Privacy Policy

Arden ("we", "our", "us") operates the website at arden.sh and the Arden platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you have questions, contact us at team@arden.sh.

Account information. When you sign up, we collect your name and email address through our authentication provider (Clerk). We do not store passwords directly.

Agent and policy configuration. We store the agents you create, their names, descriptions, and the policy rules you configure for them.

Action logs. Every tool call your AI agent makes through Arden is logged. These logs include the tool name, the arguments passed to the tool (kwargs), the policy decision, timestamps, and session identifiers. Tool call arguments may contain data about your end users depending on what your agent sends.

Token usage. We log the model name, prompt token count, completion token count, and estimated cost for LLM calls made through the SDK.

API keys. We store your API keys in encrypted form. Full key values are only shown once at creation.

Usage data. We collect standard server logs including IP addresses, request paths, and response codes to operate and improve the Service.

The Arden marketing website (arden.sh) uses Google Analytics 4 (GA4) to understand how visitors find and use the site. GA4 collects anonymised usage data including page views, session duration, and referral source. This data is processed by Google in accordance with their privacy policy. We do not use analytics on the application dashboard (app.arden.sh).

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process and enforce agent policies on your behalf
• Display action logs and usage analytics in your dashboard
• Send transactional emails (e.g. email verification, approval notifications)
• Respond to support requests
• Detect and prevent abuse or security incidents
• Improve the Service through aggregated, anonymised analytics

We do not sell your data. We do not use your data to train AI models.

Action logs, token usage records, and agent configurations are retained while your account is active. You can delete agents and their associated data from the dashboard at any time. On account deletion, we delete your personal data within 30 days, except where we are required to retain it by law.

We use the following third-party services to operate Arden:

• Clerk — authentication and user management
• Amazon Web Services (AWS) — hosting, database, and compute infrastructure
• Google Analytics — marketing website analytics
• Slack — optional approval notification delivery

Each provider has their own privacy policy governing how they handle data.

We take reasonable technical and organisational measures to protect your data, including encryption at rest and in transit, API key hashing, and access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

You may request to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data
• Export your action logs and agent configurations

To exercise any of these rights, email us at team@arden.sh.

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

Questions or concerns about this policy? team@arden.sh