arnapse

Legal

Privacy Policy.

Last updated: May 2026

This Privacy Policy explains what personal information the Arnapse early-access page (the “Site”) collects, how it is used, and the rights you have. It applies only to the early-access landing page at arnapse.com. The Arnapse product, when launched, will have its own separate policy.

Arnapse is currently operated by an unincorporated founding team (the “we,” “us”). For any privacy question or request, contact hello@send.arnapse.com.

1. Who this policy is for

The Site is intended for people aged 16 and over. We do not knowingly collect information from anyone under 16. If you believe a minor has submitted information to us, contact us and we will delete it.

2. What we collect, and why

2.1 Information you give us

  • Email address— required to send you a one-time verification code and to notify you when Arnapse is ready.
  • First name— used to address you in our confirmation emails.

2.2 Information collected automatically

  • IP address— held briefly to rate-limit sign-up attempts and detect abuse.
  • UTM and referral parameters from the URL (e.g., utm_source, utm_campaign, ?ref=) so we know which channels are bringing in early-access sign-ups.
  • Anonymous usage analytics— pageviews, button clicks, and the result of form submissions. We do not record screen sessions and we do not use third-party advertising trackers.

2.3 What we do NOT collect

  • Payment information — the Site has nothing to buy.
  • Sensitive categories of data (health, biometric, political views, etc.).
  • Content from your device (camera, microphone, contacts, etc.).

3. How we use it

  • To verify your email address via a one-time code (OTP).
  • To send you transactional emails about your early-access status (a welcome message and, eventually, a launch notification).
  • To prevent abuse of the sign-up form (rate limiting, spam blocking).
  • To understand, in aggregate, how people are finding and using the Site.

We do not sell your personal information, and we do not share it for third-party advertising.

4. Sub-processors

We use a small number of vendors who process personal data on our behalf, only for the purposes above:

  • Supabase(database hosting, US region) — stores your email, name, verification status, and rate-limit metadata. Supabase privacy policy.
  • Resend(transactional email, US) — sends the verification code, welcome email, and launch announcement. Resend privacy policy.
  • PostHog(product analytics, US Cloud) — captures anonymous pageview and click events. Session recording is disabled. We honor the “Do Not Track” browser signal. PostHog privacy policy.
  • Vercel(web hosting, global edge) — serves the Site and runs the API endpoints. Hosting access logs may temporarily contain your IP address. Vercel privacy policy.

5. Cookies and similar technologies

The Site uses only the cookies and local-storage entries required for analytics:

  • A first-party PostHog cookie/local-storage entry to recognise repeat visits (anonymous unless you complete sign-up).
  • Local-storage values that hold your UTM parameters between page loads so referral attribution works.

We do not use advertising cookies, retargeting cookies, or any social media trackers.

6. How long we keep it

We retain the information described in section 2 for as long as the early-access program is active and, where applicable, for as long as needed to migrate your sign-up into the launched Arnapse product. Verification codes are short-lived: a code expires 10 minutes after it is issued and cannot be used after that. We may keep records of which emails were sent (template, timestamp, delivery status) for operational and abuse-review purposes.

Nothing in this section limits your statutory rights under applicable privacy laws, described in section 8 below.

7. International transfers

Our sub-processors are based primarily in the United States. If you access the Site from outside the US, your information will be transferred to and processed in the US. Where required, we rely on standard contractual clauses or the equivalent transfer mechanism offered by each sub-processor.

8. Your rights

You can ask us, at any time, to:

  • Confirm whether we hold information about you.
  • Provide a copy of that information.
  • Correct it if it is inaccurate.
  • Delete it (“right to be forgotten”).
  • Restrict or object to certain types of processing — for example, opting out of analytics.
  • Withdraw consent we previously relied on.

Send any of these requests to hello@send.arnapse.com. We’ll respond within 30 days. We may verify the request by email before acting on it.

8.1 EU/UK (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the rights above under the General Data Protection Regulation and the UK GDPR. Our legal basis for processing is your consent (when you submit the form) and our legitimate interest in operating a working sign-up flow free of abuse. You also have the right to lodge a complaint with your local data-protection authority.

8.2 California (CCPA / CPRA)

If you are a California resident, you have the rights to know, delete, correct, and limit the use of your personal information described above. We do not “sell” or “share” personal information as those terms are defined under the CCPA. To exercise any right, email us at the address above.

9. Security

Verification codes are hashed before being stored; we never keep the plaintext code. Database access is locked behind row-level security and a server-only service-role key. Despite these measures, no Internet transmission or storage is 100% secure, so we cannot guarantee absolute security.

10. Changes to this policy

If we make a meaningful change, we will update the “Last updated” date at the top and, for material changes affecting existing waitlist members, send a notice email. Continued use of the Site after the change becomes effective constitutes acceptance.

11. Contact

Email hello@send.arnapse.com for any privacy question, deletion request, or concern.