Privacy Policy
This policy explains what information Arlen Labs collects when you use our website and services, how we use it, and the things we promise never to do with it. We've written it to be read, not just filed away.
The short version: Arlen Mail is end-to-end encrypted, and we hold your messages only as ciphertext we cannot read. We do not scan your mail, sell your data, show ads, or use your content to train AI — ours or anyone else's. The sections below put that in precise terms.
01 Who we are & scope
Arlen Labs, LLC ("Arlen Labs," "we," "us") is a company organized in the Commonwealth of Virginia, United States. We build privacy-focused consumer cloud products, beginning with Arlen Mail.
This Privacy Policy applies to our marketing websites at arlenlabs.com and arlencloud.com, and to the Arlen Mail application and related services (together, the "Services"). It describes the personal information we process as a data controller. It does not apply to third-party websites or services we link to but do not operate.
02 Information we collect
We collect as little as we can while still running a reliable service. The categories below are exhaustive for the current Services.
Account information
When you request an invite or create an account, we collect your email address and, once you set up an account, your chosen Arlen Mail address and authentication credentials. Passwords are processed using industry-standard hashing; we never store them in plain text.
Billing information
If you subscribe to a paid plan, our payment processor collects and processes your payment details on our behalf. We retain only what we need for accounting and tax purposes — typically your name, billing country, plan, and transaction records. We do not store full card numbers on our systems.
Minimal service metadata
To deliver mail and keep accounts secure, we necessarily process limited technical metadata, such as the timing and size of message delivery, storage usage, and security events (for example, sign-in attempts). We minimize this data and retain it only as long as described in Section 06.
The contents of your mail
Your message bodies and attachments are encrypted end-to-end and stored as ciphertext. We do not have the keys to decrypt them and therefore cannot read, index, or analyze their contents. We process them only as encrypted blobs in order to store and deliver them.
03 What we never do
Some commitments are easiest to state as a list of things we will not do. These are not settings buried in a menu — they are how the Services are built.
- We do not scan your mail. We do not read, index, or content-analyze the bodies or attachments of your messages for any purpose.
- We do not profile you for advertising. We show no ads in the Services and build no advertising profiles.
- We do not sell or rent your personal information to data brokers, advertisers, or anyone else.
- We do not use your content to train AI. Your messages, attachments, and files are never used to develop, train, or fine-tune machine-learning models — ours or any third party's.
- Inside the Services (
arlencloud.com): the Arlen Mail product functions without advertising or cross-site tracking technologies. - On the corporate marketing site (
arlenlabs.com): we use a limited third-party analytics tool (LogRocket) to understand how visitors discover and evaluate our products. It never applies to your account, your mail, or any data inside the Services.
04 How we use information
We use the limited information described in Section 02 only for the following purposes:
- To provide, maintain, and secure the Services, including delivering and storing your encrypted mail.
- To authenticate you and protect accounts against fraud, abuse, and unauthorized access.
- To process payments and meet our financial and legal recordkeeping obligations.
- To communicate with you about your account, security, and material changes to the Services.
- To understand aggregate, privacy-preserving usage of our website so we can improve it (see Section 05).
We rely on the legal bases of performing our contract with you, our legitimate interests in operating a secure service, and compliance with legal obligations, as applicable.
05 Cookies & website analytics
Inside the Services (arlencloud.com), we use a minimal set of cookies and do not use advertising or cross-site tracking cookies. On arlenlabs.com, we may use third-party analytics cookies disclosed in the table below. These never extend to your account or mail.
| Type | Purpose |
|---|---|
| Strictly necessary | Keep you signed in, remember security preferences, and protect against fraud. The Services cannot function without these. |
| Preferences | Remember choices you make, such as interface settings. Optional. |
| Aggregate analytics | Help us understand website traffic in aggregate. We use a privacy-respecting analytics approach that does not build cross-site profiles, and we do not sell analytics data. |
| LogRocket session replay | On arlenlabs.com only. Records page interactions (clicks, scrolls, navigation) so we can see how visitors engage with our marketing copy. Email addresses and form inputs are redacted before transmission. Retained for 30 days. |
Where required by law, we ask for your consent before setting non-essential cookies, and you can withdraw it at any time through your browser settings or our cookie controls.
06 Data retention & deletion
We keep personal information only for as long as we need it for the purposes described in this policy, then delete or anonymize it.
- Account & mail data is retained for as long as your account is active. When you delete content or your account, we begin deletion of the associated data from active systems and remove it from backups within a defined backup-rotation window [placeholder: confirm exact window, e.g. 30 days, with counsel].
- Billing records are retained as required by applicable tax and accounting law, typically several years, regardless of account deletion.
- Security metadata is retained for a short period necessary to detect and investigate abuse, then deleted or aggregated.
You can delete your account at any time from your account settings. Because your mail is stored as ciphertext we cannot read, deletion removes data we could never access in the first place.
07 Sub-processors & third parties
We use a small number of carefully chosen service providers ("sub-processors") to operate the Services. They act on our instructions, are bound by contractual confidentiality and data-protection obligations, and receive only the minimum data needed for their function. Critically, because your mail is end-to-end encrypted, our infrastructure providers handle it only as ciphertext.
| Provider | Function | Data handled |
|---|---|---|
| Cloud infrastructure | Hosting & encrypted storage | Encrypted mail blobs, service metadata |
| Payment processor | Subscription billing | Billing details, transaction records |
| Transactional email | Account & security notifications | Email address, message status |
| Analytics provider | Aggregate website analytics | Privacy-preserving usage data |
We maintain a current list of named sub-processors and will update it as our providers change [placeholder: publish the named-vendor list and a subscribe-for-updates link].
08 Changes to this policy
We may update this Privacy Policy from time to time as our Services and legal obligations evolve. When we make material changes, we will update the "Last updated" date above and notify you by email or an in-product notice before the changes take effect. We encourage you to review this page periodically.
09 Contacting us
If you have questions about this policy or how we handle your information, or if you wish to exercise privacy rights available to you under applicable law, contact us at privacy [at] arlenlabs [dot] com.
Arlen Labs, LLC · Commonwealth of Virginia, United States.