io. We will respond within 30 days.

8. International Transfers

Arendel is operated in the United States. If you are outside the US, your information will be transferred to and processed in the US. Where required, we use Standard Contractual Clauses or other lawful transfer mechanisms.

9. Children

Arendel is not intended for users under 18. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

10. Changes

We may update this Privacy Policy. Material changes will be communicated to your registered email address with at least 14 days notice.

11. Contact

Questions, requests, or complaints? Email support@arendel.io.

This Privacy Policy is provided in template form during the closed beta. It has not yet been reviewed by counsel for compliance with CCPA, CPRA, GDPR, or other regulations — engage a lawyer before relying on it in a regulated environment.