Privacy Policy

1. Introduction

ARKHE Software ("Company," "we," "us," or "our") operates the ARKHE Software platform ("Service"), a recovery housing management system. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting the privacy and security of all users, including recovery housing operators, staff, and residents. Please read this policy carefully. By using the Service, you consent to the practices described herein.

2. Information We Collect

Information You Provide

We collect information you directly provide when using the Service, including:

• Account information: name, email address, phone number, role within your organization
• Organization data: house names, addresses, bed configurations, operational settings
• Resident information: names, contact details, dates of birth, move-in/out dates, sobriety dates, emergency contacts
• Health-related information: drug screening (UDS) results, intake medical history, behavioral records, risk assessments
• Financial information: billing records, payment transactions, payer information (payment card data is processed by Stripe and never stored on our servers)
• Communications: chat messages, notes, journal entries shared through the platform
• Documents: uploaded files, signed forms, compliance records

Information Collected Automatically

When you use the Service, we may automatically collect:

• Device and browser information
• IP addresses and approximate location data
• GPS coordinates (only when GPS sign-in features are enabled by your organization and you grant permission)
• Usage patterns and feature interactions
• Sign-in/out timestamps

3. How We Use Your Information

We use the collected information to:

• Provide, operate, and maintain the Service
• Process transactions and send related notifications (receipts, reminders)
• Enable communication between organization staff and residents
• Generate compliance reports and operational analytics for your organization
• Provide AI-assisted features such as risk assessments and form processing
• Send service-related emails (account verification, security alerts, feature updates)
• Improve and develop new features for the Service
• Detect, prevent, and address technical issues or security threats

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Sensitive Health Information

The Service may store sensitive health-related data including drug screening results, medical intake information, and behavioral assessments. We treat all health-related information with the highest level of care and implement additional safeguards for this data, including role-based access controls that limit who within an organization can view sensitive records, row-level security policies that isolate data between organizations, encryption of data in transit and at rest, and audit logging for access to sensitive information.

While we implement robust security measures, ARKHE Software is not a HIPAA-covered entity and does not represent itself as HIPAA-compliant. Organizations that are subject to HIPAA should evaluate their obligations independently before storing Protected Health Information (PHI) in the Service. We are committed to working with healthcare-adjacent organizations to meet their data protection needs and welcome inquiries about our security practices.

5. Data Sharing and Disclosure

We may share your information only in the following circumstances:

• Within your organization: Data is shared among users within the same organization based on their assigned role and permissions
• Service providers: We use third-party services to operate the platform, including Supabase (database and authentication), Stripe (payment processing), and AI providers (OpenAI, Anthropic) for AI-assisted features. These providers access only the minimum data necessary to perform their function
• Legal requirements: We may disclose information if required by law, subpoena, court order, or government regulation
• Safety: We may disclose information if we believe in good faith that disclosure is necessary to protect the safety of any person

We do not share resident data between organizations. Each organization's data is strictly isolated through database-level security policies.

6. Data Security

We implement industry-standard security measures to protect your data, including encryption of all data in transit using TLS/SSL, encryption of data at rest in our database, row-level security (RLS) policies ensuring organizations can only access their own data, role-based access control limiting what users can see based on their role, secure authentication with session management and token refresh, and regular security reviews of our infrastructure. While we take data security seriously, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention policies include sign-in/out logs which are archived after 90 days, account data retained for 30 days after account termination, and financial records retained as required by applicable tax and accounting regulations. Organization owners may export their data at any time using the platform's export features. Upon written request, we will delete your data in accordance with applicable law, subject to any legal retention requirements.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information (subject to legal retention requirements)
• Object to or restrict certain processing of your information
• Request a portable copy of your information
• Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@arkhesoftware.com. We will respond to requests within 30 days.

9. AI-Powered Features

The Service includes AI-powered features such as risk assessment, form field extraction, and AI-assisted task completion. When these features are used, relevant data may be sent to third-party AI providers (OpenAI, Anthropic) for processing. We send only the minimum data necessary for each AI feature to function. AI providers are contractually prohibited from using your data to train their models. AI-generated assessments (such as risk flags) are advisory only and should not be the sole basis for decisions affecting residents.

10. GPS and Location Data

If your organization enables the GPS Sign-In Board feature, residents may be asked to share their location when signing in or out. Location data is used solely to verify the resident is within the designated geofence of their house. GPS data is collected only when the resident actively uses the sign-in feature. We do not track location continuously or in the background. Residents can decline to share their location, though this may affect their ability to use the GPS sign-in feature.

11. Cookies and Tracking

The Service uses essential cookies and local storage for authentication and session management. We do not use advertising cookies or third-party tracking for marketing purposes.

12. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes affecting how we handle health-related data, we will provide additional notice through the platform.

14. Governing Law

This Privacy Policy is governed by the laws of the state in which ARKHE Software, LLC is incorporated.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

ARKHE Software
Email: privacy@arkhesoftware.com
Website: arkhesoftware.com