Privacy Policy

This policy explains what information Arenza collects when you use our AI Visibility / GEO platform (the “Service”), what we do with it, and the rights you have over it. We aim for plain English. If anything is unclear, email hello@arenza.ai and we’ll explain.

1. Who we are

Arenza is the controller of personal data collected via arenza.ai, app.arenza.ai, mcp.arenza.ai, and our REST API. Contact: hello@arenza.ai.

2. What we collect

• Account data: email address, name, organization name, and authentication identifiers from our auth provider (Clerk).
• Billing data: if you subscribe to a paid tier, payment-method tokens (we never store card numbers — Stripe holds them) and invoice history.
• Brand-tracking data: the brand names, domains, competitor lists, and prompts you configure for AI visibility scans. This is product data, not personal data.
• Scan results: the AI answers we collect on your behalf when probing ChatGPT, Claude, Gemini, Perplexity, Copilot, and Grok. Stored against your account.
• Usage data: page views, feature interactions, errors. Used to improve the product.
• Cookies: a session cookie for authentication, plus minimal first-party analytics. We do not use third-party advertising cookies.

3. How we use it

• To deliver the Service (run scans, render dashboards, send reports).
• To bill you (if you’re on a paid tier).
• To send transactional email (account confirmation, billing receipts, security alerts).
• To improve the product based on aggregate usage patterns.
• To detect abuse and prevent fraud.
• To comply with legal obligations.

We do not sell your data. We do not use your scan results to train generic AI models. We do not share your customer-list to third parties for marketing.

4. Third parties we share data with

• Clerk — authentication. Receives your email + sign-in events. clerk.com/privacy
• Stripe — payment processing. Receives payment-method data when you subscribe. stripe.com/privacy
• Google Cloud (Cloud Run, Cloud SQL, GCS) — hosting + storage. Data resides in asia-southeast1 region by default (Singapore); enterprise customers can request EU or US regions.
• OpenAI, Anthropic, Google, Perplexity, Microsoft, xAI — AI assistants we probe on your behalf. We send prompts (which you configured); we don’t send your account data.
• Resend — transactional email delivery. resend.com/privacy

We sign Data Processing Agreements (DPAs) with each subprocessor where required by GDPR.

5. How long we keep it

• Account data: while your account is active, plus 30 days after deletion.
• Billing data: 7 years (tax + accounting requirements).
• Scan results: while your account is active, plus 90 days after deletion (in case you reactivate).
• Usage logs: 90 days, then aggregated.

6. Your rights

If you are in the EU, UK, or California (GDPR / UK GDPR / CCPA jurisdictions), you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Delete your account and personal data (right to erasure).
• Export your data in a portable format.
• Object to processing for analytics purposes.
• Lodge a complaint with your local data-protection authority.

To exercise any right, email hello@arenza.ai. We respond within 30 days.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Production access is restricted to a small engineering team with audit logging. We do not have SOC 2 certification yet (we’re a 2026-vintage startup); we’re working toward SOC 2 Type II for the Enterprise tier. Security questions: hello@arenza.ai.

8. International data transfers

The Service is operated from Google Cloud’s asia-southeast1 region (Singapore). EU customers’ data may be transferred outside the EEA; we rely on Standard Contractual Clauses for these transfers. Enterprise customers can request EU or US regional residency.

9. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

10. Changes to this policy

When we make material changes we’ll email account holders and update the “Last updated” date above. Continued use of the Service after a change means you accept the updated policy.

11. Contact

Questions, requests, or complaints: hello@arenza.ai