Privacy Policy

Effective May 4, 2026 • Last updated May 4, 2026

1. Introduction

Arkline Technologies LLC ("Arkline", "we", "our", or "us") operates the Arkline mobile application and the website at arkline.io (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your information.

Arkline Technologies LLC is the data controller for the personal information we process about our users. We are a Wyoming-formed limited liability company whose registered office is c/o Republic Registered Agent LLC, 5830 E 2nd St Ste 7000, Casper, WY 82609, USA.

This Policy applies to all users of the Service, worldwide. By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We collect the following categories of information:

  • Account information — your email address, hashed authentication credentials, and the invite code you used during signup.
  • Profile information — display name, avatar, and any optional profile fields you choose to provide.
  • Portfolio & financial inputs — asset holdings, transactions, watchlists, dollar-cost-averaging schedules, and other financial preferences you enter into the Service. You provide this data directly; we do not connect to your brokerage, exchange, or bank accounts.
  • Subscription & billing information — your subscription tier, status, and renewal dates. Card and payment details are collected and stored by our payment processor (Stripe) directly; Arkline never sees or stores your full payment card information.
  • Usage & diagnostics data — feature usage, app interactions, error logs, crash reports, and performance metrics, collected to operate and improve the Service.
  • Device & technical information — device type, operating system version, app version, language, time zone, IP address (used for security and approximate location), and unique device identifiers.
  • Communications — messages you send to us (support requests, contact form submissions, email correspondence) and our replies.

We do not knowingly collect government identifiers (Social Security Numbers, passport numbers, etc.), bank account numbers, brokerage credentials, biometric data, or precise GPS location.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, secure, and improve the Service.
  • Authenticate you, validate invite codes, and prevent unauthorized access.
  • Process subscription payments and manage billing.
  • Generate the personalized portfolio analytics, risk scores, AI briefings, market insights, and DCA reminders you request.
  • Send service-related communications (account notices, billing receipts, security alerts, DCA reminders, and material updates to legal terms).
  • Respond to your support requests and questions.
  • Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
  • Comply with legal obligations and respond to lawful requests from public authorities.

4. Legal Bases for Processing (EEA / UK Users)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract — to deliver the Service you have subscribed to.
  • Legitimate interests — to operate, secure, and improve the Service; to detect and prevent fraud or abuse; to communicate operationally with you.
  • Consent — for any optional processing where consent is required (e.g., non-essential analytics where applicable). You may withdraw consent at any time.
  • Legal obligation — to comply with applicable laws and respond to lawful requests.

5. How We Share Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with the following categories of recipients:

  • Service providers (subprocessors) who process data on our behalf under written agreements that restrict use to providing the Service. Our primary subprocessors include:
    • Supabase, Inc. — database, authentication, and storage hosting (United States).
    • Stripe, Inc. — subscription billing and payment processing (United States).
    • Anthropic PBC — AI inference for portfolio analytics, risk scores, and market briefings (United States).
    • Vercel Inc. — website hosting (United States).
    • Apple Inc. — push notifications and crash diagnostics for iOS users (United States).
    • Email delivery and customer support providers used to send transactional email and respond to support requests.
  • Third-party data providers — to fetch market data, prices, and economic indicators (e.g., CoinGecko, Alpha Vantage, FRED, Financial Modeling Prep, Taapi.io). These providers receive only generic, non-personal queries (e.g., a ticker symbol). They do not receive your account, identity, or portfolio holdings.
  • Legal & safety — when we have a good-faith belief that disclosure is required to comply with law, valid legal process, or to protect the rights, property, or safety of Arkline, our users, or the public.
  • Corporate transactions — in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to the acquirer continuing to honor the commitments in this Policy.
  • With your consent — for any other disclosure, we will ask for your explicit consent first.

6. International Data Transfers

Arkline is operated from the United States, and our subprocessors are primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries where our subprocessors operate.

For transfers of personal data from the EEA, the UK, or Switzerland to the United States, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, where required by law. You may request a copy of the relevant transfer mechanism by contacting us at privacy@arkline.io.

7. Data Retention

We retain your information for as long as your account is active and for a reasonable period thereafter to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Active accounts — for as long as the account exists.
  • After account deletion — most personal data is deleted within 30 days. Some records (billing records, security logs, and information required by law) may be retained for longer periods to comply with tax, accounting, fraud-prevention, and legal obligations, typically up to 7 years.
  • Backups — backups containing your data are overwritten in the ordinary course of our backup retention cycles, generally within 90 days of deletion from active systems.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information, including: encryption in transit (TLS), encryption at rest, hashed passwords (PBKDF2), row-level security on our database, sensitive credential storage in the iOS Keychain, SSL certificate pinning for sensitive API calls, and regular security reviews. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. Promptly notify us at support@arkline.io if you suspect any unauthorized access to your account.

9. Your Rights

Depending on where you live, you may have some or all of the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — request deletion of your personal information, subject to certain legal exceptions.
  • Portability — receive your data in a structured, commonly used, machine-readable format.
  • Restriction or objection — restrict or object to certain processing activities.
  • Withdraw consent — withdraw any consent you have previously given, without affecting the lawfulness of prior processing.
  • Opt out of sales / sharing / targeted advertising — we do not sell or share your personal information for cross-context behavioral advertising, and we do not engage in targeted advertising. There is therefore nothing for you to opt out of in this respect.
  • Non-discrimination — we will not discriminate against you for exercising any of these rights.
  • Lodge a complaint — EEA, UK, and Swiss residents may lodge a complaint with their local data protection authority. We would appreciate the chance to address your concern first; please contact us at privacy@arkline.io.

You can exercise most rights directly within the Service (account settings allow you to review, update, export, or delete your data). For other requests, email us at privacy@arkline.io. We will verify your identity before fulfilling any request and will respond within the timeframes required by applicable law (typically 30 days, with one possible extension where permitted).

10. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with the rights described in Section 9 above. In the preceding 12 months, we have collected the following categories of personal information: identifiers (email, account ID), commercial information (subscription status), internet or other electronic activity (usage data, device information), inferences (derived from your portfolio inputs to generate analytics), and customer-relations data (support communications). We do not sell or share personal information for cross-context behavioral advertising, and we do not knowingly collect or use sensitive personal information for purposes that would trigger an opt-out right under the CPRA.

11. Children's Privacy

The Service is not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you are under 18, please do not use the Service or provide any personal information to us. If you believe a child under 18 has provided us with personal information, please contact us at privacy@arkline.io and we will take appropriate steps to delete it.

12. Cookies & Similar Technologies

Our website uses a minimal number of cookies and similar technologies, limited to those strictly necessary for the website to function (e.g., session and authentication cookies) and basic analytics about how the website is used. We do not use cookies for advertising or cross-site tracking. Most browsers allow you to refuse or delete cookies via their settings; doing so may affect parts of the Service that require authentication. The mobile application does not use browser cookies.

13. Do Not Track & Global Privacy Control

We do not engage in practices that would require us to respond to a Do Not Track (DNT) browser signal or a Global Privacy Control (GPC) signal. Because we do not sell or share your personal information for cross-context behavioral advertising, there is no behavior to opt out of via these signals.

14. Third-Party Links & Services

The Service may contain links to third-party websites or services we do not control. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third party you interact with through the Service.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you by email and/or by posting a prominent notice within the Service prior to the changes taking effect. The "Last updated" date at the top of this Policy indicates when it was last revised.

16. Contact Us

For privacy questions, requests, or complaints, contact us at: