Privacy Policy.

This website (arcalabs.io) is operated by Arca Labs Ltd, a company registered in England and Wales under company number 17120412, with its registered office at 45 Whittington Chase, Kingsmead, Milton Keynes, Buckinghamshire, MK4 4HL.

Arca Labs Ltd is the data controller responsible for the personal data described in this policy and is registered with the UK Information Commissioner's Office under registration number ZC128488. References to "we", "us" or "our" mean Arca Labs Ltd. References to "you" or "your" mean any visitor to our website or individual who corresponds with us.

We collect personal data in the following ways:

Information you give us directly

• Contact enquiries. If you email us, we receive your name, email address and the content of your message.
• Partnership / operator enquiries. Where you approach us about licensing the Arca platform we may collect your business name, role, contact details and information about your proposed operator skin.
• Correspondence. Any information you choose to include in messages, calls or meetings with us.

Information collected automatically

• Device and browser data. IP address (truncated where possible), browser type and version, operating system, screen resolution and referring URL.
• Usage data. Pages visited, time spent, interactions with features, and similar analytics signals — collected via PostHog EU (see Cookies Policy) only where you have consented to optional analytics cookies.
• Log data. Server logs (including IP address, timestamps, request paths and error information) collected for security, debugging and abuse-prevention purposes.

Information from third parties

• Email service provider. When you email us, our email provider (Microsoft 365) processes message metadata and content.
• Analytics provider. PostHog EU receives anonymised product-analytics events, subject to your cookie consent.

We use personal data for the following purposes:

Under UK GDPR we must have a lawful basis for each processing activity. We rely on the following:

• Consent (Art. 6(1)(a)). For optional analytics cookies and for any direct marketing emails you opt into. Consent can be withdrawn at any time — see Your rights.
• Contract (Art. 6(1)(b)). To take steps at your request before entering a licensing agreement, and to perform our obligations under any resulting agreement.
• Legitimate interests (Art. 6(1)(f)). For responding to unsolicited enquiries, securing our website, maintaining business records and pursuing partnership opportunities where our interests are not overridden by your rights.
• Legal obligation (Art. 6(1)(c)). Where processing is required by UK law (e.g. tax records, statutory disclosures).

We do not sell personal data. We share it only with trusted service providers and where required by law:

Each processor is bound by a written data-processing agreement requiring appropriate security, confidentiality and processing limits.

Where personal data is transferred outside the United Kingdom or European Economic Area, we rely on one of the following safeguards:

• Adequacy decisions made by the UK Government or European Commission for the destination country.
• UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with the UK Addendum, where adequacy is not in place.
• Your explicit consent where neither of the above applies and the transfer is genuinely necessary.

Our primary analytics provider, PostHog EU, hosts data in the European Union (Frankfurt), keeping product-analytics data within EU jurisdiction.

We retain personal data only for as long as we have a lawful purpose to do so:

Under UK GDPR you have the following rights in relation to your personal data:

• Right of access. A copy of the personal data we hold about you.
• Right to rectification. Correction of inaccurate or incomplete data.
• Right to erasure. Deletion of data in specified circumstances ("right to be forgotten").
• Right to restriction. Limiting how we process your data while a query is resolved.
• Right to data portability. A machine-readable copy of data you provided to us.
• Right to object. To processing based on legitimate interests or for direct marketing.
• Right to withdraw consent. Where we rely on consent (e.g. analytics cookies, marketing emails). Withdrawal does not affect the lawfulness of processing before withdrawal.
• Rights relating to automated decisions. We do not currently carry out automated decision-making that produces legal effects.

We use strictly necessary cookies to operate the site and optional analytics cookies (via PostHog EU) only where you have given consent. No advertising, marketing or cross-site tracking cookies are used.

Full details — including what each cookie does, how long it lasts, and how to change your choices — are in our Cookies Policy.

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration or disclosure. These include TLS encryption in transit, access controls, principle-of-least-privilege, vendor due-diligence, and regular review of our security practices.

No system can be guaranteed 100% secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where the risk is high, notify affected individuals without undue delay.

Arca Labs Ltd's website and platform are intended for business and professional audiences. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this policy to reflect changes in our practices or legal obligations. Material changes will be highlighted at the top of this page for at least 30 days before they take effect. The "Effective" date above tells you the current version.

For any question, request or concern about privacy at Arca, contact:

If you are unhappy with how we have handled your personal data, you have the right to complain to the UK Information Commissioner's Office (ICO):

We appreciate the chance to address your concerns first, before you approach the ICO.