Legal · Privacy

Personal data processed under GDPR. Hosted in the EU — never sold.

This policy explains what personal data Arcili processes, why, for how long, and what rights you have. In short: we collect only what's needed, we never sell data, and everything stays in the EU.

Contact us about data See cookie policy
Last updated 3 June 2026
Data protection GDPR
100% data in the EU
0 data sales
0 US transfers
72h breach alert
No data leaves the EU.
What we process

What data we process

We collect only what it takes to run the platform and respond to you. Nothing more.

Account data

Name, work email, role and company — for sign-in and access control.

Usage data

Logs, IP, session and actions in the platform — for operation, debugging and security.

Case content

The projects, notes and analyses you create — processed on behalf of your company.

Correspondence

Emails and enquiries when you contact us.

Public registry data you access in the platform is processed by us as a data processor on behalf of your company. This is governed by the data processing agreement (DPA).

Purpose & legal basis

Why we process data — and on what basis

Each processing activity has a clear purpose and a legal basis under GDPR Article 6.

Provide and run the platform Performance of contract · art. 6(1)(b)
Sign-in, access control and security Legitimate interest · art. 6(1)(f)
Support and communication Contract + legitimate interest · art. 6(1)(b)/(f)
Comply with legal and accounting requirements Legal obligation · art. 6(1)(c)
Your rights

You're in charge of your data

Under GDPR you have a number of rights. Write to us and we'll help — free of charge and within the deadline.

Access

Find out what data we process about you, and get a copy.

Rectification

Have incorrect or incomplete information corrected.

Erasure

Have your data deleted once we no longer have grounds to process it.

Restriction

Have processing paused while an objection is resolved.

Portability

Receive your data in a machine-readable format.

Objection

Object to processing based on legitimate interest.

You can always complain to the Danish Data Protection Agency if you're unhappy with how we process your data.

Hosting & security

Where your data lives — and how we protect it

Hosted in the EU

All data is hosted in the EU (Frankfurt). No transfers to the US, and no sub-processors outside the EU.

Sub-processors

We use a small number of trusted sub-processors, all in the EU. The full list is available on request and is covered by the data processing agreement.

Security & retention

Encryption in transit and at rest, role-based access and an audit log. We keep data only as long as the purpose requires, and notify of breaches within 72 hours.

See security & compliance
Questions about personal data

The short answer to most of it

Do you sell or share my data for advertising?

No. We never sell personal data and don't share it for marketing. Data is used only to provide and secure the service.

Where does my data live?

In the EU, hosted in Frankfurt. No transfers to the US and no sub-processors outside the EU.

How long do you keep data?

Only as long as the purpose requires — then it's deleted or anonymised. Data required by law (e.g. accounting) is kept for the statutory period.

How do I get access or erasure?

Write to us at [email protected]. We'll handle your request free of charge and within the GDPR deadline.

Legal · Privacy

Questions about your data?

This policy applies to Arcili ApS as data controller. To exercise your rights or ask about our processing, you're always welcome to get in touch.

Contact us about data See the cookie policy too

You can complain to the Danish Data Protection Agency (datatilsynet.dk). We may update this policy; the date at the top shows the latest change. Processing of registry data in the platform on behalf of customers is governed by the data processing agreement.