Privacy Policy

Arbor Analytics LLC
Last updated: 29 June 2025

1. About this policy

This Privacy Policy explains how Arbor Analytics LLC ("Arbor," "we," "us") collects, uses, shares and protects personal information when you visit arboranalytics.io or use our web/mobile applications (together, the "Services").

2. What we collect & why

Category	Examples	Purpose / Legal basis*
Account data	Name, email, organisation, billing address, hashed password, auth-token	create & secure your account; perform contract
Project content	Aerial photos, LiDAR files, WebODM models, annotations, comments	render models; provide version history; perform contract
Device & usage	IP address, browser type, referring URL, pages viewed, clicks, error logs	operate our site; detect fraud; legitimate interest
Location (coarse)	GeoIP or device locale	optimise viewer load-balancing; legitimate interest
Payment data	Last four digits of card, transaction IDs (processed via Stripe)	process payments; perform contract
Cookies & similar	See Cookie Policy	site analytics, preference storage; consent / legitimate interest
Marketing preferences	Opt-in newsletter status	send updates you request; consent

*GDPR Art. 6 legal bases shown in italics.

3. How we use data

Provide, maintain and improve the Services (model generation, viewing, storage).
Respond to support requests.
Send transactional notices (e.g. "Your model finished processing").
Conduct analytics to understand feature adoption.
Detect, investigate and prevent security incidents or policy violations.
Comply with legal obligations (e.g. tax, accounting).

4. Sharing & disclosure

We never sell personal data. We share only:

Recipient	Reason
Cloud providers (AWS US-East, CloudFront CDN)	hosting & storage
Payment processor (Stripe)	billing
Analytics vendor (Plausible, EU-hosted)	site usage statistics
Error-tracking (Sentry, US)	bug triage
Corporate affiliates	internal administration, if Arbor reorganises
Authorities / law enforcement	when required by law or to protect rights, safety or property

All vendors are bound by contracts requiring GDPR-level safeguards.

5. International transfers

We host data in the United States. Where GDPR applies, we rely on the EU–US Data Privacy Framework or Standard Contractual Clauses for transfers.

6. Retention

We keep project files for as long as your subscription is active, then 60 days (configurable). Back-ups are purged on a 30-day rolling schedule. Billing records: 7 years.

7. Your rights

Where applicable, you may: access, correct, delete, export, restrict or object to processing of your personal data, or withdraw consent at any time.

GDPR/EU/UK: Article 15-22 rights
CCPA/CPRA (California): right to know, delete, correct, opt-out of "sharing," non-discrimination

Submit requests via Info@ArborAnalytics.io. We respond within 30 days.

8. Security

We employ TLS 1.3 in transit, AES-256 server-side encryption at rest, role-based access controls, and annual penetration tests. No method is 100% secure; notify us immediately if you suspect unauthorised access.

9. Children

The Services are not directed to children under 16. We do not knowingly collect their data. Contact us to delete any inadvertent collection.

10. Changes

We will post any revisions here and update the "Last updated" date. Material changes will be emailed to account holders 30 days in advance.

11. Contact

Info@ArborAnalytics.io