Privacy Policy

At Long Arc Research, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our Legends platform.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not access or use our Services.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us, including:

• Account Information: Email address, name, password
• Payment Information: Billing address, payment method details (processed securely through Stripe)
• Communication Data: Information you provide when contacting our support team
• Profile Information: Any additional information you choose to provide in your user profile

1.2 Automatically Collected Information

When you use our Services, we automatically collect certain information:

• Usage Data: Pages visited, time spent on pages, content accessed, reading progress
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Server logs including access times, pages requested, and errors encountered
• Analytics Data: Aggregated usage patterns and performance metrics

1.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for basic website functionality and security
• Authentication Cookies: To maintain your login session (Supabase)
• Preference Cookies: To remember your settings and preferences
• Analytics Cookies: To understand how you use our Services and improve performance (PostHog, Vercel Analytics). We respect Do Not Track browser settings and mask all form inputs in session recordings for your privacy.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, operate, and maintain our Services
• Account Management: To create and manage your account, process subscriptions, and handle authentication
• Payment Processing: To process payments and manage billing (through our payment processor Stripe)
• Customer Support: To respond to your inquiries and provide technical support
• Service Improvement: To analyze usage patterns and improve our content and user experience
• Communication: To send you account-related notifications, updates, and marketing communications (with your consent)
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To detect, prevent, and address technical issues and security threats

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist us in operating our Services:

• Supabase: Database hosting, user authentication, and backend services
• Stripe: Payment processing and billing management
• Vercel: Website hosting, content delivery, and performance analytics
• PostHog: Product analytics, user behavior tracking, and feature usage monitoring (with session recording disabled and input masking enabled for privacy)
• Sentry: Error monitoring and performance tracking to improve service reliability

These providers are contractually obligated to protect your information and use it only for the specific services they provide to us.

3.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation or court order
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with our Services
• Protect the personal safety of users or the public

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or control of your personal information.

4. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for a reasonable period after account closure
• Payment Data: Retained as required for tax, legal, and accounting purposes (typically 7 years)
• Usage Data: Aggregated and anonymized data may be retained indefinitely for analytical purposes
• Support Communications: Retained for 3 years to improve customer service
• Legal Hold: Information subject to legal proceedings may be retained until the matter is resolved

When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention policies and applicable legal requirements.

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

5.1 Access and Portability

• Request access to the personal information we hold about you
• Receive a copy of your personal information in a portable format

5.2 Correction and Updates

• Update your account information through your profile settings
• Request correction of inaccurate personal information

5.3 Deletion

• Request deletion of your personal information (subject to legal retention requirements)
• Delete your account through your account settings

5.4 Restrictions and Objections

• Object to certain processing activities
• Request restriction of processing in specific circumstances
• Opt out of marketing communications

5.5 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@longarcresearch.com. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Strict access controls and authentication requirements for our systems
• Regular Security Audits: Regular security assessments and vulnerability testing
• Employee Training: Regular privacy and security training for our team members
• Secure Infrastructure: Use of reputable cloud service providers with robust security certifications

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

7. International Data Transfers

Our Services are operated from the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

For users in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, we ensure that appropriate safeguards are in place for international data transfers, including standard contractual clauses approved by regulatory authorities.

8. Children's Privacy

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from children under 13 without verification of parental consent, we will take steps to remove that information from our servers.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

You have the right to request information about:

• The categories of personal information we collect
• The categories of sources from which we collect personal information
• The business purposes for collecting personal information
• The categories of third parties with whom we share personal information
• The specific pieces of personal information we have collected about you

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

9.3 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights, including by denying services, charging different prices, or providing different levels of service quality.

9.4 Sale of Personal Information

We do not sell your personal information to third parties as defined under the CCPA.

10. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Effective Date" at the top of this policy
• Post the updated policy on our website
• Notify you via email or prominent website notice for material changes
• For significant changes, provide advance notice and obtain consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU residents with privacy concerns, you also have the right to lodge a complaint with your local data protection authority.