Privacy Policy
Embedded Files
Effective date: 2025-10-01
This Privacy Policy explains how ARX.INSTITUTE / ARX株式会社 (“we,” “us,” “our”) collects, uses, and shares information when you use our websites and software products and services (the “Service”), including the Object-Centric Workflow Assistant (the “Plugin”).
1. Contact
Support form (recommended): https://sites.google.com/arx.institute/ocwa-support
Alternative (spam-protected): support [at] arx [dot] institute
2. Scope
This Privacy Policy applies to:
- Our websites and pages operated under the arx.institute domain (and related subdomains), and
- Our software products and services, including the Plugin and related cloud features.
3. Information we collect
We collect information in the following categories:
A) Information you provide
- Contact information you submit via support form (e.g., email address, message content, selected category)
- Any information you include in support requests (e.g., bug reports, feature requests, billing inquiries, deletion requests)
B) Account & authentication
- Email address (used for account identification and Magic Link authentication)
- Authentication/session data necessary to maintain login state (e.g., JWT-based sessions)
C) Product usage & workflow data
- Workflow records you create or synchronize (e.g., status, assignee, comments, history)
- Identifiers required for syncing with Figma (e.g., file/node/object identifiers)
- Organization/team metadata needed to provide collaboration features (e.g., workspace/team identifiers)
D) Billing information (payments)
- Subscription plan and billing status
- Stripe customer/subscription identifiers
We do not store full payment card details. Payment card processing is handled by Stripe.
E) Diagnostics, logs, and security data
- Basic logs (timestamps, request metadata, error logs) used for security, abuse prevention, debugging, and service reliability
F) Cookies / similar technologies (web)
If we operate web pages that use cookies or similar technologies, they may be used for:
- Basic site functionality
- Security (e.g., abuse prevention)
- Analytics to understand site performance and improve the Service
You can control cookies through your browser settings where applicable.
4. How we use information
We use information for the following purposes:
- Provide and operate the Service (cloud sync, collaboration, plan limits, feature delivery)
- Authenticate users (Magic Link) and maintain sessions
- Process subscriptions and billing (via Stripe)
- Provide customer support and respond to requests
- Prevent abuse, detect fraud, and maintain security
- Troubleshoot, debug, and improve reliability
- Comply with legal obligations and enforce our Terms
5. Legal bases (for users in certain jurisdictions)
Depending on your location, we process personal information based on:
- Performance of a contract (providing the Service)
- Legitimate interests (security, abuse prevention, analytics, service improvement)
- Consent (where required for certain cookies/marketing; if applicable)
- Compliance with legal obligations
6. Sharing and disclosure (service providers / sub-processors)
We share information only as needed to provide the Service, including with service providers (“sub-processors”) such as:
A) Core infrastructure
- Supabase: authentication and cloud sync infrastructure
B) Payments
- Stripe: billing and payment processing
C) Support intake and communication (where applicable)
- Google services (e.g., Google Forms) for support form intake
We may also use additional providers for categories such as:
- Error monitoring and logging
- Infrastructure hosting and delivery
- Email delivery and customer support tooling
- Analytics and performance monitoring
We will not sell your personal information. We do not share personal information for cross-context behavioral advertising.
7. International data transfers
Our service providers may process data in multiple regions.
We take reasonable measures to protect information during transfers, including contractual and technical safeguards as appropriate.
8. Data retention
We retain information only as long as necessary to:
- Provide the Service
- Maintain security and prevent abuse
- Comply with legal obligations and resolve disputes
Operational backups may persist for a limited period as part of standard operations.
9. Your choices and rights
Depending on your location, you may have rights such as:
- Access to personal information we hold about you
- Correction of inaccurate information
- Deletion of your account and associated data (subject to legal/operational limits)
- Objection or restriction to certain processing
- Data portability (where applicable)
How to request:
- Contact us via the support form.
- We typically respond within 1–2 business days (in most cases).
- We aim to complete deletion within 7–14 days after confirming your request, unless legal/operational requirements require longer.
Backups may persist for a limited period.
10. Security
We use reasonable safeguards designed to protect information, including:
- Encryption in transit (HTTPS)
- Database-level access controls (e.g., Supabase Row Level Security where applicable)
- Authenticated sessions (e.g., JWT-based sessions) for API requests
No method of transmission or storage is 100% secure, but we work to protect information with appropriate measures.
11. Children’s privacy
The Service is not intended for children under the age where parental consent is required in your jurisdiction. We do not knowingly collect personal information from such children.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new effective date. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
13. Product-specific notes (example: Object-Centric Workflow Assistant)
For the Plugin, we may process:
- Email address and authentication/session data for login
- Workflow and collaboration data you create (status, assignee, comments, history)
- Figma identifiers needed for syncing (file/node/object identifiers)
- Billing identifiers via Stripe
We do not store full payment card details.
Page updated
Report abuse