Skip to main content
ARCNAT
How It WorksDocumentationSecurityContact
Sign inSign upDashboardGet Started
ARCNATARCNAT

Legal & Privacy

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Security

Architecture

  • Architecture Overview
  • API Documentation

Documentation

  • Documentation

Contact

  • Contact
  • Support

ARC-OS: Evidence-first operating system for regulated environments

Built for organizations where mistakes are not forgiven and proof is required years later. Vendor-neutral architecture. Deterministic replay. Complete audit trails.

Privacy•Terms•Cookies

© 2026 ARC-OS. All rights reserved.

Your Privacy Matters

Privacy Policy

We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.

Last updated: January 26, 2026

Quick Navigation

IntroductionData We CollectHow We Use DataData SharingSecurityYour RightsCookie PolicyContact Us

Introduction

ARCNAT ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our retirement plan administration platform and services (the "Service").

As a compliance-first platform handling sensitive financial and personal information, we take data protection seriously. This policy applies to all users of our Service, including plan administrators, participants, and other authorized users.

Important Notice

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

Account Information

When you create an account or register for our Service, we collect:

  • Name and contact information (email address)
  • Authentication credentials (stored as encrypted password hashes)
  • OAuth provider information (if you sign in with Google, Microsoft, or other providers)
  • Account preferences and settings
  • Last login timestamps and activity metadata

Plan and Participant Data

To provide retirement plan administration services, we process:

  • Plan information (EIN, plan type, plan documents)
  • Participant information (names, dates of birth, hire dates, termination dates)
  • Social Security Numbers (encrypted and stored securely)
  • Contribution and distribution data
  • Employment and payroll information
  • Beneficiary information

Usage and Activity Data

We automatically collect information about how you use our Service:

  • Log data (IP addresses, browser type, device information)
  • Usage patterns and feature interactions
  • Workflow and task completion data
  • Time tracking and work log entries
  • Document access and modification history
  • Audit trail entries for compliance purposes

Communications Data

When you communicate with us or use our communication features:

  • Email communications and responses
  • Support tickets and help requests
  • Campaign and interaction records
  • Consent records for marketing and data processing

How We Use Your Information

Service Delivery

Provide, maintain, and improve our retirement plan administration services, process transactions, and manage your account.

Compliance & Legal

Ensure compliance with ERISA, IRS regulations, and other legal requirements. Maintain audit trails and evidence bundles.

Security & Fraud Prevention

Detect, prevent, and address security threats, fraud, and unauthorized access to protect your data and our systems.

Communication

Send service-related communications, respond to inquiries, provide support, and send important updates about your account.

Analytics & Improvement

Analyze usage patterns to improve our Service, develop new features, and optimize performance and user experience.

AI-Powered Features

Power our AI agents and intelligent features that help automate workflows, provide insights, and enhance decision-making.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

Service Providers

We may share data with trusted third-party service providers who assist us in operating our Service, such as cloud hosting providers (AWS), email services, and analytics tools. These providers are contractually obligated to protect your data.

Legal Requirements

We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

With Your Consent

We may share information with your explicit consent or at your direction, such as when you authorize integration with third-party services.

Data Security

We implement industry-standard security measures to protect your information:

Encryption

All sensitive data, including SSNs and passwords, is encrypted at rest and in transit using industry-standard encryption protocols.

Access Controls

We implement role-based access controls (RBAC), multi-factor authentication, and IP allowlisting to restrict unauthorized access.

Secure Infrastructure

Our infrastructure is hosted on AWS with enterprise-grade security, regular security audits, and compliance certifications.

Audit Trails

All data access and modifications are logged in comprehensive audit trails for compliance and security monitoring.

Your Responsibility

While we take extensive measures to protect your data, you are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Right to Access

You can request a copy of the personal information we hold about you. We provide comprehensive data export functionality through our GDPR compliance features.

Right to Rectification

You can request correction of inaccurate or incomplete information. You can update most information directly through your account settings.

Right to Erasure

You can request deletion of your personal information, subject to legal and compliance requirements. Some data may be retained for audit and legal purposes.

Right to Data Portability

You can request your data in a structured, machine-readable format. We support data export in JSON format through our API.

Right to Object

You can object to certain processing of your data, such as marketing communications. You can manage consent preferences in your account settings.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days, or as required by applicable law.

Contact Us

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and support security. For detailed information about the types of cookies we use, how we use them, and how you can manage your cookie preferences, please see our comprehensive Cookie Policy.

Cookie Policy

Our Cookie Policy provides detailed information about:

  • Types of cookies we use (Essential, Analytics, Functional)
  • Specific cookies and their purposes
  • Third-party cookies and services
  • How to manage your cookie preferences
  • Other tracking technologies we use
Read Our Cookie Policy

Quick Summary

We use essential cookies for authentication and security (required for the Service to function), analytics cookies to improve our Service (optional), and functional cookies to remember your preferences (optional). You can manage non-essential cookies through your browser settings or account preferences.

For complete details, please review our Cookie Policy.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account data: Retained while your account is active and for a reasonable period after closure for legal and audit purposes
  • Plan and participant data: Retained as required by ERISA, IRS regulations, and other applicable laws (typically 7+ years)
  • Audit logs: Retained for compliance and security purposes, typically for the duration required by regulations
  • Legal holds: Data subject to legal holds will be retained until the hold is released

Compliance Requirements

Due to the regulated nature of retirement plan administration, we must retain certain data for extended periods to comply with ERISA, IRS, and DOL requirements. This retention is necessary to protect your interests and ensure regulatory compliance.

International Data Transfers

Our Service is primarily hosted in the United States. If you are located outside the United States, your information may be transferred to, stored, and processed in the United States.

We ensure that appropriate safeguards are in place for international data transfers, including:

  • Standard Contractual Clauses (SCCs) for data transfers
  • Adequacy decisions where applicable
  • Compliance with GDPR and other applicable data protection laws

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to registered users for significant changes
  • Displaying a notice in the Service for material changes

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email

Contact us through our contact page

Data Protection Officer

For GDPR-related inquiries, you can reach our Data Protection Officer through the contact methods above.

Get in Touch

This Privacy Policy is effective as of January 26, 2026 and applies to all users of ARCNAT.

ARCNAT is committed to protecting your privacy and maintaining the highest standards of data protection.

Terms of Service•Cookie Policy