Privacy Policy
This Privacy Policy explains how Arcton ("we", "us", "our") collects, uses, stores and protects personal information when you use our website, services and platform (the "Services"). We are committed to handling personal data responsibly and in compliance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).
1. Who we are
Arcton is the data controller for the personal information described in this policy. You can reach us at privacy@arcton.com. Our registered address is in Zürich, Switzerland.
2. Information we collect
Information you provide
- Account & contact details — name, work email, company, role, phone number when you book a demo or sign up.
- Service inputs — your ICP brief, target lists, sales messaging and CRM credentials provided to operate campaigns.
- Communications — emails, support tickets, meeting recordings (with consent) and any feedback you share with us.
- Billing information — handled by our payment processor; we do not store full card numbers.
Information we collect automatically
- Usage data — pages visited, features used, timestamps, referrer.
- Device data — browser type, OS, IP address (truncated for analytics where applicable).
- Cookies — see our cookie section below.
Information from third parties
- Public business data — contact details of decision-makers we source from public records, professional networks, and licensed B2B data providers, used solely for outbound campaigns on behalf of our customers.
3. How we use information
- To provide, operate and improve the Services.
- To run outbound, lead generation and prospecting campaigns on your behalf.
- To communicate with you about your account, support requests and service updates.
- To send marketing communications you have opted into (you can unsubscribe at any time).
- To detect, prevent and respond to fraud, abuse and security incidents.
- To comply with legal, regulatory and contractual obligations.
4. Legal bases (GDPR)
We process personal data on the following lawful bases:
- Contract — to deliver the Services you have purchased.
- Legitimate interests — to operate, secure and improve our business, including running B2B outbound on behalf of customers, where this does not override your rights and freedoms.
- Consent — where required, e.g. for non-essential cookies and certain marketing.
- Legal obligation — to comply with applicable law.
5. Sharing & subprocessors
We share personal data only with vetted subprocessors who help us operate the Services — including cloud infrastructure (e.g. AWS / GCP), email delivery providers, CRM platforms, analytics, payment processors and customer support tooling. All subprocessors are bound by data protection agreements and process data only on our instructions. A current list of subprocessors is available on request.
6. International transfers
Where personal data is transferred outside the EEA, UK or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and supplementary measures.
7. Retention
We retain personal data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes and enforce agreements. Customer data is deleted or anonymised on request, subject to applicable retention requirements.
8. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. You may also withdraw consent at any time and lodge a complaint with your supervisory authority. Contact us at privacy@arcton.com to exercise these rights.
9. Cookies
We use a small number of cookies and similar technologies to keep the site running, remember preferences and understand usage. You can control cookies through your browser settings. Where required, we will request consent for non-essential cookies before they are set.
10. Security
We apply technical and organisational measures appropriate to the risk — including encryption in transit and at rest, access controls, audit logging and regular security reviews. No system is perfectly secure; if you suspect unauthorised access, please contact us immediately.
11. Children
The Services are intended for business use and not directed at children under 16. We do not knowingly collect data from children.
12. Changes to this policy
We may update this policy from time to time. Material changes will be flagged on this page or communicated directly. The "Last updated" date above reflects the latest revision.
13. Contact
Questions, requests or complaints? Email privacy@arcton.com.
This page is provided as a starting template and should be reviewed by qualified counsel before deployment. It is not legal advice.