Privacy Policy

ArchiVault ("we", "us", "our") is a project management platform built for architecture and design studios. We are operated by Sanyam Golechha and are based in India. Our service is available at archivault-gray.vercel.app.

If you have any questions about this policy, contact us at golechhasanyam5@gmail.com.

• Account information — name, email address, and profile photo provided when you sign up via Clerk.
• Organisation data — firm name, team members you invite, and roles assigned to them.
• Project content — designs, materials, documents, photos, chat messages, mood board items, and any other files you upload while using ArchiVault.
• Usage data — pages visited, actions taken inside the app, and timestamps (stored in our activity log).
• Device & browser data — IP address, browser type, and operating system, collected automatically by our hosting infrastructure.

• To create and manage your account and organisation.
• To deliver the core features of ArchiVault — project tracking, client collaboration, document storage, and notifications.
• To generate audit trails and sign-off documents on your behalf.
• To send you transactional emails (e.g., invitations, OTP codes for trade workers).
• To improve the platform — we analyse aggregate, anonymised usage to understand which features are most useful.
• To comply with legal obligations.

We do not sell your data to third parties. We do not use your project content to train AI models.

Your data is stored on Supabase (PostgreSQL database and object storage), hosted on AWS infrastructure in the ap-south-1 (Mumbai) region. Authentication is handled by Clerk, which is SOC 2 Type II certified.

Files you upload (designs, photos, documents) are stored in private Supabase storage buckets accessible only via short-lived signed URLs generated at request time.

We use HTTPS/TLS for all data in transit. Database access from our application uses a service-role key that is never exposed to the browser.

We share your data only with the following third-party service providers, strictly to operate the platform:

• Clerk — authentication and user management.
• Supabase — database and file storage.
• Vercel — application hosting and edge delivery.
• Twilio / SMS provider — OTP delivery for trade worker login.

All providers are bound by data processing agreements and industry-standard security practices.

ArchiVault uses only essential cookies required for authentication (session tokens set by Clerk). We do not use advertising cookies or third-party tracking pixels.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your account and associated data.
• Export your project data.

To exercise any of these rights, email us at golechhasanyam5@gmail.com. We will respond within 30 days.

We retain your data for as long as your account is active. If you delete your account, we will permanently delete your personal data and project content within 30 days, except where we are required by law to retain certain records.

ArchiVault is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it promptly.

We may update this policy from time to time. We will notify you of material changes by posting a notice inside the app or by email. Continued use of ArchiVault after the effective date constitutes acceptance of the updated policy.