Privacy Policy

Last updated: January 3, 2026

At Archiv ("we," "our," "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered learning platform.

By using Archiv, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Information You Provide Directly

When you use Archiv, we collect information that you voluntarily provide:

  • Account Information: Email address, password (encrypted), display name, and profile settings
  • User Content: Messages, conversations, uploaded files (images, documents, PDFs, videos), quiz responses, and learning data
  • Communication Data: Support requests, feedback, and correspondence with us
  • Payment Information: Billing details processed through our payment provider (Gumroad) - we do not store full payment card numbers

1.2 Information Collected Automatically

When you access our Service, we automatically collect certain information:

  • Device Information: Browser type, operating system, device identifiers, screen resolution
  • Usage Data: Pages visited, features used, time spent, click patterns, search queries
  • Log Data: IP address, access times, referring URLs, error logs
  • Performance Data: Load times, response times, error rates

1.3 Information from Third Parties

We may receive information from:

  • Authentication Providers: If you sign in using third-party services
  • Payment Processor: Transaction status and billing information from Gumroad
  • Analytics Services: Aggregated usage patterns and performance metrics

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Providing and Improving the Service

  • Operating and maintaining the Archiv platform
  • Processing your AI chat requests and generating responses
  • Storing and retrieving your conversations and files
  • Generating interactive knowledge graphs that visualize topics and concepts from your conversations
  • Creating explore graphs and help graphs to enhance your learning experience
  • Generating quizzes and tracking your learning progress
  • Building mastery profiles based on your learning interactions
  • Improving AI response quality and accuracy
  • Developing new features and functionality

2.2 Account Management

  • Creating and managing your account
  • Authenticating your identity
  • Processing subscriptions and payments
  • Sending account-related notifications

2.3 Communication

  • Responding to your inquiries and support requests
  • Sending service updates and announcements
  • Providing technical support
  • Marketing communications (with your consent)

2.4 Security and Compliance

  • Protecting against fraud, abuse, and security threats
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Responding to legal requests

2.5 Analytics and Research

  • Understanding how users interact with our Service
  • Analyzing trends and usage patterns (in aggregate)
  • Conducting research to improve learning outcomes

3. AI Processing and Data

Archiv uses artificial intelligence to provide chat responses, file analysis, knowledge graphs, and educational content. We use multiple AI providers to power different features:

  • Chat Responses: OpenRouter API processes your messages to generate AI responses
  • Knowledge Graphs: OpenRouter API analyzes conversations to generate topic graphs, explore graphs, and help graphs
  • File Analysis: Uploaded files are processed to extract content for AI analysis
  • Mastery Profiles: AI analyzes your learning interactions to build skill assessments

Important privacy guarantees:

  • Temporary Processing: AI processing occurs in real-time
  • Secure Storage: Generated graphs and analysis are stored securely in our infrastructure

For information about our AI providers' data practices, please refer to:

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

  • Supabase: Database, authentication, and file storage
  • Google Cloud (Gemini): AI language model processing for analyzing knowledge graphs
  • OpenRouter: AI API gateway for knowledge graph generation, advanced features, and chat reponses
  • Gumroad: Payment processing and billing
  • Analytics providers: Usage analytics and performance monitoring
  • Email services: Transactional email delivery

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Government requests with proper legal authority
  • Protection of our rights, property, or safety
  • Prevention of fraud or security threats

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

4.5 What We Do NOT Do

  • We do not sell your personal information
  • We do not share your data for advertising purposes
  • We do not provide your data to data brokers

5. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations and tax requirements
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

5.1 Retention Periods

  • Active Account Data: Retained while your account is active
  • Conversations and Files: Retained until you delete them or close your account
  • Payment Records: Retained for 7 years for tax and legal compliance
  • Log Data: Typically retained for 90 days
  • Deleted Account Data: Removed within 30 days, except where legal retention is required

5.2 Account Deletion

When you delete your account, we will delete or anonymize your personal data within 30 days, except for data we are legally required to retain.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

6.1 Access and Portability

  • Request a copy of your personal data
  • Export your data in a machine-readable format
  • Know what information we have about you

6.2 Correction

  • Update or correct inaccurate personal information
  • Modify your account settings and preferences

6.3 Deletion

  • Request deletion of your personal data ("Right to be Forgotten")
  • Delete your account and associated data
  • Remove specific conversations or files

6.4 Restriction and Objection

  • Restrict processing of your data in certain circumstances
  • Object to processing based on legitimate interests
  • Opt out of marketing communications

6.5 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or as required by applicable law).

We may need to verify your identity before processing certain requests to protect your privacy and security.

7. Cookies and Tracking Technologies

7.1 What We Use

We use the following technologies to collect and store information:

  • Essential Cookies: Required for authentication, security, and basic functionality
  • Preference Cookies: Remember your settings and preferences (e.g., dark mode)
  • Analytics Cookies: Help us understand how you use the Service
  • Local Storage: Store application state and cached data

7.2 Your Cookie Choices

Most browsers allow you to control cookies through settings. You can:

  • Block all cookies (may affect functionality)
  • Delete existing cookies
  • Allow only first-party cookies
  • Browse in private/incognito mode

Note that blocking essential cookies may prevent you from using certain features of the Service.

8. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Authentication: Secure password hashing and session management
  • Access Control: Role-based access to data and systems
  • Infrastructure: Secure cloud hosting with Supabase and reputable providers
  • Monitoring: Continuous security monitoring and incident response
  • Regular Audits: Periodic security assessments and updates

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. You use the Service at your own risk, and we encourage you to use strong passwords and protect your account credentials.

9. International Data Transfers

Archiv operates globally, and your data may be processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Using service providers that comply with applicable data protection standards
  • Implementing standard contractual clauses where required
  • Ensuring adequate levels of protection as required by applicable laws

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to countries that may not have equivalent data protection laws. By using our Service, you consent to such transfers.

10. Children's Privacy

Archiv is not intended for children under 13 years of age (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at [email protected], and we will take steps to delete such information.

For users between 13 and 18 (or the age of majority in their jurisdiction), parental consent may be required in some regions.

11. Regional Privacy Rights

11.1 European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access, rectification, erasure, and data portability
  • Right to restrict or object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local supervisory authority

Legal Basis for Processing:

  • Contract: Processing necessary to provide the Service
  • Legitimate Interests: Improving the Service, security, and fraud prevention
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

11.2 California (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

11.3 Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including access, correction, deletion, and data portability.

11.4 Indonesia

As Archiv is based in Indonesia, we comply with applicable Indonesian data protection regulations. Indonesian users have rights to access, correct, and delete their personal data.

12. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through Archiv.

We are not responsible for the privacy practices or content of third-party services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify you via email or in-app notification for material changes
  • We may ask for your consent if required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.

15. Data Protection Officer

For privacy-related inquiries or to exercise your data protection rights, you may contact our data protection team at:

By using Archiv, you acknowledge that you have read and understood this Privacy Policy. For information about our terms of use, please see our Terms of Service.