Last updated: April 2026

Privacy Policy

Thank you for using arcOS. Protecting your personal data is important to us. This privacy policy explains what personal data we collect when you use our platform, how we process it, and which rights you have. The legally binding version is the German Datenschutzerklärung; this English version is provided for convenience only.

1. Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other data-protection regulations is:

arcneo GmbH
Email: info@arcneo.de
Website: https://ai.arcneo.de

2. Data we collect and why

2.1 Account registration

When you register, we collect your name, email address, password (stored hashed) and organization affiliation. We use this data to provide your account, authenticate you and fulfil our contractual obligations. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

2.2 Project data

When you use arcOS, we process the project data you upload (such as offering memoranda, zoning plans, parcel data, market data) and the results of the AI-assisted analyses. This data is used solely to deliver the agreed services. Legal basis: Art. 6(1)(b) GDPR.

2.3 Usage data

Each time the platform is accessed, technical data (IP address, time stamp, browser, device, pages visited) is processed insofar as this is necessary to deliver the service and ensure stability and security. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

2.4 Contact requests

If you contact us via the contact form or email, we process the information you submit in order to handle your request. Legal basis: Art. 6(1)(b) or (f) GDPR.

3. Service providers and recipients

We rely on carefully selected processors within the meaning of Art. 28 GDPR. Data-processing agreements have been concluded with each of them:

  • Supabase — database, authentication, storage (EU-hosted).
  • Vercel Inc. — platform hosting.
  • OpenAI — AI analysis agents.
  • Google (Gemini) — AI rendering generation.
  • Inngest — pipeline orchestration.
  • Resend — transactional email delivery.
  • GeoMaps — market-data and geocoding queries.

Where personal data is transferred to a third country, the transfer is based on appropriate safeguards, in particular the EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

4. Retention

We store personal data only for as long as is necessary to fulfil the purposes described or as required by statutory retention obligations (in particular under commercial and tax law). After the contract ends and statutory retention periods expire, the data is deleted or anonymised.

5. Cookies and tracking

We use strictly necessary cookies to enable login and session management. These cookies are required to operate the platform. We do not use tracking or marketing cookies.

6. Your rights

You have the right at any time to:

  • obtain information about your stored data (Art. 15 GDPR),
  • have inaccurate data corrected (Art. 16 GDPR),
  • have your data erased, provided no retention obligation applies (Art. 17 GDPR),
  • restrict processing (Art. 18 GDPR),
  • data portability (Art. 20 GDPR),
  • object to processing (Art. 21 GDPR) where it is based on Art. 6(1)(f) GDPR,
  • lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights, an informal email to info@arcneo.de is sufficient.

7. Data security

We take appropriate technical and organisational measures to protect your data against unauthorised access, loss or manipulation. These include transport encryption (TLS), hashed password storage, role-based access controls and regular security reviews.

8. Changes to this privacy policy

We may amend this privacy policy where required to reflect changes in the legal or technical environment. The current version is always available on this page.