Privacy Policy
Last Updated: March 17, 2026
Introduction
This Privacy Policy describes how Arreteq ("we", "us", or "our") collects, uses, and shares information about you when you use https://www.arreteq.com (the "Website").
By using our Website, you agree to the collection and use of information in accordance with this policy. We respect your privacy and are committed to protecting your personal data.
Information We Collect
We collect the following types of information:
- Personal Information: Name, email address, and other contact details you provide when you contact us, subscribe to our newsletter, create an account, or request access.
- Account Information: Username, password (encrypted), profile information, and account preferences.
- Access Requests: Email address, request details, invite codes, and access verification events used to manage gated access.
- Payment Information: Billing address and payment details. Note: Payment card information is processed securely by Stripe and is not stored on our servers.
- Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and other diagnostic data collected automatically.
How We Use Your Information
We use the information we collect for the following purposes:
- To provide and maintain our Website
- To notify you about changes to our Website or services
- To provide customer support
- To detect, prevent, and address technical issues
- To communicate with you, including responding to your inquiries
- To manage your account and provide you with access to your account features
- To review access requests, issue invite codes, and verify access
- To process transactions and send related information including purchase confirmations
- To analyze usage patterns and improve our Website
Access Requests and Invite Codes
We offer access via request-and-invite flows. When you request access, we collect your email address, request details, and access status. If approved, we issue an invite code that must match your email to verify access. We also log access verification events for security and auditing.
Cookies and Tracking
We use cookies and similar tracking technologies to track activity on our Website and hold certain information. For full details, please see our Cookie Policy.
We also use localStorage in your browser to save in-progress tasks and preferences. You can clear this in your browser settings.
Information Sharing
We do not sell, trade, or rent your personal information to third parties.
We may share your information only in the following limited circumstances:
- To comply with legal obligations
- To protect and defend our rights and property
- With your explicit consent
We do not sell or share personal information for cross-context behavioral advertising.
Data Security
We implement appropriate technical and organizational security measures to protect your personal information, including:
- Encryption of data in transit using SSL/TLS
- Secure storage of personal data
- Regular security assessments
- Access controls and authentication measures
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
Data Retention Policy
We retain different categories of personal information for varying periods based on the purpose of collection, legal requirements, and legitimate business needs.
| Data Category | Retention Period | Justification |
|---|---|---|
| Account Information | Duration of account + 2 years | Service provision and legal claims |
| Transaction Records | 7 years (legal requirement) | Tax and accounting requirements |
| Analytics Data | 26 months | Service improvement |
| Marketing Data | Until consent withdrawn | Consent-based processing |
| Support Records | 3 years after resolution | Quality assurance and dispute resolution |
| Access Requests & Invites | 24 months | Access auditing |
When personal information is no longer required, we will securely delete it from active systems and remove it from backups within 90 days, or anonymize it so it can no longer identify you.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify affected individuals within 72 hours of becoming aware of the breach
- Notify relevant supervisory authorities as required by applicable law
- Provide details about the nature of the breach, categories of data affected, and approximate number of individuals affected
- Describe the likely consequences of the breach
- Explain the measures taken or proposed to address the breach and mitigate potential adverse effects
Your Rights (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request limitation of processing of your data
- Right to Data Portability: Request transfer of your data to another organization
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent at any time where we rely on consent
To exercise any of these rights, please contact us at dpo@arreteq.com. We will respond within 30 days.
Legal Basis for Processing:
| Processing Purpose | Legal Basis |
|---|---|
| Account Creation & Management | Necessary for contract performance (GDPR Art. 6(1)(b)) |
| Analytics & Service Improvement | Our legitimate business interests (GDPR Art. 6(1)(f)) |
| Marketing Communications | Your explicit consent (GDPR Art. 6(1)(a)) |
| Payment Processing | Necessary for contract performance (GDPR Art. 6(1)(b)) |
| Security & Fraud Prevention | Our legitimate business interests (GDPR Art. 6(1)(f)) |
| Customer Support | Necessary for contract performance (GDPR Art. 6(1)(b)) |
| Personalization | Your explicit consent (GDPR Art. 6(1)(a)) |
Data Subject Request Procedure
To exercise your data protection rights:
- Send an email to privacy@arreteq.com with the subject line "Data Subject Request"
- Specify which right you wish to exercise (access, rectification, erasure, portability, etc.)
- Provide sufficient information to verify your identity and locate your data
We will acknowledge your request within 72 hours and respond substantively within 30 days. Complex requests may require an extension of up to 60 additional days, in which case we will notify you.
International Data Transfers
Your personal data may be transferred to and processed in countries other than the country in which you reside. We take appropriate safeguards to ensure your personal data remains protected, including EU Standard Contractual Clauses (SCCs) approved by the European Commission.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt-out of sale/sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising.
To exercise your rights, submit a request to privacy@arreteq.com. We will verify your identity and respond within 45 days.
Do Not Track
Currently, we do not respond to Do Not Track (DNT) signals, as there is no industry-standard interpretation of how to respond to them. We will update this policy if a standard is established.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
Arreteq
Email: privacy@arreteq.com
Data Protection Officer: dpo@arreteq.com