Personal Information: We may collect personal information that you voluntarily provide, including:

• Name, email address, phone number, and business contact information
• Account credentials and authentication information
• Payment and billing information
• Business and professional information related to insurance activities
• Communications and correspondence with us

Automatically Collected Information: We automatically collect certain information when you use our Services:

• IP address, browser type, operating system, and device information
• Usage data, including pages visited, time spent, and click patterns
• Cookies and similar tracking technologies
• Log files and server data

We use collected information for the following purposes:

• Providing, operating, and maintaining our Services
• Processing transactions and managing your account
• Communicating with you about our Services, updates, and support
• Improving our Services and developing new features
• Ensuring compliance with legal and regulatory requirements
• Detecting, preventing, and addressing fraud and security issues
• Marketing and promotional communications (with your consent)

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit and at rest
• Access controls and authentication protocols
• Regular security assessments and monitoring
• Employee training on data protection practices

We retain your personal information only as long as necessary to:

• Provide our Services to you
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements
• Maintain business records for legitimate purposes

Depending on your location, you may have the following rights regarding your personal information:

• Access - Request access to your personal information
• Correction - Request correction of inaccurate information
• Deletion - Request deletion of your personal information
• Portability - Request transfer of your information to another service
• Objection - Object to certain processing activities
• Opt-out - Unsubscribe from marketing communications

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze usage patterns and improve our Services
• Provide personalized content and features
• Ensure security and prevent fraud

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

• Cross-border data processing with appropriate safeguards
• Compliance with applicable data protection laws
• International operations with proper protection measures

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to Know: What personal information is collected and how it is used
• Right to Delete: Request deletion of personal information
• Right to Opt-out: Opt-out of the sale of personal information
• Right to Non-discrimination: No discrimination for exercising privacy rights

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including those outlined in Section 7 above. Our lawful basis for processing includes:

• Contractual necessity for providing our Services
• Legitimate interests in operating and improving our business
• Legal compliance with applicable regulations
• Consent where explicitly provided

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Your continued use of our Services after such changes constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For privacy-related inquiries or to exercise your data protection rights, you may contact our Data Protection Officer at privacy@arrk.io.

If we collect biometric information (such as fingerprints or facial recognition data), we will:

• Obtain your written consent before collection
• Inform you of the purpose and duration of collection and use
• Not sell, lease, trade, or otherwise profit from biometric information
• Store biometric information for no more than 3 years or until the purpose is satisfied
• Use reasonable care to protect biometric information from disclosure

We may use automated decision-making processes, including profiling, for:

• Risk Assessment: Fraud prevention and security measures
• Personalization: Service recommendations and customization
• Compliance: Regulatory monitoring and reporting

We may process your personal information in the United States and other countries where we or our service providers operate. We implement appropriate safeguards including:

• Contractual Clauses: Standard contractual clauses approved by regulatory authorities
• Adequacy Decisions: Adequacy decisions by relevant data protection authorities
• Corporate Rules: Binding corporate rules where applicable
• Explicit Consent: Your explicit consent for specific transfers

In the event of a data breach affecting your personal information, we will:

• Notify relevant authorities within 72 hours where required by law
• Inform affected individuals without undue delay when required
• Provide clear information about the nature of the breach and steps being taken
• Offer appropriate remedial measures including identity monitoring services where applicable

We carefully vet all service providers and require them to:

• Security Measures: Implement appropriate technical and organizational security measures
• Purpose Limitation: Process personal information only for specified purposes
• Retention Control: Not retain personal information longer than necessary
• Incident Reporting: Notify us immediately of any security incidents

We limit employee access to personal information based on job requirements and provide:

• Regular privacy and security training
• Background checks for employees with access to sensitive information
• Confidentiality agreements and non-disclosure obligations
• Monitoring and logging of access to personal information systems

We maintain detailed records of our data processing activities including:

• Data Categories: Categories of personal information processed
• Processing Purposes: Purposes of processing and legal basis
• Retention Schedules: Data retention schedules and deletion procedures
• International Transfers: International transfers and safeguards implemented

We cooperate fully with data protection authorities and will:

• Respond promptly to official inquiries and investigations
• Provide requested documentation and access to systems
• Implement corrective measures as directed by regulators
• Participate in regulatory proceedings and compliance reviews

Given our role in the insurance technology sector:

• Underwriting & Claims: We may process information necessary for underwriting and claims processing
• Regulatory Compliance: We comply with insurance regulatory requirements for data handling
• Information Sharing: We may share information with insurance carriers and intermediaries as necessary
• Insurance Coverage: We maintain appropriate professional indemnity and cyber liability insurance