privacy policy

introduction

arbor ("arbor," "we," "us," or "our") provides an ai-powered chat platform. this privacy policy describes how we collect, use, disclose, and protect personal information through our services.

1. information we collect

information you provide

• account information: email, name, username, profile picture
• chat data: messages, conversations, chat history
• file attachments: images, pdfs, documents, code
• settings: ai preferences, api keys (encrypted), custom instructions
• workspace data: project names, local folder paths (via daemon)

information we collect automatically

• device data: ip address, browser type, operating system
• usage data: features used, pages visited, interaction patterns
• analytics data: via posthog (can be disabled in settings)

2. how we use your information

we use your information to:

• provide ai chat services
• process files and images (ocr, extraction)
• enable semantic search
• manage accounts and billing
• improve the services
• send transactional emails
• ensure security and prevent fraud

3. how we share your information

with ai model providers

when you use arbor, your messages and files are sent to ai providers to generate responses:

• openai (gpt-4o, gpt-4o-mini, image ocr)
• anthropic (claude 3.5 sonnet)
• google (gemini 1.5/2.0 flash)
• openrouter (multi-model access)

with service providers

• convex: database and backend (stores all data)
• clerk: authentication
• autumn/stripe: payments
• resend: email delivery
• posthog: analytics (opt-out available)
• vercel: hosting

we do not sell your personal information.

4. your rights and choices

access and manage data

• update profile information in settings
• delete chats and files
• request data export (contact legal@arbor.xyz)
• request account deletion (contact legal@arbor.xyz)

opt-out options

• disable analytics in settings
• unsubscribe from marketing emails
• disable specific notifications
• remove api keys

5. data security

we implement security measures including https/tls encryption, encrypted api key storage, access controls, and rate limiting. however, no method of transmission or storage is 100% secure.

6. data retention

• active accounts: data retained indefinitely
• deleted chats: recoverable for 30 days, then permanently deleted
• closed accounts: data deleted within 30 days
• backups: retained up to 90 days

7. international data transfers

arbor is based in the united states. if you access the services from outside the u.s., your information will be transferred to and processed in the united states.

8. children's privacy

the services are not intended for children under 13. we do not knowingly collect information from children under 13.

9. california & european privacy rights

california residents (ccpa) and european residents (gdpr) have additional rights including rights to access, delete, and port data. contact legal@arbor.xyz to exercise these rights.

10. contact us

for privacy questions or to exercise your rights:
email: legal@arbor.xyz
support: help@arbor.xyz