Privacy Policy

Effective 30 May 2026 · Version 1.1


1. About this policy

This privacy policy explains how Arsenale Limited ("Arsenale", "we", "us") collects, uses, retains, and protects personal data. We are the data controller for the personal data described below, registered in England and Wales, Company No. 17126962, with registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We comply with UK data protection law, including the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

For any privacy-related question or to exercise the rights described in section 10 of this policy, please contact contact@arsenale.ai.

2. Data on the Arsenale Appliance

The most important privacy fact about Arsenale is architectural. The Arsenale Appliance processes your data locally, on hardware you own, and your operational data does not leave it. We distinguish two categories of data, and this section governs both.

2.1 Content (never collected)

"Content" means your data, documents, prompts, agent task data, and the substance of anything you process with the Appliance, together with the outputs generated for you. Content is processed locally on the Appliance. Arsenale does not collect, transmit, access, or store Content, and cannot read what you do with the Software. Content is never used to train or improve any Arsenale or third-party model. Because Content never reaches us, Arsenale is not a processor of your Content; as between us, you remain its controller.

2.2 Telemetry (anonymous, optional)

Where enabled, the Appliance may send anonymous diagnostic and operational data ("Telemetry"): software and model version, error and crash codes with payload removed, anonymised feature-usage counts, performance and hardware-health metrics, and licence-validation signals. Telemetry contains no Content and no personal data, and is aggregated or anonymised before it leaves the Appliance. Because it is not personal data it falls outside UK GDPR; to the extent any element were ever capable of identifying you, we would process it under our legitimate interest (Article 6(1)(f)) in the security, support, and improvement of the Software. Telemetry is never used to identify you and is never combined with Content.

2.3 Your control

Telemetry can be switched off at any time in Appliance settings. The Appliance is fully functional with Telemetry disabled and does not require an internet connection to operate. On sovereign and air-gapped builds, Telemetry transmission is absent by design. Arsenale cannot enable Telemetry, or any data egress, remotely; these are controlled only by you, locally, on the Appliance.

2.4 Optional network participation

If a future version offers an optional ability for the Appliance to contribute spare compute to an Arsenale-coordinated network, it will be off by default, controlled only by you, and will never expose Content. It is absent from sovereign, government, defence, and air-gapped builds. See clause 10 of the EULA.

This section is consistent with our End User Licence Agreement. The remainder of this policy concerns the limited personal data we collect through our website and business operations.

3. What personal data we collect

We only collect personal data that you provide to us deliberately, or that is created as an automatic by-product of you interacting with our services. Specifically:

3.1 Through the enquiry form (arsenale.ai/enquire)

3.2 Through the appliance reservation form (arsenale.ai/pricing)

3.3 Through security disclosure (security@arsenale.ai)

3.4 Automatic technical data

Our hosting provider (Cloudflare) and email provider collect technical data necessary to deliver the service, including server logs, performance metrics, and authentication records. This data is processed in accordance with each provider's privacy notice; see section 6 below.

Our website does not use third-party analytics, advertising, marketing, or session-replay tracking. We do not set cookies for tracking purposes. Cookies that may be set are limited to those strictly necessary for the website to function (e.g. bot-protection cookies set by Cloudflare).

4. Why we collect it (lawful bases)

We rely on the following lawful bases under UK GDPR Article 6:

Purpose Lawful basis Notes
Responding to an enquiry Legitimate interest (Article 6(1)(f)) Our interest in engaging with prospective counterparties; balanced against your reasonable expectations when contacting a business via its public enquiry form.
Processing an appliance reservation Pre-contractual necessity (Article 6(1)(b)) Necessary to take steps at your request prior to entering into a contract for sale.
Issuing an invoice, fulfilling an order Contract performance (Article 6(1)(b)) Necessary to perform the sale contract.
Responding to a security report Legitimate interest (Article 6(1)(f)) Our interest in product security and the security researcher's interest in coordinated disclosure.
Statutory record-keeping Legal obligation (Article 6(1)(c)) Accounting records, tax records, and corporate records as required by UK law.
Sending operational emails about an order or NDA Contract performance / pre-contractual necessity (Article 6(1)(b)) Confirmations, NDA delivery, fulfilment notifications, directly associated with steps you have requested.
Appliance Telemetry (anonymous) Outside UK GDPR (not personal data); processed under legitimate interest (Article 6(1)(f)) to the extent any element were ever personal Contains no Content and no personal data; anonymised or aggregated before transmission; can be switched off; absent on sovereign and air-gapped builds. See section 2.2.

We do not process personal data for marketing or advertising purposes and do not sell personal data to any third party. We do not use Content, or any personal data, to train AI models.

5. How long we keep it

Category Retention period
Enquiry submissions 24 months from submission, then deleted from operator inbox and server logs
Reservation records (unfulfilled) 12 months from submission if no further action, then deleted
Reservation records (fulfilled, contracted) 6 years from end of the related accounting period, in line with HMRC record-retention requirements
NDA correspondence and signed NDAs 6 years from termination or expiry of the NDA
Security disclosure correspondence 3 years from closure of the report
Server access logs 90 days, then rotated and deleted
Appliance Telemetry Anonymous and aggregated; retained only as long as useful for security and product analysis. Contains no personal data, so is not subject to a personal-data retention limit.

6. Who we share it with

We share personal data only with the service providers necessary to deliver our website, communications, and operations. A current list of subprocessors and what each can see is published at arsenale.ai/trust. As of this policy's effective date:

Our customers' Content is not shared with anyone, because it never leaves the Appliance and never reaches us (see section 2). We do not sell, rent, or trade personal data. We will disclose personal data to a third party only where required by law, in connection with a regulatory request, in defence of a legal claim, or with your explicit consent.

7. International transfers

Some of our subprocessors operate globally and may process personal data outside the United Kingdom or the European Economic Area. We rely on the following safeguards where applicable:

Content on the Arsenale Appliance does not leave the customer's premises and is therefore not subject to any international transfer initiated by Arsenale. Anonymous Telemetry, where enabled, contains no personal data and so is not a transfer of personal data.

8. Cookies and similar technologies

This site does not use cookies for tracking, analytics, advertising, or marketing. We do not set any cookies of our own. The cookies that may be set are limited to those strictly necessary to operate the site, and are set by Cloudflare:

Cookie Purpose Typical duration
__cf_bm Bot management: distinguishes human visitors from automated traffic to protect site availability and integrity. ~30 minutes (rolling)
cf_clearance Records that a visitor has passed a security challenge, so the challenge is not repeated for every request. Up to 30 days
Cloudflare Turnstile Session cookies set when you submit the /enquire or /pricing form, to verify the submission was made by a human. Session only
__cflb Load balancing: keeps a visitor's traffic on a consistent server within a session. Session only

The exact set of cookies and their durations may change if Cloudflare updates its bot-management or security configuration. This table will be updated when we become aware of material changes.

Under the Privacy and Electronic Communications Regulations 2003 (PECR), strictly necessary cookies do not require consent. Because every cookie used on this site falls into that category, we deliberately do not display a cookie consent banner; banners that ask for consent the law does not require are a dark pattern that wastes the visitor's time and obscures the actual data picture. If a future change to the site introduces a cookie that does require consent, we will publish a banner at the same time, and the cookie will not be set until consent is given.

9. How we protect personal data

We maintain a documented Information Security Posture aligned with the ISO 27001 control objectives and NCSC guidance for sovereign and on-premise systems. Personal data we hold is:

A redacted version of our Information Security Posture document is available on request under NDA.

10. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

Right What it means
Access You can request a copy of the personal data we hold about you and information about how it is processed.
Rectification You can ask us to correct personal data that is inaccurate or incomplete.
Erasure ("right to be forgotten") You can ask us to delete personal data, subject to our legal record-retention obligations.
Restriction of processing You can ask us to limit how we use your personal data in specific circumstances.
Data portability You can ask us to provide your personal data in a structured, commonly used, machine-readable format.
Objection You can object to processing based on legitimate interest. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.
Withdrawal of consent Where we rely on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
Complaint to the supervisory authority You can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk, though we ask that you contact us first so we have an opportunity to resolve the matter.

Because your Content never reaches us, a rights request to Arsenale relates only to the limited personal data in sections 3 to 6. Content on your Appliance is under your own control at all times.

11. How to exercise your rights

To exercise any of the rights above, please email contact@arsenale.ai with a clear description of your request. We will respond within one calendar month of receipt. We may need to verify your identity before fulfilling a request.

12. Changes to this policy

We may amend this policy from time to time to reflect changes in our practices, in subprocessors we engage, or in legal or regulatory requirements. The "Effective" date at the top of this policy will be updated when material changes are made. Material changes will be communicated to recipients of any active service we provide via the email address on record.

13. Contact

Arsenale Limited
Company No. 17126962, registered in England and Wales
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email: contact@arsenale.ai
Security disclosure: security@arsenale.ai · Press: press@arsenale.ai

We are not currently required to appoint a Data Protection Officer under UK GDPR Article 37. Privacy queries are handled directly by the Director.