Privacy Policy

ArcSense Consulting Inc. ("ArcSense", "we", "us", "our") operates ATLAS, a strategic operations platform. This Privacy Policy explains what data we collect, how we use it, and the commitments we make to protect it.

ATLAS is designed for organizations handling sensitive strategic information. We take that responsibility seriously. We do not claim ownership of your data, we do not sell it, and we do not use it to train AI models.

Account and organization data — when you register, we collect your name, email address, and organization details necessary to create and manage your account.

Platform content — the strategies, capabilities, initiatives, technology portfolios, AI governance artifacts, and other content you create within ATLAS. This is Your Data and is treated accordingly.

Usage data — information about how you interact with the Service, including pages visited, features used, and session duration. This helps us improve the product.

Technical data — IP addresses, browser type, device information, and diagnostic logs collected automatically when you use the Service.

We use the data we collect solely to: provide and improve ATLAS; authenticate users and enforce organizational access controls; communicate with you about your account; and diagnose and resolve technical issues.

We do not use Your Data to train machine learning or AI models — ours or anyone else's. Your strategic information stays yours.

We do not sell, rent, or share Your Data with third parties for advertising, marketing, or any purpose beyond operating the Service.

ArcSense makes no ownership claim over any content you create in ATLAS. Your organizational data — strategies, risks, artifacts, everything — belongs to you.

You can export your data at any time. You can delete your organization and all associated data at any time. Upon deletion, we remove Your Data from our active systems promptly and from backups within 90 days.

Your data is isolated per organization. Our data architecture enforces strict row-level security so that users can only access data belonging to their own organization.

Encryption in transit — all communication between your browser and ATLAS is encrypted via TLS. We do not serve ATLAS over unencrypted connections.

Encryption at rest — Your Data is stored encrypted at rest in our database infrastructure.

Row-level security — our database enforces per-organization data isolation at the infrastructure level, not just in application code. Even a software bug in our product cannot leak one organization's data to another.

Access controls — only authenticated users with valid organizational membership can access ATLAS data. Internal ArcSense access to production data is strictly limited and logged.

We continuously review and improve our security posture. If you discover a security vulnerability, please report it to info@arcsense.ca.

We use a small number of trusted third-party service providers to operate ATLAS:

Supabase — our database and authentication infrastructure provider. Data is stored in Supabase-managed infrastructure with encryption at rest and in transit.

We do not engage advertising networks, data brokers, or analytics platforms that would have access to Your Data. Any new processors we engage will be evaluated for security and privacy practices before use.

We retain Your Data for as long as your account is active. If you delete your organization, we remove active data immediately and purge it from backups within 90 days.

We retain account-level data (email, billing records if applicable) for as long as required by applicable law and our legitimate business interests.

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. You can exercise most of these rights directly within ATLAS.

For requests that cannot be fulfilled through the product, contact us at info@arcsense.ca. We will respond within 30 days.

If you are located in the European Economic Area, you may have additional rights under the GDPR. If you are located in Canada, you have rights under PIPEDA and applicable provincial privacy legislation.

info@arcsense.ca