Your data stays yours.

Data We Collect

Almost nothing. If you use Arhi without an account, zero data is transmitted. If you create an account, we store only:

• An email address (for login and account recovery)
• A hashed password (we never see the plain text)
• Payment information (handled entirely by Stripe, we never touch your card details)

How Cloud Processing Works

Arhi generates insights about your energy patterns. To do this, the app sends a minimal, fully anonymized data payload to our secure cloud service. Here's exactly what happens:

1. Encryption - Your app encrypts the payload locally before it leaves your device.
2. Secure Enclave - The encrypted data is processed inside an isolated hardware enclave. No human - including our team - can read it.
3. No Personal Info - The payload contains no name, email, device ID, or any information that could identify you. It contains only abstract energy-level signals needed for the insight calculation.
4. Return & Decrypt - The result is encrypted by the enclave, sent back to your device, and decrypted locally by the app. It is stored automatically in your local data.

We cannot reconstruct who you are from the data we process. We built it that way on purpose.

What We Never Do

• Sell, share, or trade your data with third parties
• Use your data for advertising or profiling
• Access your energy logs, patterns, or personal notes
• Link anonymized cloud payloads back to your identity
• Retain any processed data after the response is returned to your device

Third-Party Services

Stripe - Used for payment processing. Stripe handles your card details directly; we never see or store them. See Stripe's Privacy Policy.

Umami Analytics We run a self-hosted, open-source analytics instance (Umami) on our own infrastructure to understand landing page conversion. It is cookieless, does not collect personal data, does not use fingerprinting, and cannot track you across websites. No third-party analytics company ever sees your data.

No other third parties receive your data. We do not use Google Analytics, advertising networks, or tracking SDKs.

Cookies & Tracking

We use only essential cookies required for authentication (session tokens). We do not use tracking cookies, pixel tags, fingerprinting, or any form of cross-site identification.

Data Retention & Deletion

When you delete your account:

• All account data (email, hashed password) is purged from our servers immediately
• All local data on your device remains under your control - you can wipe the app or keep it
• No cloud payloads or processed results are retained

Your Rights (GDPR)

Arhi is fully compliant with the General Data Protection Regulation. Under GDPR, you have the right to:

• Access - Request a copy of all data we hold about you
• Rectification - Correct any inaccurate data
• Erasure - Delete your data immediately (see above)
• Portability - Export your data in a machine-readable format
• Objection - Object to any processing of your data
• Restriction - Request that we limit how we process your data

Because we designed Arhi to collect so little, exercising these rights is straightforward. Contact us at hello@arhi.io.

Security

We take security seriously: end-to-end encryption for cloud processing, secure enclave isolation, hashed passwords, and minimal data collection by design. However, no system is perfectly secure. We encourage you to use a strong, unique password.

Children's Privacy

Arhi is not intended for use by children under 16. We do not knowingly collect data from children.

Changes to This Policy

If we ever change this policy, we'll update this page and notify you via email (if you have an account). Changes that reduce your privacy protections will always require your consent.

Contact

Questions about privacy? Reach us at hello@arhi.io.

Last updated: April 22, 2026