01 Who we are
Arborr ("Arborr", "we", "us") provides an AI-assisted reporting platform that turns natural-language questions into shareable reports backed by customer-authorised data sources. This policy covers the marketing website at arborr.ai and the "Request access" form that lets you join our private beta.
Use of the Arborr product itself — once you have access — is governed by a separate Data Processing Agreement and Terms of Service, because in that context we act as a processor of your customer data.
02 What we collect
Information you give us
When you submit the "Request access" form, we collect what you type into it:
- Company name — to qualify and route the request.
- Work email address — so we can reply.
- Company size — for capacity planning during the private beta.
- Industry — to understand which use cases are landing.
If you email us, the contents of that email and any attachments become part of our records for as long as we need them to handle the request.
Information collected automatically
- Technical data — IP address, user-agent, referrer, and timestamps logged by our hosting and edge providers for security and abuse prevention.
- Usage data — pages viewed, sections you interact with, broad device characteristics. Aggregated, never tied to your identity unless you've also submitted a form.
What we do not collect on this site
We don't ask for, and don't want, sensitive categories of personal data (health, financial account numbers, government IDs, etc.) on this website. If you accidentally include any in a free-text field or email, tell us and we'll delete it.
03 How we use it
- To respond to access requests — review your submission, schedule a conversation, send beta credentials.
- To improve the product and the website — understand which capabilities resonate, fix issues, prioritise the roadmap.
- To keep things safe — detect abuse, rate-limit, prevent fraud and spam against our forms and infrastructure.
- To meet legal obligations — respond to lawful requests, keep records required by tax, contract, or compliance regimes that apply to us.
We do not sell personal data. We do not use your data to train large language models. We do not run third-party advertising on this site.
04 Legal bases
Where the EU/UK GDPR or similar regimes apply, we rely on the following legal bases:
- Legitimate interests — to operate, secure, and improve the website and to evaluate access requests, balanced against your rights and expectations.
- Consent — for non-essential cookies and for marketing communications, where required. You can withdraw consent at any time.
- Contract / pre-contract — to handle your request and prepare an agreement with your organisation.
- Legal obligation — when we must retain or disclose data to comply with applicable law.
07 Retention
- Access-request submissions — kept for up to 24 months from your last interaction, after which they are deleted or anonymised, unless we still have an active relationship.
- Email correspondence — kept for up to 36 months for service and legal-record purposes.
- Server and security logs — typically 30–90 days, longer if needed to investigate a specific incident.
- Cookie preferences — stored in your browser until you clear them.
08 Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data, subject to legal retention obligations.
- Restrict or object to certain processing.
- Receive a portable copy of data you provided.
- Withdraw consent for cookies or marketing at any time.
- Lodge a complaint with your data protection authority.
To exercise any of these, email privacy@arborr.ai. We respond within 30 days; if your request is complex we may extend by another 60 days and tell you why.
09 Security
Across both the marketing site and the product we apply layered safeguards:
- TLS in transit, AES-256-GCM for sensitive credentials at rest.
- Least-privilege access for staff, audit-logged.
- Read-only database roles for any customer source connected to the product.
- Secrets stored in managed secret vaults — never in source control.
- Routine review of provider security posture and SOC 2 / ISO 27001 attestations where available.
10 International transfers
Our service providers may process data outside your country, including in the European Union, the United States, and the United Arab Emirates. Where required, transfers are protected by Standard Contractual Clauses, adequacy decisions, or equivalent safeguards.
11 Children
Arborr is a B2B platform. The website and product are not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.
12 Changes to this policy
We will post any updates here and revise the "Last updated" date above. For material changes we'll do more than that — typically an in-product notice or an email, depending on the relationship we have with you.
13 Contact
Questions, requests, or concerns about this policy:
- Email — privacy@arborr.ai
- General — hello@arborr.ai
If you'd rather request access to the platform, jump to the form.