Privacy Policy

Last updated: July 6, 2026

This document is provided in English. If it is translated into another language, the English version is the authoritative version.

1. Who We Are

This Privacy Policy explains how ArcFusion Technologies Corp. ("we", "us"), operator of the Enterprise Skills service at enterpriseskills.ai (the "Service"), collects, uses, and protects personal data. We are the data controller for the personal data described here.

2. Data We Collect

  • Account data: your email address and license key(s).
  • Payment data: payments are processed by Stripe. We receive subscription status and billing metadata from Stripe; we never store your card numbers.
  • Device data (seat enforcement): a device identifier, hostname, and platform (operating system) for each machine where a license is activated, used to enforce licensed seat counts.
  • Usage telemetry: event type, skill identifier, duration, and success/failure of skill invocations. Telemetry is associated with a SHA-256 hash of your license key, not the key itself.
  • Audit events: license validations, activations, and renewals, kept for security and billing integrity.
  • Server logs: IP addresses and request metadata, used for rate limiting and abuse prevention.

3. How We Use Data

  • Delivering the Service (accounts, downloads, updates, support).
  • License and seat enforcement.
  • Product improvement (understanding which skills are used and how well they work).
  • Fraud and abuse prevention, including rate limiting.

Where GDPR applies, we rely on performance of contract (service delivery, license enforcement), legitimate interests (product improvement, fraud prevention), and legal obligations (billing records) as legal bases.

4. Service Providers (Processors)

We share data with the following providers, only as needed to run the Service:

  • Stripe — payment processing
  • Supabase — database hosting
  • Vercel — website and API hosting
  • Resend — transactional email
  • GitHub — content delivery infrastructure

Each provider processes data under its own contractual and security commitments.

5. No Sale of Personal Data

We do not sell personal data, and we do not share personal data with third parties for their own marketing purposes.

6. Retention

We keep account and billing data for as long as your account exists and as required for tax and accounting obligations afterwards. Audit events and server logs are kept for a limited period appropriate to security and billing-integrity purposes and then deleted or anonymized. Telemetry is retained in aggregate form; event-level telemetry is deleted or anonymized when no longer needed for product improvement.

7. Your Rights (GDPR)

If you are in the EU/EEA or UK, you have the right to access, rectify, and erase your personal data, the right to data portability, the right to object to or restrict certain processing, and the right to lodge a complaint with your supervisory authority. To exercise any of these rights, email support@arcfusiontechnologies.com from your account email address. We respond within the timeframes required by law.

8. California Residents (CCPA/CPRA)

California residents have the right to know what personal information we collect (described in Section 2), to request deletion, to correct inaccurate information, and to not be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined in the CCPA/CPRA. To exercise your rights, use the contact email in Section 7.

9. Cookies

The site uses functional cookies only — for example, session cookies for authenticated areas of the site. We do not use advertising or cross-site tracking cookies, which is why the site does not show a cookie consent banner. If we ever introduce non-essential cookies, we will update this policy and request consent where required.

10. Telemetry Opt-Out

You can disable usage telemetry at any time by setting the environment variable ENTERPRISE_SKILLS_TELEMETRY=off on your machine. License validation requests (required for the Service to function) are unaffected by this opt-out.

11. Children

The Service is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

12. International Transfers

Our providers may process data in the United States and other countries. Where data is transferred out of the EU/EEA or UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework commitments of our providers.

13. Changes to This Policy

We may update this policy from time to time. For material changes we will give notice (for example by email or a notice on the site) before the changes take effect.

14. Contact

Privacy questions and rights requests: support@arcfusiontechnologies.com. See also our Terms of Service.