Home Solutions Platform Data Developers Specs About Blog Contact Us
Legal

Privacy Policy

Last updated: May 6, 2026

Arkade AI Inc. ("Arkade AI," "we," "us," or "our") is committed to protecting privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our communications platform, websites, APIs, and related services (collectively, the "Service").

By using the Service, you agree to this Privacy Policy and our Terms of Service.

1. Who This Policy Applies To

Arkade AI provides a B2B communications platform to business customers ("Customers"). This Policy distinguishes between two categories of personal information:

  • Customer information — information about our business Customers and the individuals at those Customers who use the Service (account holders, administrators, developers). Arkade AI is the controller of this information and uses it for the purposes described below.
  • End-user information — information about Customers' end users (individuals receiving messages or calls sent through the Service). With respect to end-user information, Arkade AI acts as a service provider/data processor on behalf of the Customer, and processes this information only on the Customer's documented instructions. End users with privacy questions about messages or calls they received should contact the Customer that initiated the communication.

This Policy covers Arkade AI's practices as a controller of Customer information and describes our handling of end-user information at a high level. Customers are responsible for their own privacy practices and disclosures to their end users.

2. Information We Collect

2.1 Information you provide

Account information. When you register for the Service, we collect:

  • Name and email address
  • Company name, EIN, and business address
  • Job title and role
  • Phone number
  • Billing information (processed by our payment provider)
  • Authentication credentials

Customer verification information. During Customer onboarding and verification, we may collect:

  • Business registration documents
  • Beneficial ownership information
  • Information about your intended use case
  • Sample messages and consent flows
  • Website and domain information

Communications with us. Information you provide when you contact support, request features, or otherwise communicate with us.

2.2 Information collected automatically

When you use the Service, we automatically collect:

  • Usage data — API calls, dashboard activity, voice minutes processed, messages sent, features used, errors encountered
  • Device and technical data — IP address, browser type, operating system, device identifiers, network information
  • Log data — request/response metadata, timestamps, status codes
  • Cookies and similar technologies — see Section 7

2.3 End-user information processed through the Service

When Customers use the Service to send messages or place calls, the following types of end-user information may pass through the platform:

  • Phone numbers and contact information
  • Names and other identifiers Customers provide
  • Voice recordings and transcripts of calls
  • SMS message content
  • Conversation metadata (timing, duration, delivery status)
  • Opt-in records and consent metadata
  • Opt-out requests and suppression list entries

Arkade AI processes end-user information solely on Customer instructions and only as necessary to deliver the Service. Arkade AI does not use end-user information for our own marketing or to train generalized AI models.

2.4 Information from third parties

  • Payment processors (transaction status, not card numbers)
  • Identity verification services (during Customer onboarding)
  • Telecommunications carriers (delivery receipts, error codes)
  • Public business records (entity verification)

3. How We Use Information

We use Customer information to:

  • Provide, operate, and maintain the Service
  • Process payments and manage subscriptions
  • Verify Customer identity and prevent fraud
  • Authenticate users and secure accounts
  • Communicate about the Service (transactional, security, support)
  • Send marketing communications (you can opt out at any time)
  • Improve and develop new features
  • Generate aggregated, de-identified analytics
  • Detect, investigate, and prevent abuse, fraud, and security incidents
  • Comply with legal obligations and respond to lawful requests
  • Enforce our Terms of Service and Acceptable Use Policy

We use end-user information only as instructed by Customers and as necessary to deliver the Service to those Customers.

We do not sell personal information for monetary consideration. We do not use Customer Content or end-user information to train generalized AI models.

4. How We Share Information

We share information with:

4.1 Service providers and sub-processors

We engage third parties to operate parts of the Service. They process information on our behalf and are bound by contractual confidentiality and security obligations. Categories include:

  • Telecommunications carriers for SMS and voice delivery
  • Cloud infrastructure providers for hosting and storage
  • Speech-to-text providers for transcription
  • Large language model providers for AI text and conversation generation
  • Text-to-speech providers for voice generation
  • Payment processors for billing
  • Customer support tools for ticketing and communication
  • Analytics providers for usage measurement
  • Security and fraud prevention providers

A current list of sub-processors is available on request by emailing [email protected].

4.2 Customers (with respect to end-user data)

End-user information passing through the Service is shared with the Customer who initiated the communication. Customer-side privacy practices are governed by that Customer's privacy policy.

4.3 Legal and compliance

We may disclose information when we reasonably believe it is necessary to:

  • Comply with applicable law, legal process, subpoenas, or government requests
  • Enforce our Terms of Service or AUP
  • Protect the rights, property, or safety of Arkade AI, our Customers, end users, or others
  • Investigate or prevent fraud, abuse, security incidents, or technical issues
  • Cooperate with carrier compliance teams (TCR, CTIA, T-Mobile, AT&T, Verizon) and regulators (FCC, FTC, state attorneys general)

4.4 Business transfers

If Arkade AI is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of the transaction, subject to appropriate confidentiality protections.

4.5 With your consent

We may share information for any purpose disclosed to you with your consent.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect information, including:

  • Encryption in transit (TLS) and at rest
  • Access controls and authentication for personnel
  • Logging and monitoring of system access
  • Vendor due diligence for sub-processors
  • Incident response procedures
  • Regular review of security practices

No system is perfectly secure. In the event of a data breach affecting personal information, we will notify affected parties consistent with applicable law.

6. Data Retention

We retain Customer information for as long as needed to provide the Service, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. General retention periods:

  • Account information — for the duration of your account, plus a reasonable period after termination
  • Voice recordings and transcripts — by default, retained for 30 days; Customers may configure shorter retention
  • SMS message logs — by default, retained for 90 days; longer retention available for compliance documentation
  • Suppression lists and opt-out records — retained indefinitely to honor opt-outs across sessions
  • Consent records (TrustedForm certificates and equivalents) — Customers may configure retention up to 5 years to support TCPA compliance documentation
  • Billing and tax records — retained as required by law (typically 7 years)
  • Aggregated, de-identified data — retained without time limit

You may request deletion of Customer information by contacting us. Some information may be retained where required by law or for legitimate business purposes (such as fraud prevention or compliance with carrier requirements).

7. Cookies and Tracking

We use cookies, pixels, and similar technologies on our website and dashboard for:

  • Authentication and session management
  • Remembering preferences
  • Analytics and performance measurement
  • Security and fraud prevention

You can adjust your browser to limit cookies, though some Service features may not function properly without them. We honor browser-level Global Privacy Control (GPC) signals where required by law.

8. Your Rights

Depending on your location, you may have rights to:

  • Access information we hold about you
  • Correct inaccurate information
  • Delete your information, subject to legal exceptions
  • Port your information in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Opt out of the sale or sharing of personal information (where applicable)
  • Limit use of sensitive personal information
  • Lodge a complaint with a supervisory authority

State-specific rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Minnesota, or another state with consumer privacy laws, you may have additional rights under that state's law.

To exercise rights, contact [email protected] with the subject line "Privacy Rights Request" and include the right(s) you wish to exercise, your name and email, and your state of residence. We will verify your request and respond within the timeframe required by your state's law (generally 45 days).

You may also use an authorized agent to submit a request on your behalf, with proof of authorization.

If we deny your request, you may appeal by emailing [email protected] with "Privacy Rights Appeal" in the subject line.

End-user rights

If you received a message or call sent through the Service and have privacy questions, please contact the Customer that initiated the communication. Arkade AI processes end-user information on Customer instructions and is generally not in a position to respond to individual end-user requests directly. We will refer end-user privacy requests to the relevant Customer when we receive them.

9. Marketing Communications

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by emailing [email protected]. We will continue to send transactional and account-related communications (billing, security alerts, service notices) regardless of marketing preferences.

10. International Data Transfers

Arkade AI is based in the United States and processes information in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer.

11. Children's Privacy

The Service is intended for business use by individuals 18 years or older. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will delete it.

The Service is not authorized for processing personal information of children under 13 (subject to COPPA), and Customers may not transmit such information through the Service.

12. Restricted Categories of Data

The Service is not authorized for processing certain regulated categories of data, including:

  • Protected Health Information (PHI) under HIPAA — Arkade AI is not a HIPAA Business Associate and does not offer Business Associate Agreements
  • Payment card data subject to PCI DSS
  • Biometric identifiers used for authentication
  • Personal information of children under 13

Customers are prohibited from transmitting these data categories through the Service. See our Terms of Service for details.

13. Third-Party Services

The Service may link to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties. Review their policies before providing them with information.

14. Data Processing Agreement

Customers who require a Data Processing Agreement (DPA) for compliance with CCPA or similar laws can request one by emailing [email protected].

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service, by email, or by posting an updated version on our website. The "Last updated" date at the top reflects the most recent version. Your continued use of the Service after changes take effect constitutes acceptance.

16. Contact Us

Arkade AI Inc.
Privacy: [email protected]
General: [email protected]

For our Terms of Service, see arkade.ai/terms.