Arkly
← Back
Legal

Privacy Policy

Last updated: June 10, 2026

1. Who we are

Arkly is a private digital continuity service. We help individuals organize critical information — legal documents, digital access, assets, trusted contacts and emergency files — and release it only to chosen people, only when a defined protocol is triggered. This Policy explains what we collect, why, and the rights you have under GDPR (EU/UK) and LGPD (Brazil).

2. Data we collect

  • Account data: name, email, password hash, authentication factors.
  • Vault content: the documents, credentials, asset records, contact details and files you choose to store. Treated as sensitive personal data.
  • Trusted contacts: names, emails and phone numbers of people you nominate to receive notifications under your protocols.
  • Operational metadata: last check-in, protocol status, activity log, notification log — required for the continuity engine to function.
  • Billing data: handled by Stripe; we store only your customer reference and subscription status.

3. Legal basis

We process your data based on (a) the contract between you and Arkly to deliver the service, (b) your explicit consent for sensitive vault content, and (c) our legitimate interest in keeping the service secure and reliable.

4. How data is released

Vault items are access by protocol, never by person. A trusted contact receives nothing automatically. Notifications are only dispatched when one of your configured protocols is triggered — either by silence (24h / 7d / 30d without check-in) or by manual activation of the Critical Event protocol.

5. Storage & security

Data is stored on encrypted infrastructure within the European Union. Row-level access controls ensure no other Arkly user — including trusted contacts — can read your vault until a protocol triggers. Backups are encrypted at rest. We enable two-factor authentication and check passwords against the Have I Been Pwned database on sign-up.

6. Retention

Your data is kept for as long as your account is active. On deletion, we erase your vault, profile and contacts within 30 days. Operational logs required for fraud prevention may be retained for up to 12 months.

7. Your rights

You may request access, correction, deletion, portability or restriction of your personal data at any time. Under LGPD you may also request information on how we share your data. Contact privacy@arkly.app.

8. Sub-processors

We use Supabase (hosting/database), Cloudflare (edge), Stripe (payments) and transactional email providers. Each is bound by data-processing agreements compatible with GDPR and LGPD.

9. Contact

Data Protection Officer: dpo@arkly.app. For complaints you may also contact your local supervisory authority (ANPD in Brazil; the lead EU authority for residents of the EEA).