Privacy Policy

Last Updated: January 21, 2026

Effective Date: January 21, 2026

---

Table of Contents

1. Introduction
2. Definitions
3. Data Controller Information
4. Data Collection on arccms.com
5. Arc CMS Software (Your Deployments)
6. Legal Basis for Processing
7. Cookies and Tracking Technologies
8. Third-Party Services
9. Data Security
10. Data Retention
11. Your Rights
12. International Data Transfers
13. Children's Privacy
14. Changes to This Policy
15. Contact Us

---

1. Introduction

Welcome to Arc CMS. This Privacy Policy explains how Quadralyst Pvt. Ltd. ("we," "us," or "our") collects, uses, discloses, and protects information when you:

• Visit our website at arccms.com
• Join our waitlist
• Contact us through our forms
• Download and use Arc CMS software

We are committed to protecting your privacy and ensuring you have a positive experience on our website and with our software.

2. Definitions

Personal Data

Any information relating to an identified or identifiable natural person.

Processing

Any operation performed on personal data, including collection, storage, use, or disclosure.

Data Controller

The entity that determines the purposes and means of processing personal data.

Data Processor

An entity that processes personal data on behalf of the data controller.

arccms.com

Our marketing website where we collect visitor data.

Arc CMS Software

The self-hosted open-source software that you deploy to your own infrastructure.

3. Data Controller Information

For arccms.com:

Quadralyst Pvt. Ltd.
Indore, Madhya Pradesh, India
Email: gunjan@quadralyst.com

For Arc CMS Software Deployments:

You (the person or entity deploying Arc CMS) are the data controller. We do not control, access, or process data from your Arc CMS instances.

4. Data Collection on arccms.com

4.1 Information We Collect

Information You Provide Directly:

• Waitlist Signups: Email address, name (if provided)
• Contact Forms: Name, email address, message content, any other information you choose to provide
• Newsletter Subscriptions: Email address

Information Collected Automatically:

• Usage Data: IP address, browser type, device type, operating system
• Analytics Data: Pages visited, time spent on pages, referral sources, geographic location (country/city level)
• Cookies: Session identifiers, preference settings, analytics cookies
• Tracking Pixels: Data from marketing and analytics pixels (see Section 8)

4.2 How We Use Your Information

We use the information collected on arccms.com for:

• Communication: Sending you waitlist updates, product announcements, and responding to your inquiries
• Marketing: Sending promotional emails about Arc CMS and related services (you can opt out anytime)
• Analytics: Understanding how visitors use our website to improve user experience
• Product Development: Understanding user needs and prioritizing features
• Legal Compliance: Complying with applicable laws and regulations
• Security: Detecting and preventing fraud, abuse, and security incidents

4.3 Marketing Communications

When you join our waitlist or subscribe to updates:

• We may send you emails about Arc CMS updates, features, and related products
• You can unsubscribe at any time using the link in any email
• We will not sell or rent your email address to third parties
• Unsubscribing from marketing emails does not affect transactional emails (e.g., download confirmations)

5. Arc CMS Software (Your Deployments)

5.1 Complete Data Ownership

You Own Your Data. We Cannot Access It.

Arc CMS is self-hosted software that you deploy to your own Firebase project. This means:

• All data collected through your Arc CMS instance (email signups, form submissions, analytics) is stored in your Firebase database
• Quadralyst Pvt. Ltd. has zero access to your database, your users, or your content
• You are the data controller and data processor for your Arc CMS instance
• You are responsible for compliance with privacy laws (GDPR, CCPA, etc.) for data collected by your instance

5.2 Your Responsibilities as Data Controller

When you deploy Arc CMS, you must:

• Create and publish your own privacy policy for your website
• Obtain necessary consents from your users for data collection
• Implement appropriate security measures for your Firebase project
• Respond to data subject requests (access, deletion, etc.) from your users
• Comply with applicable data protection laws in your jurisdiction

5.3 No Telemetry or Tracking

Arc CMS is open-source software. We do not collect:

• Usage telemetry from your Arc CMS instances
• Analytics about how you use the software
• Error reports or crash data
• Any data from your users or databases

Your Arc CMS instance operates completely independently from our servers.

5.4 Version Update Checks

Arc CMS may check arccms.com for version updates. This check:

• Is a simple HTTP request to retrieve a JSON file
• Does not send any personal data or usage information
• May include your IP address in server logs (standard for any HTTP request)
• Can be disabled in your Arc CMS configuration

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) or other jurisdictions requiring legal basis disclosure, we process your personal data based on:

• Consent: When you provide consent (e.g., joining waitlist, subscribing to emails)
• Contractual Necessity: To provide services you've requested
• Legitimate Interests: To improve our website, analyze usage, and develop products (balanced against your privacy rights)
• Legal Obligation: To comply with applicable laws and regulations

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

Essential Cookies (Required):

• Session Management: To maintain your session when logged into areas of the site
• Security: To protect against CSRF attacks
• These cookies cannot be disabled as they are necessary for the website to function

Analytics Cookies (Optional):

• Google Analytics: To understand how visitors use our website
• Tracks: pages visited, time on site, browser/device type, geographic location
• You can opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout

Marketing Cookies (Optional):

• Conversion Tracking: To measure effectiveness of marketing campaigns
• Retargeting: To show relevant ads to previous visitors
• May include pixels from: Facebook, LinkedIn, Twitter, Google Ads, or other advertising platforms

7.2 Cookie Consent

On your first visit to arccms.com, we display a cookie consent banner. You can:

• Accept all cookies
• Reject optional cookies (analytics and marketing)
• Manage cookie preferences at any time

Essential cookies are set automatically as they're necessary for the site to function.

7.3 Managing Cookies

You can control cookies through:

• Your browser settings (most browsers allow you to refuse cookies)
• Our cookie preference center (link in footer)
• Third-party opt-out tools linked above

Note: Disabling cookies may affect website functionality.

8. Third-Party Services

8.1 Services We Use on arccms.com

Email Service Providers:

• Purpose: To send waitlist confirmations, product updates, and marketing emails
• Data Shared: Email address, name (if provided), subscription preferences
• Providers: Various SMTP servers (may include Gmail, SendGrid, Mailgun, or similar services)
• Privacy Policies: Each provider has their own privacy policy governing how they process data

Google Analytics:

• Purpose: Website analytics and user behavior tracking
• Data Shared: Usage data, device information, geographic location
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

Marketing and Tracking Pixels:

We may use tracking pixels from advertising platforms including:

• Facebook Pixel
• LinkedIn Insight Tag
• Twitter Conversion Tracking
• Google Ads Conversion Tracking

These services collect data about your visit to improve ad targeting and measure campaign effectiveness. Each service has its own privacy policy and opt-out mechanisms.

8.2 Firebase (For Arc CMS Deployments)

Arc CMS software relies on Google Firebase for infrastructure. When you deploy Arc CMS:

• You create your own Firebase project
• Your data is stored in your Firebase account
• Google Firebase's privacy policy applies to your data: https://firebase.google.com/support/privacy
• We recommend reviewing Google's terms to understand how they secure your infrastructure

8.3 GitHub

• Purpose: Hosting Arc CMS source code and documentation
• Data Shared: Only if you interact with our GitHub repository (stars, issues, pull requests)
• Privacy Policy: GitHub Privacy Statement

9. Data Security

9.1 Our Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: HTTPS/SSL encryption for all data transmitted to arccms.com
• Access Controls: Limited access to personal data on a need-to-know basis
• Secure Storage: Data stored using industry-standard security practices
• Regular Updates: Security patches and updates applied promptly

9.2 Your Responsibilities

For Arc CMS deployments, you are responsible for:

• Securing your Firebase project with appropriate authentication and rules
• Using strong passwords for admin accounts
• Keeping Arc CMS software updated
• Implementing backups of your data
• Monitoring your Firebase project for unauthorized access

9.3 Data Breach Notification

In the event of a data breach affecting arccms.com:

• We will notify affected users within 72 hours of discovering the breach
• We will provide details about what data was compromised
• We will take immediate steps to mitigate the breach
• We will comply with applicable breach notification laws

10. Data Retention

10.1 arccms.com Data

• Waitlist Emails: Retained until you unsubscribe or request deletion
• Contact Form Submissions: Retained for up to 3 years or until resolved
• Analytics Data: Retained according to Google Analytics default settings (typically 26 months)
• Marketing Data: Retained until you opt out or request deletion

10.2 Arc CMS Deployment Data

You control retention periods for data in your Arc CMS instance. We recommend:

• Establishing clear data retention policies
• Regularly reviewing and purging unnecessary data
• Implementing automated deletion where appropriate

11. Your Rights

11.1 For Data We Control (arccms.com)

You have the following rights regarding your personal data:

Right to Access:

You can request a copy of the personal data we hold about you.

Right to Rectification:

You can request that we correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten"):

You can request that we delete your personal data. We will comply unless we have a legal obligation to retain it.

Right to Restrict Processing:

You can request that we limit how we process your data.

Right to Data Portability:

We currently do not offer automated data export. If you request your data, we will provide it in a commonly used electronic format.

Right to Object:

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent:

Where processing is based on consent, you can withdraw it at any time.

Right to Opt Out of Marketing:

You can unsubscribe from marketing emails at any time using the unsubscribe link in emails or by contacting us.

11.2 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: gunjan@quadralyst.com

We will respond to your request within 30 days.

11.3 For Data in Your Arc CMS Instance

Users of your Arc CMS deployment should contact you directly for data requests. You are responsible for handling these requests in compliance with applicable laws.

12. International Data Transfers

Quadralyst Pvt. Ltd. is based in India. Your information may be transferred to and processed in:

• India (our primary operations)
• United States (some third-party services like Google Analytics, email providers)
• Other countries where our service providers operate

When transferring data internationally, we ensure:

• Appropriate safeguards are in place (e.g., Standard Contractual Clauses)
• Third-party processors comply with applicable data protection laws
• Data is protected to the same standard regardless of location

13. Children's Privacy

Arc CMS is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top
• For significant changes, we will notify users via email (if we have your email address)
• Continued use of arccms.com after changes constitutes acceptance of the updated policy

For Arc CMS software updates that affect data handling, changes are applied only when you choose to update your instance.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Quadralyst Pvt. Ltd.
Email: gunjan@quadralyst.com
Location: Bhopal, Madhya Pradesh, India

Data Protection Officer

For privacy-related inquiries, you may also contact our data protection officer at the email address above.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority.