Privacy Policy

Last updated: March 16, 2026 | Version 2.2

This Privacy Policy explains how Archevi ("we", "us", "our"), operated by Archevi Technologies Inc., a Canadian federal corporation based in Ontario, Canada, collects, uses, discloses, and protects your personal information when you use our AI-powered family document management service. This policy applies to all users of archevi.com and the Archevi application.

By using Archevi, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the service. This policy is incorporated into and forms part of our Terms of Service.

1. Accountability and Privacy Contact

Under PIPEDA's accountability principle, we have designated a Privacy Contact who is responsible for our compliance with privacy legislation and for handling all privacy-related inquiries and complaints:

• Privacy Contact: Rob Hudson, Archevi Technologies Inc.
• Email: [email protected]
• Mailing address: Available upon request

Our Privacy Contact is accountable for ensuring that personal information under our control is handled in compliance with PIPEDA and this Privacy Policy, including information transferred to third-party service providers for processing.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (used for authentication, communications, and account recovery)
• Password (stored as a salted cryptographic hash; we never store plaintext passwords)
• Public key credentials for passkeys/WebAuthn (private keys remain on your devices and are never transmitted to us)
• Display name (optional, used within the application)

2.2 Documents and Content

When you use our document management features, we process:

• Documents you upload (PDFs, images, scanned files)
• Voice notes you record within the application
• AI conversation history (your questions and AI-generated responses)
• Document metadata (file names, upload dates, tags, categories you assign)

Your documents are stored encrypted on Canadian infrastructure and are never sold, shared, or used for advertising. We process your documents solely to provide the service to you.

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not receive or store your credit card number, CVV, or other payment card details. Stripe provides us with a limited set of billing information (last four digits of your card, card brand, billing email) for receipt and support purposes. See Section 7 for details.

2.4 Usage Data

We collect anonymized, aggregate usage data to improve the service:

• Feature usage patterns (which features are used, not what content is viewed)
• AI query counts and response times
• Storage usage metrics
• Error logs and performance data

Usage analytics are collected via Umami, a privacy-focused analytics tool that does not use cookies, does not track individual users, and does not collect personally identifiable information. All analytics data is aggregated and cannot be linked back to any individual user.

2.5 Information We Do Not Collect

We do not collect or use:

• Location or GPS data
• Device fingerprints or advertising identifiers
• Social media profiles
• Information from data brokers
• Any information beyond what is necessary to provide and improve the service

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing the service: Storing your documents, processing AI queries, managing your account and family vault
• Authentication and security: Verifying your identity, managing sessions, enforcing row-level security between family vaults
• Communications: Sending transactional emails (account confirmations, security alerts, billing receipts, expiry notifications) via Resend
• Billing: Processing payments and managing subscriptions via Stripe
• Service improvement: Analyzing aggregate, anonymized usage patterns to improve features and performance
• Legal compliance: Fulfilling legal obligations, responding to lawful requests, and protecting our legal rights
• Platform safety and compliance: Automatically scanning uploaded files for malware (via ClamAV antivirus) and known illegal content (via hash matching against law enforcement databases). These scans are automated and do not involve human review unless prohibited content is detected. This processing is a stated purpose under PIPEDA and is essential to maintaining a safe platform for all users.

We do not use your personal information for advertising, profiling, automated decision-making that produces legal effects, or selling to third parties.

4. Consent

Under PIPEDA, we rely on your meaningful consent to collect, use, and disclose your personal information. The form of consent may vary depending on the sensitivity of the information:

• Express consent: Required for collecting sensitive information (documents, voice notes, AI processing). You provide this when you upload documents or use AI features.
• Implied consent: For non-sensitive purposes such as anonymized analytics and service communications necessary to operate your account.

You may withdraw your consent at any time by:

• Deleting specific documents or voice notes from your vault
• Disabling specific features in your account settings
• Contacting us at [email protected] to withdraw consent for specific processing activities
• Closing your account entirely (see Section 10 on data retention)

Note: Withdrawing consent for essential processing (such as document storage) may mean we can no longer provide the service. We will inform you of any consequences before processing your withdrawal.

5. Privacy-Preserving AI Processing

Archevi's core innovation is enabling AI-powered document search while protecting your privacy. Here is exactly how it works:

5.1 Boundary Anonymization

Before any document content is sent to AI providers, our system performs boundary anonymization:

• Personal identifiers (names, email addresses, phone numbers, mailing addresses, organization names) are detected and replaced with realistic surrogates
• The mapping between real and surrogate identifiers is stored securely in your encrypted vault on Canadian servers
• When the AI returns a response, real identifiers are restored so you see accurate information
• The AI provider only ever processes anonymized text

5.2 Hard Redaction

Certain highly sensitive data types are permanently redacted and never sent to any external service:

• Social Insurance Numbers (SINs)
• Credit card numbers
• Bank account numbers
• Passport numbers
• Driver's licence numbers
• IBAN codes

Detection uses a combination of regex pattern matching and Microsoft Presidio Named Entity Recognition (NER) for high accuracy.

5.3 Cross-Border Disclosure

Important: AI inference requests are processed on servers that may be located outside Canada (currently in the United States). However, only anonymized and redacted content is ever sent externally. No real personal identifiers leave Canadian infrastructure. Both AI providers (Groq and Cohere) operate under data processing agreements that prohibit using your data for model training, and both maintain zero-retention policies on inference requests.

5.4 No Training on Your Data

Your documents, queries, and AI responses are never used to train, fine-tune, or improve any AI models, whether ours or our providers'. This is guaranteed by our data processing agreements and our system architecture.

5.5 Automated Content Scanning

To maintain platform safety and comply with Canadian law, all uploaded files are automatically scanned for:

• Malware and viruses: Files are scanned by ClamAV antivirus upon upload. Infected files are quarantined and not processed further.
• Known illegal content: File hashes are compared against databases maintained by law enforcement and child protection organizations, including the Canadian Centre for Child Protection. Matches are reported to the appropriate authorities as required by law.

These scans are fully automated. No human reviews your documents unless a scan detects prohibited content. Scanning occurs at the point of upload before any other processing takes place. This is consistent with PIPEDA requirements for stating purposes at the time of collection (Office of the Privacy Commissioner, PIPEDA Findings 2025-003).

6. Data Security

We implement comprehensive security measures to protect your personal information:

6.1 Encryption

• At rest: AES-256 encryption for all stored documents and data
• In transit: TLS 1.3 for all data transmission between your browser and our servers

6.2 Access Controls

• Database-enforced row-level security (RLS) ensures complete isolation between family vaults
• No family can access another family's documents, queries, or data, even in the event of an application-level vulnerability
• Administrative access to production systems is restricted and logged

6.3 Authentication

• Two-factor authentication (TOTP) available for all accounts
• Passkey/WebAuthn support for phishing-resistant authentication
• Trusted device management with automatic session rotation
• Single-use token rotation on each authenticated request

6.4 Infrastructure

• Self-hosted on a dedicated DigitalOcean Droplet in the Toronto TOR1 data centre (Toronto, Ontario, Canada)
• No shared hosting or multi-tenant cloud databases
• Regular security updates and monitoring
• Encrypted backups stored on DigitalOcean infrastructure in Canada (TOR1 region)

7. Third-Party Service Providers

We share limited information with the following third-party service providers, each under data processing agreements that restrict how they may use your data:

• Groq (United States) -- Processes anonymized document queries using Llama models. Zero data retention policy. No training on our data. Only receives anonymized text.
• Cohere (Canada/United States) -- Provides semantic search via document embeddings. SOC 2 Type II certified. No training on our data. Only receives anonymized text.
• Stripe (United States) -- Payment processing. Receives only your email and payment information. PCI DSS Level 1 certified. We do not store your payment card details.
• Resend (United States) -- Transactional email delivery (account confirmations, security alerts, billing receipts, expiry notifications). Receives only your email address and email content.
• Cloudflare (Global) -- DNS and DDoS protection. Cloudflare proxies web requests through its global edge network (which may include US nodes for routing), but does not store any application data, user documents, or personal information. Cloudflare handles only transient web traffic; all data-at-rest remains exclusively on our Canadian servers.
• DigitalOcean (Canada, Toronto TOR1 data centre) -- Infrastructure hosting. All servers, databases, file storage, and backups run on a dedicated Droplet in DigitalOcean's TOR1 region (Toronto, Ontario). DigitalOcean does not access or process your data beyond providing the physical infrastructure.
• Umami (self-hosted) -- Privacy-focused web analytics. No cookies, no PII, fully aggregated data only.

We require all third-party providers to protect your information with safeguards comparable to our own. Where a provider operates outside Canada, we ensure that your information remains protected through contractual obligations and, where applicable, we limit the information shared to anonymized data only.

8. Canadian Data Residency

All documents, personal data, account information, AI conversation history, and backups are stored exclusively on a dedicated server in DigitalOcean's TOR1 data centre (Toronto, Ontario, Canada). This means all data-at-rest is located within Canadian borders and is subject to Canadian privacy law, including PIPEDA. No application data is stored in the United States or any other country. Your data does not leave Canada except as follows:

• AI inference: Only anonymized and redacted text is sent to AI providers (Groq, Cohere) whose servers may be in the United States. No personal identifiers are transmitted.
• Payment processing: Stripe (US-based) receives your email and payment details for billing purposes.
• Email delivery: Resend (US-based) receives your email address for sending transactional emails.
• CDN/DNS routing: Cloudflare proxies web requests through its global edge network, which may route traffic through US or international nodes. However, Cloudflare stores no application data, user documents, or personal information. It handles only transient request routing and DDoS protection. All data-at-rest remains 100% on Canadian infrastructure.

9. PIPEDA Compliance and Your Rights

Archevi complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and its 10 Fair Information Principles. Under PIPEDA, you have the following rights:

9.1 Right of Access

You have the right to request access to the personal information we hold about you. To make an access request, email [email protected]. We will respond to your request within 30 days. If we need additional time, we will notify you of the expected date of response. There is no fee for access requests unless the request is clearly unfounded or excessive.

9.2 Right to Correction

If your personal information is inaccurate or incomplete, you have the right to request a correction. You can update most account information directly in your account settings, or email [email protected] for other corrections.

9.3 Right to Withdraw Consent

You may withdraw your consent for specific data processing activities at any time. See Section 4 for details on how to withdraw consent and its potential consequences.

9.4 Right to Deletion

You may request deletion of your personal information at any time by closing your account or contacting us at [email protected]. Upon deletion:

• All documents, conversation history, anonymization vaults, and personal data are permanently deleted within 30 days
• Anonymized billing records are retained as required by law (see Section 10)
• Backups containing your data are overwritten within the normal backup rotation cycle (maximum 90 days)

9.5 Right to Data Portability

You may export your documents and data at any time through the Archevi application. You may also request a complete data export in a machine-readable format (JSON and original file formats) by emailing [email protected]. We will process export requests within 30 days.

9.6 Right to Complain

If you believe we have not handled your personal information appropriately, you have the right to:

1. Contact us first: Email [email protected]. We will investigate and respond within 30 days.
2. File a complaint: If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or by calling 1-800-282-1376.

10. Data Retention

We retain your personal information only as long as necessary for the purposes described in this policy:

• Documents and vault content: Retained while your account is active. Deleted within 30 days of account closure.
• AI conversation history: Retained while your account is active. Automatically purged 90 days after each conversation, or upon account closure.
• Account information: Retained while your account is active. Deleted within 30 days of account closure.
• Usage analytics: Aggregated and anonymized; retained indefinitely as no personal information is present.
• Billing records: Anonymized billing records (transaction amounts, dates, plan type) retained for 7 years as required by Canadian tax law (Income Tax Act, s. 230).
• Breach records: Records of any security breach are retained for at least 24 months as required by PIPEDA (SOR/2018-64, s. 6).
• Backup data: Encrypted backups are overwritten within the normal rotation cycle (maximum 90 days after data deletion).

After the retention period expires, we securely destroy or irreversibly anonymize the information.

11. Data Breach Notification

In the event of a breach of security safeguards involving your personal information that creates a real risk of significant harm to you, we will:

1. Notify you directly as soon as feasible, by email or other appropriate means, with a description of the breach, the types of personal information involved, the steps we have taken to mitigate harm, and the steps you can take to protect yourself
2. Report the breach to the Office of the Privacy Commissioner of Canada as required under PIPEDA section 10.1
3. Notify other organizations if they may be able to reduce the risk of harm to affected individuals

"Significant harm" includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on credit record, and damage to or loss of property.

We maintain a record of all breaches of security safeguards, regardless of whether they meet the notification threshold, for a minimum of 24 months as required by the Breach of Security Safeguards Regulations (SOR/2018-64).

12. Cookies and Tracking

Archevi uses a minimal set of cookies, limited to essential operation:

• Session cookie: Maintains your authenticated session. Essential for the service to function. Expires when you close your browser or after session timeout.
• Authentication token: Stored securely (HTTP-only, Secure, SameSite) to keep you signed in. Rotated with each request for security.
• Trusted device cookie: If you mark a device as trusted (optional), a cookie remembers this to reduce 2FA prompts. Expires after 30 days of inactivity.

We do not use:

• Advertising or tracking cookies
• Third-party cookies
• Browser fingerprinting
• Pixel trackers or web beacons
• Cross-site tracking of any kind

Our analytics (Umami) are cookie-free and do not track individual users. No consent banner is required because we do not use non-essential cookies.

13. Automated Processing and AI

Archevi uses AI to process your documents and answer questions. This section explains how automated processing affects you:

• Document indexing: When you upload a document, it is automatically processed to extract text, generate embeddings for search, and detect dates for expiry alerts. This processing is essential to providing the service.
• AI question answering: When you ask a question, AI processes anonymized versions of relevant document passages to generate a response. Responses include citations so you can verify accuracy.
• Expiry detection: The system automatically identifies expiration dates in your documents and sends alerts. You can disable these alerts in your settings.

No automated decisions with legal or significant effects: Archevi does not use automated processing to make decisions that produce legal effects or similarly significant effects on you. AI responses are informational only and are not used to determine your eligibility for services, credit, employment, or any other consequential outcome.

AI limitations: AI may produce responses that are inaccurate, incomplete, or misleading. Always verify AI-generated information against your source documents and consult qualified professionals for legal, medical, financial, or insurance decisions. See our Terms of Service, Section 5, for full AI disclaimers.

14. Children's Privacy

Archevi is not intended for use by individuals under the age of 18 (the age of majority in Ontario). We do not knowingly collect personal information from anyone under 18.

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us at [email protected]. We will promptly delete the information and close any associated account.

Family vault members must be 18 or older. The account owner is responsible for ensuring that all invited family members meet this age requirement.

15. Communications

15.1 Transactional Emails

We send transactional emails necessary to operate your account, including account confirmations, password resets, security alerts, billing receipts, document expiry notifications, and service updates. These are sent via Resend and are exempt from CASL (Canada's Anti-Spam Legislation) consent requirements as they relate to the provision of the service.

15.2 Marketing Communications

We will only send marketing or promotional emails with your express opt-in consent, in compliance with CASL. Every marketing email includes a clear unsubscribe mechanism. You can opt out at any time via your account settings or by clicking "unsubscribe" in any email. We honour opt-out requests within 10 business days as required by CASL.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

• Material changes: We will notify you by email at least 30 days before the changes take effect and, where appropriate, request your affirmative consent
• Minor changes: We will update the "Last updated" date and version number at the top of this policy

The current version of this Privacy Policy is always available at archevi.com/legal/privacy-policy. We encourage you to review it periodically.

17. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, including PIPEDA. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of Ontario.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information:

• Privacy inquiries: [email protected]
• General support: [email protected]
• Privacy Commissioner of Canada: www.priv.gc.ca | 1-800-282-1376

Archevi is operated by Archevi Technologies Inc., a Canadian federal corporation based in Ontario, Canada.