Archmate is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud architecture assessment platform.

1. Information We Collect

We collect only what's necessary to provide exceptional cloud architecture assessment services

1.1 Account Information

Identity Data: Name, email address, company information, and job title
Authentication Data: Encrypted passwords and multi-factor authentication preferences (managed via AWS Cognito)
Subscription Data: Plan details, billing information, and usage limits

1.2 AWS Configuration Data

Read-Only Access: AWS resource configurations for Well-Architected assessments
Metadata Only: No sensitive data, credentials, or application content
Assessment Results: Generated reports, findings, and recommendations

1.3 Usage Information

Platform Activity: Features used, assessment frequency, and user interactions
Technical Data: Browser type, IP address, and session information
Performance Metrics: Response times and system performance data (anonymized)

2. How We Use Your Information

Every piece of data serves a specific purpose in delivering better cloud architecture insights

Service Delivery: Conduct Well-Architected Framework assessments and generate personalized recommendations
Account Management: Authenticate users, manage subscriptions, and provide customer support
Platform Improvement: Analyze usage patterns to enhance features and user experience
Security & Compliance: Monitor for suspicious activity and maintain audit trails
Legal Compliance: Fulfill regulatory requirements and respond to legitimate requests

We never sell your data and share only when absolutely necessary for service delivery

We may share information only in these limited circumstances:

Service Providers: AWS (hosting), authentication services (AWS Cognito), and payment processors under strict data processing agreements
Legal Requirements: When required by law, court order, or government regulation
Business Transfers: In case of merger, acquisition, or sale (with advance notice to users)
User Consent: When you explicitly authorize information sharing for specific purposes
Emergency Situations: To protect user safety, prevent fraud, or address security incidents

4. Data Security

Enterprise-grade security measures protect your data at every layer

Encryption: AES-256 encryption at rest and TLS 1.3 in transit for all data
Access Controls: Role-based permissions, multi-factor authentication, and least privilege principles
Infrastructure: AWS security best practices, VPC isolation, and network monitoring
Monitoring: 24/7 security monitoring, intrusion detection, and automated threat response
Regular Audits: Penetration testing, vulnerability assessments, and compliance reviews

5. Data Retention

We keep your data only as long as necessary, with clear retention schedules

Active Accounts: Data retained while account is active and for service delivery
Inactive Accounts: 90 days after subscription ends, then complete data deletion
Assessment Data: 7 years for compliance and audit purposes (anonymized after 2 years)
Security Logs: 2 years for incident investigation and compliance requirements
Immediate Deletion: Upon request (except where legally required to retain)

6. Your Choices and Controls

You have complete control over your data and privacy settings

Account Settings: Update personal information, notification preferences, and security settings
Data Access: Download your data in machine-readable formats at any time
AWS Integration: Connect or disconnect AWS accounts with full control over access scope
Communication: Opt out of non-essential emails while maintaining important service notifications
Account Deletion: Permanently delete your account and all associated data

7. International Data Transfers

All data processing occurs within secure, compliant regions

Data is processed primarily Frankfurt (eu-central-1) AWS region
All international transfers use standard contractual clauses and adequacy decisions
We implement appropriate safeguards including encryption and access controls
EU customer data can be processed within EU regions upon request

8. Cookies and Tracking

We use minimal, essential cookies only - no advertising or tracking

Essential Cookies: Required for authentication, session management, and platform functionality
Analytics Cookies: Optional cookies to improve service performance (requires your consent)
No Advertising: We never use cookies for advertising, remarketing, or behavioral tracking
Your Control: You can disable non-essential cookies in your browser settings

9. Third-Party Integrations

9.1 AWS Services Integration

Read-Only API Access: Direct integration with AWS APIs for secure configuration analysis
AWS Cognito: Enterprise-grade user authentication and identity management
Shared Responsibility: Full compliance with AWS shared responsibility security model

9.2 Assessment Tools

PowerPipe & SteamPipe: Industry-standard tools for cloud configuration analysis
Secure Environment: All tools operate within our isolated, monitored infrastructure
No External Access: Tools never connect to external networks or third-party services

10. Your Privacy Rights

You have comprehensive rights over your personal data - here's how to exercise them

Under Jordanian law, you have the following rights:

Right to Access: Request a complete copy of all personal data we have about you
Right to Rectification: Correct any inaccurate or incomplete information
Right to Erasure: Request complete deletion of your data ("right to be forgotten")
Right to Restriction: Limit how we process your data in certain circumstances
Right to Portability: Receive your data in a structured, machine-readable format
Right to Object: Opt out of specific types of processing

To exercise these rights: Email us at legal@archmate.ai with your request. We'll respond within 30 days.

11. Data Breach Notification

Our incident response plan ensures rapid notification and transparent communication

In the unlikely event of a data breach, we are committed to:

72-Hour Notification: Affected customers will be notified within 72 hours of discovery
Regulatory Compliance: Appropriate competent authorities in Jordan will be notified as required by applicable law
Full Transparency: Complete details on the nature, scope, and impact of the breach
Remediation Steps: Immediate actions taken and recommendations for protecting your data
Ongoing Updates: Regular communication until the incident is fully resolved

12. Children's Privacy

Archmate is designed for business professionals and enterprise use only

Our service is intended for business professionals aged 18 and older
We do not knowingly collect personal information from children under 18
If you believe a child has provided us with personal information, please contact us immediately
We will promptly delete any information we discover belongs to a child under 18

13. Contact Information

Questions about privacy? We're here to help with transparent, timely responses

For privacy-related inquiries, data requests, or concerns:

Legal Inquiries:

legal@archmate.ai

General Support:

support@archmate.ai

Phone (Jordan):

+962 79 187 2050

Phone (Saudi):

+966 53 524 7908

Jordan Branch:

Amman, Al-jubeiha

Saudi Branch:

KSA, Riyadh

14. Updates to This Policy

We believe in transparency - you'll always know when and why we update our privacy practices

When we update this Privacy Policy, we will notify you through:

Email Notification: Direct email to all registered users at least 30 days before changes take effect
Website Banner: Prominent notice on our homepage and legal pages
In-App Notifications: Clear notifications when you next log into the platform
Version History: Complete changelog available on our website showing what changed and when

Material Changes: Require your explicit acceptance. Minor Updates: Take effect automatically after the notice period.

Last Updated: September 17, 2025. For questions about privacy or our service, please contact us at legal@archmate.ai.

Privacy Policy

Privacy Sections