This privacy policy explains how Arsenale Limited ("Arsenale", "we", "us") collects, uses, retains, and protects personal data. We are the data controller for the personal data described below, registered in England and Wales, Company No. 17126962, with registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We comply with UK data protection law, including the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025.
For any privacy-related question or to exercise the rights described in section 10 of this policy, please contact contact@arsenale.ai.
The most important privacy fact about Arsenale is architectural. The Arsenale Appliance processes your data locally, on hardware you own, and your operational data does not leave it. We distinguish two categories of data, and this section governs both.
"Content" means your data, documents, prompts, agent task data, and the substance of anything you process with the Appliance, together with the outputs generated for you. Content is processed locally on the Appliance. Arsenale does not collect, transmit, access, or store Content, and cannot read what you do with the Software. Content is never used to train or improve any Arsenale or third-party model. Because Content never reaches us, Arsenale is not a processor of your Content; as between us, you remain its controller.
Where enabled, the Appliance may send anonymous diagnostic and operational data ("Telemetry"): software and model version, error and crash codes with payload removed, anonymised feature-usage counts, performance and hardware-health metrics, and licence-validation signals. Telemetry contains no Content and no personal data, and is aggregated or anonymised before it leaves the Appliance. Because it is not personal data it falls outside UK GDPR; to the extent any element were ever capable of identifying you, we would process it under our legitimate interest (Article 6(1)(f)) in the security, support, and improvement of the Software. Telemetry is never used to identify you and is never combined with Content.
Telemetry can be switched off at any time in Appliance settings. The Appliance is fully functional with Telemetry disabled and does not require an internet connection to operate. On sovereign and air-gapped builds, Telemetry transmission is absent by design. Arsenale cannot enable Telemetry, or any data egress, remotely; these are controlled only by you, locally, on the Appliance.
If a future version offers an optional ability for the Appliance to contribute spare compute to an Arsenale-coordinated network, it will be off by default, controlled only by you, and will never expose Content. It is absent from sovereign, government, defence, and air-gapped builds. See clause 10 of the EULA.
This section is consistent with our End User Licence Agreement. The remainder of this policy concerns the limited personal data we collect through our website and business operations.
We only collect personal data that you provide to us deliberately, or that is created as an automatic by-product of you interacting with our services. Specifically:
Our hosting provider (Cloudflare) and email provider collect technical data necessary to deliver the service, including server logs, performance metrics, and authentication records. This data is processed in accordance with each provider's privacy notice; see section 6 below.
Our website does not use third-party analytics, advertising, marketing, or session-replay tracking. We do not set cookies for tracking purposes. Cookies that may be set are limited to those strictly necessary for the website to function (e.g. bot-protection cookies set by Cloudflare).
We rely on the following lawful bases under UK GDPR Article 6:
| Purpose | Lawful basis | Notes |
|---|---|---|
| Responding to an enquiry | Legitimate interest (Article 6(1)(f)) | Our interest in engaging with prospective counterparties; balanced against your reasonable expectations when contacting a business via its public enquiry form. |
| Processing an appliance reservation | Pre-contractual necessity (Article 6(1)(b)) | Necessary to take steps at your request prior to entering into a contract for sale. |
| Issuing an invoice, fulfilling an order | Contract performance (Article 6(1)(b)) | Necessary to perform the sale contract. |
| Responding to a security report | Legitimate interest (Article 6(1)(f)) | Our interest in product security and the security researcher's interest in coordinated disclosure. |
| Statutory record-keeping | Legal obligation (Article 6(1)(c)) | Accounting records, tax records, and corporate records as required by UK law. |
| Sending operational emails about an order or NDA | Contract performance / pre-contractual necessity (Article 6(1)(b)) | Confirmations, NDA delivery, fulfilment notifications, directly associated with steps you have requested. |
| Appliance Telemetry (anonymous) | Outside UK GDPR (not personal data); processed under legitimate interest (Article 6(1)(f)) to the extent any element were ever personal | Contains no Content and no personal data; anonymised or aggregated before transmission; can be switched off; absent on sovereign and air-gapped builds. See section 2.2. |
We do not process personal data for marketing or advertising purposes and do not sell personal data to any third party. We do not use Content, or any personal data, to train AI models.
| Category | Retention period |
|---|---|
| Enquiry submissions | 24 months from submission, then deleted from operator inbox and server logs |
| Reservation records (unfulfilled) | 12 months from submission if no further action, then deleted |
| Reservation records (fulfilled, contracted) | 6 years from end of the related accounting period, in line with HMRC record-retention requirements |
| NDA correspondence and signed NDAs | 6 years from termination or expiry of the NDA |
| Security disclosure correspondence | 3 years from closure of the report |
| Server access logs | 90 days, then rotated and deleted |
| Appliance Telemetry | Anonymous and aggregated; retained only as long as useful for security and product analysis. Contains no personal data, so is not subject to a personal-data retention limit. |
We share personal data only with the service providers necessary to deliver our website, communications, and operations. A current list of subprocessors and what each can see is published at arsenale.ai/trust. As of this policy's effective date:
Our customers' Content is not shared with anyone, because it never leaves the Appliance and never reaches us (see section 2). We do not sell, rent, or trade personal data. We will disclose personal data to a third party only where required by law, in connection with a regulatory request, in defence of a legal claim, or with your explicit consent.
Some of our subprocessors operate globally and may process personal data outside the United Kingdom or the European Economic Area. We rely on the following safeguards where applicable:
Content on the Arsenale Appliance does not leave the customer's premises and is therefore not subject to any international transfer initiated by Arsenale. Anonymous Telemetry, where enabled, contains no personal data and so is not a transfer of personal data.
This site does not use cookies for tracking, analytics, advertising, or marketing. We do not set any cookies of our own. The cookies that may be set are limited to those strictly necessary to operate the site, and are set by Cloudflare:
| Cookie | Purpose | Typical duration |
|---|---|---|
__cf_bm |
Bot management: distinguishes human visitors from automated traffic to protect site availability and integrity. | ~30 minutes (rolling) |
cf_clearance |
Records that a visitor has passed a security challenge, so the challenge is not repeated for every request. | Up to 30 days |
| Cloudflare Turnstile | Session cookies set when you submit the /enquire or /pricing form, to verify the submission was made by a human. | Session only |
__cflb |
Load balancing: keeps a visitor's traffic on a consistent server within a session. | Session only |
The exact set of cookies and their durations may change if Cloudflare updates its bot-management or security configuration. This table will be updated when we become aware of material changes.
Under the Privacy and Electronic Communications Regulations 2003 (PECR), strictly necessary cookies do not require consent. Because every cookie used on this site falls into that category, we deliberately do not display a cookie consent banner; banners that ask for consent the law does not require are a dark pattern that wastes the visitor's time and obscures the actual data picture. If a future change to the site introduces a cookie that does require consent, we will publish a banner at the same time, and the cookie will not be set until consent is given.
We maintain a documented Information Security Posture aligned with the ISO 27001 control objectives and NCSC guidance for sovereign and on-premise systems. Personal data we hold is:
A redacted version of our Information Security Posture document is available on request under NDA.
Under UK GDPR you have the following rights in relation to your personal data:
| Right | What it means |
|---|---|
| Access | You can request a copy of the personal data we hold about you and information about how it is processed. |
| Rectification | You can ask us to correct personal data that is inaccurate or incomplete. |
| Erasure ("right to be forgotten") | You can ask us to delete personal data, subject to our legal record-retention obligations. |
| Restriction of processing | You can ask us to limit how we use your personal data in specific circumstances. |
| Data portability | You can ask us to provide your personal data in a structured, commonly used, machine-readable format. |
| Objection | You can object to processing based on legitimate interest. We will stop unless we can demonstrate compelling legitimate grounds that override your interests. |
| Withdrawal of consent | Where we rely on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal. |
| Complaint to the supervisory authority | You can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk, though we ask that you contact us first so we have an opportunity to resolve the matter. |
Because your Content never reaches us, a rights request to Arsenale relates only to the limited personal data in sections 3 to 6. Content on your Appliance is under your own control at all times.
To exercise any of the rights above, please email contact@arsenale.ai with a clear description of your request. We will respond within one calendar month of receipt. We may need to verify your identity before fulfilling a request.
We may amend this policy from time to time to reflect changes in our practices, in subprocessors we engage, or in legal or regulatory requirements. The "Effective" date at the top of this policy will be updated when material changes are made. Material changes will be communicated to recipients of any active service we provide via the email address on record.
Arsenale Limited
Company No. 17126962, registered in England and Wales
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email: contact@arsenale.ai
Security disclosure: security@arsenale.ai · Press: press@arsenale.ai
We are not currently required to appoint a Data Protection Officer under UK GDPR Article 37. Privacy queries are handled directly by the Director.