Privacy Policy

ARPHY, Inc. ("ARPHY," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at www.arphy.com (the "Site") and use our products, services, features, content, applications, and mobile applications that link to this Privacy Policy (together with the Site, the "Services"). This Privacy Policy is incorporated by reference into our Terms of Service.

Please read this Privacy Policy carefully. By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

In other words: This policy explains what data we collect and how we use it. By using ARPHY, you agree to this policy.

1. Information We Collect.

We collect information in the following ways when you use our Services:

a. Information You Provide Directly.

When you create an account, upload content, make a purchase, contact us, or otherwise interact with the Services, you may provide us with information such as:

• Name, email address, username, and password;
• Profile information such as a profile picture, bio, and links to your social media accounts;
• Content you upload, including 3D models, spatial stickers, AR assets, images, videos, and associated metadata (titles, descriptions, tags, and categories);
• Payment and billing information (processed securely through our third-party payment processor, Stripe);
• Communications you send to us, including support requests, feedback, and survey responses; and
• Any other information you choose to provide.

b. Information Collected Automatically.

When you access or use the Services, we may automatically collect certain information, including:

• Device information (e.g., device type, operating system, unique device identifiers, and browser type);
• Log data (e.g., access times, pages viewed, IP address, and the referring URL);
• Location information derived from your IP address;
• Information about your interaction with our Services, including content viewed, searches performed, features used, and AR experiences initiated; and
• Information collected through cookies, pixel tags, and similar tracking technologies (see Section 5 below).

c. Information from Third Parties.

We may receive information about you from third parties, including:

• Authentication providers (e.g., Google or Apple) if you choose to sign in using a third-party service;
• Analytics providers and advertising partners; and
• Publicly available sources.

In other words: We collect information you give us (like your name and email), information collected automatically when you use our Services (like your device type and browsing activity), and sometimes information from third parties.

2. How We Use Your Information.

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Services;
• To create and manage your account;
• To process transactions and send you related information, including purchase confirmations, invoices, and subscription notices;
• To send you technical notices, updates, security alerts, and administrative messages;
• To respond to your comments, questions, and customer service requests;
• To personalize your experience and deliver content and features that match your interests;
• To monitor and analyze trends, usage, and activities in connection with the Services;
• To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities and protect the rights and property of ARPHY and others;
• To comply with legal obligations and enforce our terms, conditions, and policies;
• To communicate with you about products, services, offers, promotions, and events offered by ARPHY and others, and provide news and information we think will be of interest to you (you may opt out of marketing communications at any time); and
• For any other purpose with your consent or as otherwise described at the time of collection.

In other words: We use your data to run and improve ARPHY, process payments, keep you informed, personalize your experience, and keep the platform safe.

3. How We Share Your Information.

We do not sell your personal information. We may share information about you as follows or as otherwise described in this Privacy Policy:

• Service Providers. With vendors, consultants, and other service providers who need access to your information to carry out work on our behalf (e.g., payment processing via Stripe, cloud hosting via Google Cloud/Firebase, analytics, email delivery, and customer support);
• Other Users. When you upload content to public areas of the Services, that content and your associated profile information (such as your username and profile picture) will be visible to other users and the general public;
• Business Transfers. In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company;
• Legal Requirements. If required to do so by law or in the good faith belief that such disclosure is reasonably necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of ARPHY, (iii) prevent fraud or other illegal activity, (iv) protect the personal safety of users of the Services or the public, or (v) protect against legal liability;
• Aggregated or De-Identified Data. We may share aggregated or de-identified information that cannot reasonably be used to identify you; and
• With Your Consent. We may share your information with third parties when you give us explicit consent to do so.

In other words: We never sell your data. We share it only with service providers who help us operate, when required by law, or with your consent. Public content is visible to everyone.

4. Data Retention.

We retain your personal information for as long as your account is active or as needed to provide you the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal information within a commercially reasonable timeframe, except where we are required to retain certain information by law or for legitimate business purposes (such as fraud prevention or financial record-keeping). Content you have uploaded to public areas of the Services may persist in cached or archived form even after deletion of your account.

In other words: We keep your data as long as you have an account. When you delete your account, we remove your personal information, subject to legal requirements.

5. Cookies and Tracking Technologies.

We and our third-party partners may use cookies, pixel tags, web beacons, local storage, and similar technologies to automatically collect information through the Services. Cookies are small data files stored on your device that help us improve the Services and your experience, identify popular features, and count visits.

We may use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until you delete them or they expire). We use the following types of cookies:

• Essential cookies that are required for the operation of the Services (e.g., authentication and security);
• Analytics cookies that help us understand how visitors interact with the Services; and
• Preference cookies that enable us to remember your settings and preferences.

Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Services.

In other words: We use cookies to make the Services work and to understand how people use them. You can control cookies through your browser settings.

6. Third-Party Analytics and Advertising.

We may allow third parties to use cookies, web beacons, and similar technologies to collect information about your use of the Services for analytics and advertising purposes. These third parties may collect information about your online activities over time and across different websites and services. We do not control the tracking technologies of third parties or how they may be used. If you have questions about targeted advertising, you should contact the responsible provider directly or visit www.aboutads.info/choices to learn about your choices regarding having your information used by participating companies.

In other words: Some third-party services on ARPHY may use their own cookies for analytics and ads. You have choices about targeted advertising.

7. Data Security.

We take reasonable measures to help protect information about you from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit (TLS/SSL), secure cloud infrastructure, access controls, and regular security reviews. However, no method of transmission over the Internet or method of electronic storage is completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security.

In other words: We work hard to keep your data safe using industry-standard security practices, but no system is 100% secure.

8. Your Rights and Choices.

a. Account Information.

You may update, correct, or delete your account information at any time by logging into your account settings. If you wish to delete your account entirely, you may do so through the Services or by contacting us. Note that we may retain certain information as required by law or for legitimate business purposes.

b. Marketing Communications.

You may opt out of receiving promotional communications from us by following the unsubscribe instructions in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account or ongoing business relations.

c. Cookies.

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies.

d. Do Not Track.

Some browsers include a "Do Not Track" ("DNT") feature that signals to websites that a user does not wish to have their online activity tracked. At this time, there is no uniform technology standard for recognizing and implementing DNT signals. Accordingly, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

In other words: You can update or delete your account info, opt out of marketing emails, and manage cookies through your browser. We do not currently respond to Do Not Track signals.

9. California Privacy Rights (CCPA).

If you are a California resident, you have certain rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including the right to:

• Know and Access. Request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected such information, the business or commercial purpose for collecting such information, and the categories of third parties with whom we share such information;
• Delete. Request that we delete personal information we have collected from you, subject to certain exceptions;
• Correct. Request that we correct inaccurate personal information that we maintain about you;
• Opt Out of Sale or Sharing.We do not sell your personal information. If we engage in "sharing" of personal information for cross-context behavioral advertising as defined under the CCPA/CPRA, you have the right to opt out; and
• Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of your privacy rights.

To exercise any of these rights, please contact us at the address provided in Section 14 below. We will verify your identity before fulfilling your request. You may also designate an authorized agent to make a request on your behalf.

In other words: California residents have additional privacy rights, including the right to know what data we collect, request deletion, and opt out of data sharing. Contact us to exercise these rights.

10. European Privacy Rights (GDPR).

If you are located in the European Economic Area ("EEA"), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation ("GDPR") and applicable local data protection laws. The legal bases for our processing of your personal data include your consent, the necessity to perform a contract with you, compliance with a legal obligation, and our legitimate interests (such as operating and improving the Services, preventing fraud, and ensuring security).

Subject to applicable law, you have the following rights:

• The right to access your personal data;
• The right to rectify inaccurate personal data;
• The right to erasure ("right to be forgotten");
• The right to restrict processing of your personal data;
• The right to data portability;
• The right to object to processing of your personal data; and
• The right to withdraw consent at any time (where processing is based on consent).

To exercise these rights, please contact us using the information in Section 14. If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority.

In other words: If you are in Europe, the UK, or Switzerland, you have additional rights under GDPR, including the right to access, correct, delete, and port your data. Contact us or your local data protection authority to exercise them.

11. Children's Privacy.

The Services are not directed to children under the age of 13 (or 16 in the EEA, United Kingdom, Liechtenstein, Norway, or Iceland). We do not knowingly collect personal information from children under these ages. If we learn that we have collected personal information from a child under the applicable minimum age without verification of parental consent, we will delete that information as quickly as practicable. If you believe that we might have any information from or about a child under the applicable minimum age, please contact us using the information in Section 14.

In other words: ARPHY is not for children under 13 (or 16 in certain European countries). If we learn we have collected data from a child, we will delete it promptly.

12. International Data Transfers.

ARPHY is based in the United States and processes information in the United States. If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. Data protection laws in these jurisdictions may differ from those of your country of residence. By using the Services, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. Where required, we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) to facilitate cross-border data transfers.

In other words: Your data may be transferred to and processed in the United States. We use appropriate legal safeguards for international transfers.

13. Changes to This Privacy Policy.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by revising the "Effective Date" at the top of this policy, and in some cases, we may provide you with additional notice (such as adding a statement to our website or sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices and the choices available to you. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of such changes.

In other words: We may update this policy. We will let you know about significant changes. Continuing to use ARPHY after a change means you accept the updated policy.

14. Contact Us.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

In other words: If you have any privacy questions or want to exercise your privacy rights, reach out to us at privacy@arphy.com.