Legal
Privacy Policy
Effective: April 7, 2026 · Last updated: April 7, 2026
This Privacy Policy explains how Archergate ("we", "us") collects, uses, and protects your information when you use the Archergate platform.
1. Information We Collect
Account data: Email address, username, password (hashed), account type, and optional profile information (display name, avatar, bio).
Survey data: Role-specific information you provide during registration (DAWs, genres, software type, languages, team size).
Transaction data: Purchase history, license keys, payment amounts. Payment card details are processed and stored by Stripe — we never see or store your card number.
Usage data: License activations, machine fingerprints (for machine-binding), and platform interactions.
Technical data: IP address (for rate limiting and security), browser type, and access timestamps.
2. How We Use Your Information
- Account management: Authentication, authorization, and account features.
- Transactions: Processing purchases, delivering license keys, managing refunds and disputes.
- License validation: Verifying license keys and machine-bound activations.
- Communication: Transactional emails (license keys, receipts, dispute updates), and platform notifications.
- Security: Rate limiting, fraud detection, and abuse prevention.
- Platform improvement: Aggregated, anonymized analytics to improve the marketplace.
3. Information Sharing
We do not sell your personal information. We share data only with:
- Stripe: Payment processing. Subject to Stripe's Privacy Policy.
- Developers: Your email address is shared with the developer when you purchase their product (for license delivery and support).
- Turso (database provider): Stores your data. Subject to their privacy policy.
- Resend (email provider): Sends transactional emails. Subject to their privacy policy.
- Law enforcement: If required by law or to protect our rights.
4. Machine Fingerprints
When you activate a license, the Archergate SDK collects a machine fingerprint (a hash derived from hardware identifiers). This fingerprint:
- Is a one-way hash — we cannot reverse it to identify your hardware.
- Is used solely to enforce machine-bound licensing.
- Is not shared with third parties.
5. Data Retention
- Account data: Retained while your account is active. Deleted upon request.
- Transaction records: Retained for 7 years for tax and legal compliance.
- License activations: Retained while the license is active. Machine fingerprints are deleted when a license is deactivated.
- Security logs: IP addresses in rate-limiting are held in memory only and not persisted.
6. Your Rights
You can:
- Access your data through your dashboard.
- Update your profile information in account settings.
- Delete your account by contacting hello@archergate.io. We will delete your account data within 30 days, except where retention is legally required.
- Export your data by contacting us.
7. Cookies
We use a single session cookie (ag_session) for authentication. It is:
- HttpOnly and Secure (not accessible to JavaScript, transmitted only over HTTPS).
- SameSite=Lax (prevents cross-site request forgery).
- Not used for tracking or advertising.
We do not use third-party tracking cookies or analytics services that set cookies.
8. Security
We protect your data with: HTTPS encryption, HMAC-signed session tokens, bcrypt password hashing, rate limiting, and Stripe's PCI-compliant payment processing. No system is 100% secure — if you discover a vulnerability, please report it to security@archergate.io.
9. Children
Archergate is not intended for children under 16. We do not knowingly collect data from children.
10. Changes
We may update this policy. Material changes will be communicated via email 30 days in advance.
11. Contact
Privacy questions: hello@archergate.io