Archon← Back to home

Privacy Policy

Last updated: April 18, 2026

1. Introduction

Archon ("we", "our", "us") is operated by Regnor Systems. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered SOP creation platform at archon.regnor.systems (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, company name, and password when you create an account.
  • Company Profile Data: Industry, team size, roles, terminology, approval chains, and company descriptions you provide during onboarding.
  • Content Data: SOPs you generate, documents you upload, voice recordings for transcription, and feedback you submit.
  • Usage Data: Pages visited, features used, generation frequency, and interaction patterns collected via analytics tools.
  • Technical Data: IP address, browser type, device information, and cookies for session management.

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To generate personalized SOPs using your company context (roles, terminology, existing SOPs).
  • To build and maintain your company's AI memory for improved SOP quality over time.
  • To process voice recordings through OpenAI Whisper for transcription (recordings are not stored after transcription).
  • To run compliance checks and gap detection analysis.
  • To send transactional emails (approval requests, notifications, usage alerts).
  • To process payments and manage subscriptions.
  • To analyze usage patterns and improve the product.

4. AI and Third-Party Services

We use the following third-party AI services to power the platform:

  • Anthropic (Claude): For SOP generation, compliance checking, and gap detection. Your process descriptions and company context are sent to Anthropic's API. Anthropic does not use your data to train their models.
  • OpenAI (Whisper & Embeddings): For voice transcription and document embedding. Audio data is processed transiently and not retained by OpenAI.
  • Supabase: Primary database (including pgvector for document embeddings used in company-memory retrieval), authentication, and file storage provider.
  • Dodo Payments: Payment processor for subscriptions. We do not store payment card details.
  • Vercel & Railway: Frontend and backend hosting respectively.
  • PostHog: Product analytics (only with your consent — see Section 9).

A complete, up-to-date list of our sub-processors is available at /subprocessors. We do not sell your personal data. Data shared with AI providers is used solely to deliver the Service.

5. Data Storage and Security

  • Your data is stored in Supabase (PostgreSQL) with Row Level Security ensuring multi-tenant isolation.
  • Document embeddings are stored in pgvector and scoped to your organization.
  • All data is encrypted in transit (TLS) and at rest.
  • We use Supabase Auth for authentication with JWT-based session management.
  • Access to production systems is restricted to authorized personnel only.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and company data within 30 days. Anonymized usage analytics may be retained indefinitely. Voice recordings are deleted immediately after transcription.

7. Legal Bases for Processing (EU/UK)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the GDPR (and equivalent UK/Swiss provisions):

  • Contract (Art. 6(1)(b)): Creating and operating your account, generating SOPs, processing payments, and providing customer support.
  • Legitimate interests (Art. 6(1)(f)): Securing the Service, preventing fraud and abuse, and improving product quality through aggregated analytics. You may object to processing based on legitimate interests at any time.
  • Consent (Art. 6(1)(a)): Optional analytics cookies and marketing communications. You may withdraw consent at any time without affecting prior processing.
  • Legal obligation (Art. 6(1)(c)): Tax, accounting, and responding to lawful requests from authorities.

International transfers of EU/UK personal data to sub-processors in the United States are made under the European Commission's Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum where applicable. Ask us if you would like a copy of the relevant transfer mechanism.

8. Your Rights (GDPR, UK GDPR)

If you are located in the EU, UK, or Switzerland, you have the right to:

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — limit how we use your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent — at any time, without affecting prior lawful processing.
  • Lodge a complaint — with your local supervisory authority (e.g. your national Data Protection Authority).

You may exercise any of these rights by emailing romil@regnor.systems or via your in-app account settings (Export my data, Delete my account). We respond to verifiable requests within 30 days as required by Article 12(3) GDPR.

9. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) grants you the following rights:

  • Right to know — what categories of personal information we collect, the sources, the business purpose, and the categories of third parties with whom we share it.
  • Right to delete — request deletion of personal information we have collected from you.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt-out of sale or sharingArchon does not sell your personal information and does not share it for cross-context behavioral advertising. You have nothing to opt out of, but we affirm this right explicitly.
  • Right to limit use of sensitive personal information — we do not use sensitive personal information for any purpose other than providing the Service.
  • Right to non-discrimination — we will not deny, charge a different price for, or degrade the Service because you exercise any of the above rights.

Categories of personal information collected in the last 12 months: identifiers (name, email), commercial information (subscription history), internet/network activity (usage analytics), and customer-provided content. Retention schedule matches Section 6 above.

To exercise these rights, email romil@regnor.systems. We may need to verify your identity before responding. An authorized agent may submit a request on your behalf with written authorization.

10. Cookies and Analytics

We use two categories of cookies:

  • Essential cookies (authentication, session management, CSRF protection) — loaded by default. Without these, the Service cannot function.
  • Analytics cookies (PostHog) — loaded only after you grant consent via our cookie banner. You may withdraw consent at any time in your account Privacy settings.

We do not use advertising cookies, third-party trackers for marketing, or any technology that facilitates cross-site behavioral profiling.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:
romil@regnor.systems

Regnor Systems