Your data belongs to you. Here's exactly what we collect, how we use it, and why, with zero fine-print tricks.
Arclog ("we", "our", "us") is a media tracking and social platform developed and operated by Avanish Ramana. This Privacy Policy describes how we collect, use, and protect your personal data when you use the Arclog mobile application and website (arclog.online). For any privacy-related inquiries, you can reach us at contact.avanishramana@gmail.com.
When you create an Arclog account, we collect information necessary to provide you with a personalised tracking and social experience. This includes data you provide directly and data generated through your use of the app.
We use your data solely to operate, improve, and personalise Arclog. We never sell your personal information to third parties.
Core functionality: Authenticating your account, syncing your library across devices, displaying your progress and stats, enabling comments and social features, and delivering personalised recommendations based on your library.
Improvement & safety: Analysing aggregated usage patterns to improve features, identifying and preventing spam or abusive behaviour, debugging technical issues, and maintaining the security of our platform.
Communication: Sending essential service emails (password resets, security alerts). We will never send marketing emails without your explicit opt-in consent.
We process your personal data under the following legal grounds, depending on your location and the nature of the data:
Consent: When you create an account and agree to this Privacy Policy, you consent to the collection and use of your data as described. You may withdraw your consent at any time by deleting your account.
Contractual necessity: We process certain data to fulfil our service to you, such as maintaining your library, syncing your progress, and enabling community features.
Legitimate interests: We may process data for purposes such as improving app performance, preventing abuse, and ensuring platform security, where these interests do not override your fundamental rights.
If you reside in the EU/EEA or UK, these bases apply under the General Data Protection Regulation (GDPR). For users in other jurisdictions, we comply with applicable local data protection laws.
Your data is stored securely on Supabase infrastructure, which leverages enterprise-grade PostgreSQL databases with encryption at rest and in transit. All connections use TLS/SSL encryption.
Passwords are never stored in plain text. They are hashed using industry-standard bcrypt algorithms. Google OAuth tokens are managed securely through Supabase Auth and are never exposed to our application code.
We retain your personal data only for as long as necessary to provide the services described in this policy, comply with our legal obligations, and resolve disputes.
Active accounts: Your account data, library entries, reviews, and comments are retained for as long as your account remains active.
Deleted accounts: When you delete your account, all associated personal data, library entries, reviews, and comments are permanently removed from our servers within 30 days. Certain anonymised, aggregated data (such as total user counts) may be retained for analytical purposes and cannot be traced back to you.
Technical logs: Server logs containing IP addresses and basic request data are automatically purged after 90 days.
Arclog integrates with the following third-party services to provide its functionality. Each service has its own privacy policy governing data they process:
Supabase provides our authentication, database, and backend infrastructure. Your account data and library are stored on Supabase servers. Supabase Privacy Policy
Google OAuth is used if you choose "Continue with Google." We receive your name and email from Google. We do not access your Google contacts, files, or any other Google data. Google Privacy Policy
Google Fonts is used to load the Sora and DM Serif Display typefaces. When fonts are loaded, your browser may send your IP address to Google servers. Google may collect basic usage data through this service. Google Privacy Policy
Resend is our email delivery provider, used to send transactional emails including account verification, password reset links, and security alerts. Resend processes your email address solely for the purpose of delivering these messages on our behalf. Resend Privacy Policy
We do not integrate any advertising networks, analytics trackers, or data brokers. We do not sell, rent, or trade your personal data to any third party.
You maintain full control over your data on Arclog. Here is what you can do at any time:
If you reside in the EU/EEA or UK, you have additional rights under GDPR including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. You also have the right to lodge a complaint with your local data protection authority. Contact us at the email below to exercise any of these rights.
If you reside in California, USA, you may have rights under the CCPA including the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal data.
Automated decision-making: Arclog does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Recommendations shown in the app (such as trending titles) are based on aggregated community activity, not individual profiling.
How to delete your account: You can delete your account directly within the app by going to Profile, then Settings, then Delete Account. This will permanently remove all your data within 30 days. You may also request deletion by emailing us.
Arclog uses Supabase for its backend infrastructure. Your data may be stored and processed on servers located outside your country of residence, including in the United States and other regions where Supabase operates.
For users in the EU/EEA or UK, we ensure that any international transfer of personal data complies with applicable data protection laws. Supabase maintains appropriate safeguards, including standard contractual clauses, to protect your data during cross-border transfers.
By using Arclog, you acknowledge that your data may be transferred to and processed in countries with different data protection standards than your own.
Arclog is not intended for use by children under the age of 12. We do not knowingly collect personal information from anyone under 12 years of age.
For users in the EU/EEA where GDPR applies, users between the ages of 13 and 16 may require parental or guardian consent to use Arclog, depending on local regulations. In the UK, the minimum age for consent to data processing is 13. If you are a parent or guardian and your child is using Arclog, you are responsible for overseeing their use of the platform.
If we become aware that we have collected personal data from a child under 12, we will take steps to delete that information as quickly as possible. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at the email address listed below so we can take appropriate action.
Arclog uses browser local storage (not traditional cookies) to keep you signed in and cache your library for offline-like performance. This data stays on your device and is not transmitted to any third-party tracking services.
Specifically, we store the following data locally on your device: your authentication session token, a cached copy of your library and profile for faster load times, your content filter preferences (such as media type filters and spoiler visibility), and a reference to the last announcement you viewed. Clearing your browser data will remove this stored information and require you to sign in again.
Browser notifications: Arclog may request permission to send you browser notifications for important announcements from the Arclog team. This uses the standard Web Notification API built into your browser. You can grant or deny this permission when prompted, and you can revoke it at any time through your browser settings. We do not use push notification services or third-party notification providers for this feature.
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make significant changes, we will notify you through the app or via email. The "Effective" date at the top of this page will always reflect the most recent revision.
We encourage you to review this page periodically. Your continued use of Arclog after any changes constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests about this Privacy Policy or our data practices, please contact us.