Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, organization name, and password when you create an account.
• Payment Information: Billing details are processed securely through our payment provider. We do not store credit card numbers on our servers.
• Content: Messages, documents, knowledge base articles, and other content you upload or create through the platform.
• Third-Party Account Credentials: When you connect services (e.g., Instagram, WordPress, WhatsApp, Gmail), we store access tokens and account identifiers required to operate integrations on your behalf.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, AI tool usage, timestamps.
• Device Information: Browser type, operating system, IP address.
• Cookies: Session cookies for authentication and preference storage (language, theme).

1.3 Information from Third-Party Integrations

When you connect third-party services, we receive only what is necessary to operate the integration:

• Instagram / Meta: Your Instagram Business Account ID, username, access tokens, and content you publish through our platform. Comments, direct messages, and mentions when notifications are enabled.
• Gmail: Your Gmail address and a connection token that allows us to send emails on your behalf. We do not read, access, or store any emails in your inbox.
• WordPress, WhatsApp, LinkedIn, and others: Account identifiers and access tokens required to publish content or send messages on your behalf.

We only access the data necessary to provide the features you have enabled.

2. How We Use Your Information

• To provide, operate, and maintain the Ark Vision platform
• To process transactions and send billing notifications
• To publish content to connected platforms (Instagram, WordPress, etc.) on your behalf
• To send emails on your behalf through your connected Gmail account, when you explicitly initiate a send action
• To respond to customer messages via connected channels (WhatsApp, Instagram DMs, website widget)
• To generate AI-powered responses, reports, and documents on your behalf
• To improve our platform based on usage patterns (aggregated, non-personal)
• To send essential service communications (security alerts, billing, feature updates)
• To comply with legal obligations

3. Third-Party Platform Integrations

Instagram / Meta: Ark Vision connects to Instagram Business accounts to publish content, manage comments and DMs, and view account insights. We comply with Meta's Platform Terms. We do not sell Instagram data or use it for advertising or profiling.

Gmail (Google): When you connect a Gmail account, Ark Vision can send emails on your behalf — for example, sales outreach and follow-up emails. We only send emails you explicitly compose and approve within the platform. We do not read your inbox, access existing emails, or use your Gmail data for any purpose other than sending emails you initiate. Ark Vision's use of Google account data complies with the Google API Services User Data Policy, including the Limited Use requirements.

For all integrations: access tokens are stored encrypted, are never shared with third parties, and are revoked immediately when you disconnect the integration from Settings.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: We use trusted third-party service providers for payment processing, hosting, transactional email, and AI processing — each under their own privacy policies and data processing agreements. The specific providers and technologies used constitute our confidential business operations.
• Third-Party Platforms: Content you choose to publish is sent to the respective platform (Instagram, WordPress, etc.).
• Legal Requirements: When required by law, court order, or governmental regulation.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

5. Data Retention

• Account Data: Retained while your account is active. Deleted within 90 days of account closure upon request.
• Agent Conversations: Retained for the duration of your subscription. Exportable upon request.
• Third-Party Tokens: Revoked and deleted immediately upon disconnection or account deletion.
• Audit Logs: Retained for 12 months for security and compliance purposes.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure, in accordance with Article 32 of the GDPR. These measures include:

• Encryption in transit and at rest: All data transmitted to and from the platform is encrypted. Data stored on our systems is encrypted at rest.
• Organisational data isolation: Each organisation's data is strictly separated at the infrastructure level. No organisation can access another organisation's data under any circumstances.
• Access controls: Access to personal data is restricted to authorised personnel only, on a need-to-know basis. Administrative functions require elevated authentication independent of standard user access.
• Third-party credential security: Integration credentials and access tokens are stored securely on our servers and are never shared with or exposed to third parties.
• Threat detection and abuse prevention: Automated systems monitor platform activity for abuse, unauthorised access attempts, and malicious inputs. Accounts engaging in confirmed malicious activity are suspended immediately.
• Confidentiality, integrity, and availability: We maintain processes to ensure the ongoing confidentiality and integrity of processing systems, and the ability to restore data availability in the event of a technical incident.
• Regular review: Our security measures are reviewed and tested on a regular basis and updated in response to evolving threats.

We do not use your data — or your end-users' data — to train AI models. Data processed by AI components of our platform is used solely to deliver the service you have configured and is not retained by any AI provider beyond the processing of each individual request.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data
• Portability: Request your data in a machine-readable format
• Restriction: Request we limit processing of your data
• Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@arksolutionsglobal.com.

8. GDPR Compliance (EU/EEA Users)

For users in the European Union and European Economic Area, Ark Vision acts as a data controller in respect of account and usage data, and as a data processor in respect of personal data you upload or process through the platform (e.g. customer conversations, employee records).

Legal Basis for Processing (Article 6 GDPR)

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the Ark Vision service you have subscribed to, including account management, billing, and feature delivery.
• Legitimate interests (Art. 6(1)(f)): Security monitoring, abuse prevention, platform improvement based on aggregated analytics, and fraud detection — where these do not override your fundamental rights.
• Legal obligation (Art. 6(1)(c)): Compliance with applicable laws, regulatory requests, and court orders.
• Consent (Art. 6(1)(a)): Optional integrations (e.g. connecting Instagram, WhatsApp) where you explicitly authorise access. Consent may be withdrawn at any time by disconnecting the integration.

Security of Processing (Article 32 GDPR)

We implement appropriate technical and organisational measures as described in Section 6 above, taking into account the nature, scope, context, and purposes of processing, as well as the risks to your rights and freedoms.

Data Processor Obligations

Where we act as a data processor on your behalf, we process personal data only on your documented instructions. We do not sub-process data outside the scope of service delivery without your knowledge. A Data Processing Agreement (DPA) is available upon request for organisations that require one for their own GDPR compliance obligations.

International Transfers

Data may be processed outside the European Economic Area, including in the United Arab Emirates and the United States. Where such transfers occur, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or we transfer to countries with an adequacy decision. You may request details of the safeguards applicable to your data by contacting privacy@arksolutionsglobal.com.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

9. UAE PDPL Compliance

Ark Vision complies with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021 and its amendments). As a company incorporated in the UAE (Ark Solutions FZE), we are subject to this law in respect of personal data processed within or from the UAE.

• Purpose limitation: Personal data is collected and processed only for specified, explicit, and legitimate purposes. It is not used in any manner incompatible with those purposes.
• Data minimisation: We collect only the personal data that is necessary for the purpose for which it is processed.
• Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
• Storage limitation: Personal data is retained only for as long as necessary for the purposes set out in this policy or as required by law.
• Security: Appropriate technical and organisational measures are implemented to protect personal data as described in Section 6.
• Your rights: UAE residents have the right to access, correct, and request deletion of their personal data. Requests should be directed to privacy@arksolutionsglobal.com.
• Cross-border transfers: Where personal data is transferred outside the UAE, we ensure an adequate level of protection is in place consistent with the PDPL requirements.

10. Data Deletion (Instagram / Meta)

You can request deletion of your Instagram-related data at any time:

• From Ark Vision: Go to Settings → disconnect Instagram. This immediately deactivates the integration and clears stored credentials.
• From Instagram: Remove Ark Vision from your Instagram Settings → Apps and Websites. This automatically removes your data from our systems.
• Direct Request: Email privacy@arksolutionsglobal.com with your request.

You can check the status of a data deletion request at /data-deletion.

11. Children's Privacy

Ark Vision is a business platform not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the platform after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries:

• Email: privacy@arksolutionsglobal.com
• Company: Ark Solutions FZE
• Website: arksolutionsglobal.com