Privacy Policy


Introduction

This Privacy Policy describes how Archipelago Genomics Inc. (“Archipelago,” “Arki,” “we,” “our,” or “us”) collects, uses, shares, and protects information when you interact with the Arki mobile application, our public website, and any other features, content, or products we operate (together, the “Services”). Please read it alongside our Terms of Service, which govern your use of the Services.

Who provides the Services?

  • Archipelago Genomics Inc., headquartered in Toronto, Ontario, Canada, is the primary data controller for users worldwide.

  • If we designate a different regional affiliate in the future, that affiliate will appear in your account settings and in the footer of our website.

This Policy is drafted in English.  If any translated version conflicts with the English text, the English text prevails.

How to reach us or our Privacy Officer
E-mail: hello@archipelago.bio
Mail: Archipelago Genomics Inc. – Privacy Officer
    212-30 Nelson St, Toronto, ON M5V 0H5, Canada

For questions regarding our Terms of Service, you can visit https://archipelago.bio/terms-of-service

Information We Collect 

Arki gathers personal data in three main ways:

  1. Information you give us – details you type in or upload.

  2. Information we collect automatically – data recorded by your phone, browser, or connected device while you use the Services.

  3. Information from others or third-party sources – data another user or an external service shares with us when you connect accounts.

Below are the specific categories we collect and why we need them.

1. Account & Profile Details

  • Contact and Identity – name, e-mail address, a secure password, date of birth, gender, height, weight. 

  • Preferences –  settings, notification choices, preferred units. 

We use these to create and secure your account, verify age eligibility, collect user demographic data, show the correct units (metric or imperial) and provide reminders about workouts and activities within the Services.

2. Activity & Usage Data

When you record or import a workout we store:

  • Activity metrics – date, time, distance, pace or speed, volume trained and equipment used.

  • In-app actions – joining/leaving a team, sending/reacting to messages and gaining in-app rewards.

This lets Arki calculate statistics, display leaderboards, and personalise your in-app experience.

3. Location Information

With your permission, the App collects precise device location while you are actively using Arki (e.g., tracking a run). We do not track you once the session ends. You can stop location sharing at any time in your phone’s privacy settings, but core features that require GPS functionality (e.g. tracking a run) will stop working.

4. Content You Share

Photos, videos, posts, comments, messages, ratings, and any other media you upload are stored so they can appear in team chats, and activity feeds.

5. Content We Generate

Statistics, messages, posts, rankings, leaderboards and other analytics we perform using your shared content are stored so they can appear in team chats and activity feeds.

6. Third-Party Log-ins

When you sign in with Apple, Google, or Facebook, those providers share the basic profile details you authorise—usually name, e-mail, and profile photo. You can manage what they share via their own privacy controls.

7. Technical & Cookie Information

We automatically log:

  • Device and network information like device ID, OS version, to prevent fraudulent or inappropriate use of the Services and provide diagnostics. 

  • Usage logs like time of last login and crash reports to improve stability and user experience 

  • Local storage to remember your settings and 

8. Other Sources

  • Surveys & feedback – if you answer a questionnaire, we store your responses.

  • Community interactions – another user may reference you in a comment or invite you to a team; we store that event so you can see it in your notifications.

9. Children’s Privacy (COPPA Notice)

Arki is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If we learn we have received such data, we will delete it and close the account promptly.

How Arki Uses Your Information

We rely on the information we collect for the reasons set out below. Where the Personal Information Protection and Electronic Documents Act (PIPEDA) or comparable laws require a legal basis, we process your data under one or more of the following: contract performance, consent, legitimate interests, or compliance with legal obligations.

1. Delivering and Operating the Services

We need your data to give you the core functionality you signed up for, including to:

  • Record and analyse activities – log reps, volume, rest times, start times, distance*, pace/speed*, compare past workouts, and place you onto leaderboards.

  • Enable social features – show your name, handle, avatar, and posts in team chats; let you give or receive mentions.

  • Provide training tools – set preferences for training programs, display necessary data for outdoor activities to help you improve and surface trends in your performance data.

*features that require location metrics are processed only with your explicit, revocable consent, which can be managed in app settings.

2. Safety, Security, and Policy Enforcement

Data such as login logs, device identifiers, IP address, and date of birth help us to:

  • Verify age (we do not knowingly allow children under 13).

  • Detect spam, fraud, or abusive content and, where necessary, suspend offending accounts.

  • Investigate and resolve reports that Content violates our Terms

Automated tools and algorithms may remove Content that violates our Terms. Humans  handle appeals.

3. Customer Support

When you contact hello@archipelago.bio we may view your activity log or account settings to reproduce bugs or answer questions. Access is logged and limited to authorised staff.

4. Service Improvement & Research

Aggregated, anonymised data help us:

  • Measure feature usage, crash rates, and performance.

  • Test new algorithms and design improvements.

  • Produce community insights (e.g. most workouts performed, popular training times etc…).

Where possible we strip identifiers or use differential-privacy techniques before analysis.

5. Communications

We send service e-mails or push notifications to:

  • Confirm account changes or security alerts.

  • Announce material updates to these Terms or our Privacy Policy.

  • Invite feedback or alert you to downtime.

These transactional messages are mandatory for safety and legal compliance; you cannot opt out except by deleting your account.

6. Legal & Compliance

We may retain or disclose information when required to:

  • Honour a court order, subpoena, or other legal mandate.

  • Meet accounting, taxation, or export-control obligations.

  • Enforce our contracts or defend legal claims.

Managing Your Privacy Settings

Email preferences.
Arki will send marketing or social-update emails (e.g., team activity, new followers) only if you have opted in. Each such email includes an “Unsubscribe” link that immediately withdraws your consent. We will still send strictly transactional messages—for example, sign-up verification, password resets, or receipts—when required to operate your account or when you request them.

Push notifications.
Settings to push notifications can be accessed in-app, in profile>settings to silence training alerts, mentions, or new-feature announcements.

Updating Your Account Details

At any time you can correct or update your profile information in-app under profile. Need help? E-mail us at hello@archipelago.bio.

Deleting Your Data

In the app, go to profile>settings>Delete Account to delete your account. After you confirm, all personal data—including backups—will be permanently erased and cannot be recovered. Your activities and leaderboard spots will vanish and your previous workout history will be lost. This change cannot be undone, even if you sign up again.

We may keep limited records if required by law (for example, for tax or fraud-prevention purposes).

Content beyond our control.
Anything you shared publicly or that others copied—such as screenshots, exported GPX files, or posts on social media—may persist after deletion. Search-engine results may also display your former public profile until the search index refreshes.

How We Protect Information

We maintain administrative, technical, and physical safeguards appropriate to the sensitivity of the data we hold. Measures include:

  • encryption of data in transit and at rest;

  • role-based access controls and multi-factor authentication for employees;

  • routine penetration testing and vulnerability scanning; and

  • secure development and change-management procedures.

Despite these efforts, no Internet transmission is ever fully secure.  You are responsible for protecting your own account—for example, by choosing a unique, strong password, not sharing it, and notifying us immediately at hello@archipelago.bio of any suspected breach.

Your Privacy Rights & How to Exercise Them

Depending on where you live, privacy laws may give you one or more of the rights described below. We honour these rights for all users to the extent allowed by law.

  1. Right of Access and Portability
    What this means: You can ask us to confirm whether we hold personal information about you and request a copy of that information in a portable format.
    How to exercise: e-mail hello@archipelago.bio and we will send you a secure download link once we verify your identity.

  2. Right to Correction (Rectification)
    What this means: You may correct inaccurate or incomplete personal information stored in your account.
    How to exercise: Open Profile > Settings to edit your details. If you need help, contact support at the address above.

  3. Right to Deletion (Erasure)
    What this means: You can request permanent removal of your personal information, including your account, activities, and leaderboard positions.
    How to exercise: Select Profile > Settings > Delete Account. Deletion is irreversible; once confirmed, we begin erasing live data immediately and purge backups within 45 days. 

  4. Right to Restrict or Object to Processing
    What this means: You can ask us to stop processing certain data—for example, to halt push notifications—when we rely on legitimate interests as our legal basis.
    How to exercise: Turn off personalised push notifications in Profile > Settings > Notifications.

  5. Right to Lodge a Complaint
    What this means: You may raise concerns with us and, if unresolved, with your local privacy or data-protection authority.
    How to exercise: E-mail hello@archipelago.bio or write to the Privacy Officer at the postal address in the Introduction section. Canadian users may also contact the Office of the Privacy Commissioner of Canada.

We may ask for proof of identity before fulfilling any request and may keep limited records where the law requires (e.g., to prevent fraud or honour tax obligations).

Regional Notices

Canada & Québec

Arki is headquartered in Toronto, Ontario and is subject to PIPEDA. Quebec residents retain all rights under the Québec Act Respecting the Protection of Personal Information in the Private Sector and may bring proceedings in Québec courts.

United States — State Privacy Laws

Residents of California, Colorado, Connecticut, Oregon, Texas, Utah, Virginia, and (from Oct 1 2024) Montana may exercise the same rights listed above. We do not sell personal information for monetary value. 

Cross-Border Transfers

Your data may be processed in Canada, the United States, or other countries where our subcontractors operate. When we move data outside your jurisdiction we rely on recognised transfer mechanisms such as Standard Contractual Clauses or equivalent safeguards.

Data Retention

We keep personal information only as long as necessary to deliver the Services and meet legal obligations. When you delete your account we start an automated purge; live systems erase your data within 45 days, and encrypted backups within 45 days. Aggregated, de-identified metrics (e.g., heat-map tile counts) may be retained for service improvement.

Policy Updates

We may update this Privacy Policy from time to time. Material changes will be announced at least 30 days in advance via e-mail or an in-app banner. Continued use of Arki after the effective date constitutes acceptance of the revised Policy.

Last revised : 20 Jun 2025