OpenArrow

Legal

Privacy Policy

Last updated: 24 June 2026

1. Introduction

OpenArrow (“we”, “us”, or “our”) operates the website at openarrow.ai and provides an AI-native platform for structured products pricing, derivatives analytics, and workflow automation. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using our website or services, you agree to the practices described here.

2. Information We Collect

We collect information you provide directly to us:

  • Demo and sales inquiries: name, corporate email, phone number, company, role, team size, and any context you choose to share when you submit the “Schedule Demo” or “Contact Sales” form.
  • Account information: name, email address, organisation, and authentication identifiers when an account is provisioned for you.
  • Service usage: API keys you generate, requests made to our platform, prompts and responses processed through our chat interface, and associated metadata (timestamps, tool names, token counts) used for billing, metering, and product improvement.
  • Technical data: IP address, browser type, device information, and access logs collected automatically when you interact with our services.

3. How We Use Your Information

We use the information we collect to:
  • Provide, operate, and maintain our services;
  • Respond to demo requests, sales inquiries, and support questions;
  • Meter and bill for usage, enforce plan limits, and prevent abuse;
  • Improve our platform's reliability, accuracy, and user experience;
  • Communicate with you about product updates, security advisories, and service changes;
  • Comply with legal obligations and enforce our terms.

4. Third-Party Service Providers (Sub-processors)

We rely on a small set of trusted infrastructure providers to deliver our service. These providers process data only on our instructions and under contractual confidentiality obligations. The categories we engage include:
  • Cloud hosting and content delivery
  • Managed database hosting
  • Transactional email delivery for sign-in links and notifications
  • Identity providers for OAuth-based sign-in
  • AI inference for our in-product chat and analytics features

Enterprise customers can request a current list of named sub-processors under appropriate confidentiality terms via the “Contact Sales” form.

We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.

5. Data Retention

We retain personal information for as long as your account is active or as needed to provide the services. Demo request records are retained for our internal lead-management purposes. Usage logs and request metadata are retained for billing reconciliation and security audit. You may request deletion of your account and associated personal data at any time (see Section 7).

6. Data Security

We use industry-standard practices to protect your information, including TLS encryption in transit, encrypted-at-rest storage with our database provider, scoped access keys, and audit logging. No system is perfectly secure; we encourage you to use strong, unique credentials and to revoke API keys you no longer need from your account settings.

7. Your Rights

Depending on your jurisdiction, you may have rights to:
  • Access the personal information we hold about you;
  • Request correction of inaccurate information;
  • Request deletion of your personal information;
  • Withdraw consent for processing where consent is the legal basis;
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us through the “Talk to Sales” form on our website. We will respond within a reasonable timeframe consistent with applicable law.

8. International Data Transfers

Our infrastructure providers operate data centres in multiple regions. By using our services, you acknowledge that your information may be transferred to, processed in, and stored in countries other than your own. We require our sub-processors to maintain appropriate safeguards for such transfers.

9. Children's Privacy

Our services are intended for use by businesses and professionals, not by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated through our website or by email to active users. Continued use of our services after the effective date constitutes acceptance of the revised policy.

11. Contact Us

For questions about this Privacy Policy or our data practices, please reach out through the “Contact Sales” form on our website. We do not publish a direct email address to prevent automated abuse, but we read every inquiry submitted through the form.