Privacy Policy

1. Who We Are

ARMed is an accounts-receivable management platform for small and medium-sized businesses. We are a US-based company operating at https://untitled-1773201878130-7e6c.polsia.app. For privacy inquiries, contact us at support@untitled-1773201878130-7e6c.polsia.app.

2. Data We Collect

We collect the following categories of information:

Category	What We Collect	Source
Account Information	Name, company name, work email address, hashed password	You, at signup
Client Data	Client names, email addresses, phone numbers, company names, billing addresses	You, when adding clients
Invoice Data	Invoice numbers, amounts, due dates, payment status, line items, notes	You, when creating invoices
Payment History	Payment dates, amounts received, outstanding balances, payment plan terms	You, when recording payments
Communications	Email reminder content, delivery status, open/click tracking (if enabled)	Service activity
Subscription & Billing	Plan type, subscription status, billing dates. Payment card data is handled by our payment processor — we do not store card numbers.	Stripe (payment processor)
Usage Data	Pages visited, features used, session duration, browser type, IP address, device type	Automatically, via cookies and server logs

3. How We Use Your Data

We use your data to:

Provide the Service — send payment reminders, manage invoices, generate reports, and operate all platform features
Process payments — handle subscription billing through our payment processor
AI personalization — generate AI-written email drafts tailored to your invoice context and client history
Analytics & improvements — understand how users interact with the platform to improve features and fix bugs
Security & fraud prevention — detect and prevent unauthorized access and abuse
Communications — send transactional emails (password reset, billing receipts, service notices); we do not send marketing emails without your consent
Legal compliance — comply with applicable laws, regulations, and lawful requests from authorities

✅ We never sell your data or your clients' data to third parties for advertising purposes.

4. Data Storage & Security

Your data is stored on secure, encrypted infrastructure hosted in the United States. We implement the following security measures:

Encryption at rest — database contents are encrypted using AES-256
Encryption in transit — all data is transmitted over HTTPS/TLS 1.2+
Access controls — strict role-based access; data is isolated per account
Password hashing — passwords are hashed using bcrypt and never stored in plaintext
Regular backups — automated database backups with point-in-time recovery
Security monitoring — activity logging and anomaly detection

While we take security seriously, no system is perfectly secure. If you suspect unauthorized access to your account, contact us immediately at support@untitled-1773201878130-7e6c.polsia.app.

5. Third-Party Sharing

We share data with the following categories of third parties, solely to operate the Service:

Service Type	Provider(s)	Data Shared	Purpose
Email Delivery	Transactional email service	Client email addresses, reminder content	Delivering payment reminder emails on your behalf
Payment Processing	Stripe, Inc.	Billing name, email, subscription plan	Processing subscription payments securely
Cloud Hosting	Render (infrastructure)	All app data (encrypted at rest)	Hosting and running the ARMed application
Database	Neon (PostgreSQL)	All stored data (encrypted)	Secure, scalable data storage
AI Processing	OpenAI	Invoice context and instructions (no personal identifiers)	Generating AI email drafts

All third-party providers are contractually required to process data only on our instructions, implement appropriate security measures, and comply with applicable privacy laws.

We may also disclose your information if required by law, subpoena, or to protect the rights and safety of ARMed, our users, or the public.

6. Your Rights

You have the following rights regarding your personal data:

📋

Access

Request a copy of the personal data we hold about you.

✏️

Correction

Update or correct inaccurate data through your account settings.

📦

Data Export

Request an export of your data (invoices, clients, history) in a machine-readable format.

🗑️

Deletion

Request deletion of your account and personal data. Some data may be retained for legal or fraud-prevention purposes.

🚫

Opt-Out

Opt out of non-essential communications. Note: transactional emails (billing, security) cannot be disabled.

⏸️

Restriction

Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at support@untitled-1773201878130-7e6c.polsia.app. We will respond within 30 days.

7. Cookie Policy

ARMed uses the following types of cookies and local storage:

Authentication tokens — stored in localStorage to keep you logged in across sessions. These are essential for the Service to function.
Session data — temporary data to maintain your session state while using the app.
Analytics cookies — where used, these help us understand usage patterns. They do not contain personal identifiers.

We do not use third-party advertising cookies. You can clear cookies and local storage through your browser settings, which will log you out of ARMed.

8. GDPR & CCPA Compliance

8.1 GDPR (European Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including rights to access, rectification, erasure, restriction, portability, and objection.

Our lawful bases for processing personal data include: contract performance (providing the Service you signed up for), legitimate interests (security, fraud prevention, product improvement), and legal obligation (compliance with applicable laws).

Data is stored in the United States. We rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms for transfers of personal data from the EEA to the US.

8.2 CCPA (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Right to Know — request disclosure of categories and specific pieces of personal information collected about you
Right to Delete — request deletion of personal information we have collected
Right to Opt-Out of Sale — we do not sell personal information, so this right is not applicable
Right to Non-Discrimination — we will not discriminate against you for exercising these rights

To submit a CCPA request, contact us at support@untitled-1773201878130-7e6c.polsia.app. We will respond within 45 days.

9. Data Retention

We retain your data for as long as your account is active. Upon cancellation or account deletion:

Active account data is soft-deleted and access is removed immediately
You may request a data export within 30 days of account closure
After 30 days, personal data is permanently deleted from our systems
Billing records may be retained for up to 7 years for legal and tax compliance
Anonymized, aggregated usage data may be retained indefinitely

10. Children's Privacy

ARMed is a business tool intended for adults. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the application at least 14 days before they take effect. Your continued use of ARMed after the effective date constitutes acceptance of the updated policy.

12. Contact Us

Privacy questions? We're here.

ARMed — Privacy Team

Email: support@untitled-1773201878130-7e6c.polsia.app

Website: https://untitled-1773201878130-7e6c.polsia.app

Response time: within 30 days