Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, organization name, and password when you create an account.
• Payment Information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.
• Content: Messages, documents, knowledge base articles, and other content you upload or create through the platform.
• Third-Party Account Credentials: When you connect services (e.g., Instagram, WordPress, WhatsApp), we store access tokens and account identifiers required to operate integrations on your behalf.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, agent interactions, timestamps.
• Device Information: Browser type, operating system, IP address.
• Cookies: Session cookies for authentication and preference storage (language, theme).

1.3 Information from Third-Party Integrations

When you connect Instagram or other Meta services, we may receive:

• Your Instagram Business Account ID and username
• Access tokens (long-lived, 60-day expiry, refreshable)
• Content you choose to publish through our platform
• Comments, direct messages, and mentions (when webhook notifications are enabled)

We only access the data necessary to provide the features you have enabled. We do not access your personal Instagram posts, stories, or private messages beyond what is required for the business integrations you configure.

2. How We Use Your Information

• To provide, operate, and maintain the Ark Vision platform
• To process transactions and send billing notifications
• To publish content to connected platforms (Instagram, WordPress, etc.) on your behalf
• To respond to customer messages via connected channels (WhatsApp, Instagram DMs, website widget)
• To generate AI-powered responses, reports, and documents through our agent system
• To improve our platform based on usage patterns (aggregated, non-personal)
• To send essential service communications (security alerts, billing, feature updates)
• To comply with legal obligations

3. Instagram & Meta Platform Data

Ark Vision integrates with Meta's Instagram API to enable businesses to:

• Publish content: Post images and videos to Instagram Business accounts directly from the Ark Vision dashboard
• Manage interactions: Receive and respond to Instagram DMs, comments, and mentions through AI-powered agents
• Analyze engagement: View basic account insights to inform content strategy

We comply with Meta's Platform Terms and Developer Policies. Specifically:

• We only request permissions necessary for the features described above
• We do not sell Instagram user data to third parties
• We do not use Instagram data for advertising, profiling, or purposes unrelated to the services you configure
• Access tokens are stored encrypted and are revoked immediately upon disconnection
• You can disconnect Instagram at any time from Settings, which deactivates the integration and clears stored credentials

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: We use trusted third-party service providers for payment processing, hosting, transactional email, and AI processing — each under their own privacy policies and data processing agreements. The specific providers and technologies used constitute our confidential business operations.
• Third-Party Platforms: Content you choose to publish is sent to the respective platform (Instagram, WordPress, etc.).
• Legal Requirements: When required by law, court order, or governmental regulation.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

5. Data Retention

• Account Data: Retained while your account is active. Deleted within 90 days of account closure upon request.
• Agent Conversations: Retained for the duration of your subscription. Exportable upon request.
• Third-Party Tokens: Revoked and deleted immediately upon disconnection or account deletion.
• Audit Logs: Retained for 12 months for security and compliance purposes.

6. Data Security

We implement industry-standard security measures:

• All data transmitted over HTTPS/TLS 1.3
• Database-level Row Level Security (RLS) ensures multi-tenant data isolation
• API rate limiting across all routes to prevent abuse
• Prompt injection detection and automatic account suspension for malicious activity
• Access tokens stored server-side only, never exposed to client browsers
• Admin access requires separate authentication via admin_users table

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data
• Portability: Request your data in a machine-readable format
• Restriction: Request we limit processing of your data
• Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@arksolutionsglobal.com.

8. GDPR Compliance (EU/EEA Users)

For users in the European Union / European Economic Area:

• Data Controller: Ark Solutions FZE
• Legal Basis: Contract performance (providing the service), legitimate interests (security, improvement), and consent (optional integrations)
• International Transfers: Data may be processed in the United States and United Arab Emirates. We use standard contractual clauses where applicable.

9. UAE PDPL Compliance

Ark Vision complies with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021):

• Personal data is processed only for specified, explicit, and legitimate purposes
• Data minimization principles are applied across all integrations
• Users have the right to access, correct, and delete their personal data

10. Data Deletion (Instagram / Meta)

You can request deletion of your Instagram-related data at any time:

• From Ark Vision: Go to Settings → disconnect Instagram. This immediately deactivates the integration and clears stored credentials.
• From Instagram: Remove Ark Vision from your Instagram Settings → Apps and Websites. This triggers our deauthorization callback which automatically clears your data.
• Direct Request: Email privacy@arksolutionsglobal.com with your request.

You can check the status of a data deletion request at /data-deletion.

11. Children's Privacy

Ark Vision is a business platform not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the platform after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries:

• Email: privacy@arksolutionsglobal.com
• Company: Ark Solutions FZE
• Website: arksolutionsglobal.com