Privacy Policy

How Archipelag.io collects, uses, and protects your personal information.

Last updated: January 26, 2026

This Privacy Policy describes how Archipelag.io (“we”, “us”, or “our”) collects, uses, and shares information about you when you use our website, platform, and services (collectively, the “Services”).

Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your email address, username, and password. If you sign up using GitHub, we receive your GitHub username and email.
  • Payment Information: When you purchase credits, our payment processor (Stripe) collects your payment card details. We do not store full card numbers on our servers.
  • Island Information: If you register as an Island (compute contributor), we collect information about your hardware specifications, IP address, and geographic region.
  • Communications: When you contact us, we collect the information you provide in your messages.

Information Collected Automatically

  • Usage Data: We collect information about how you use our Services, including API calls, Cargo types, and timestamps.
  • Device Information: We collect information about the device you use to access our Services, including browser type, operating system, and device identifiers.
  • Log Data: Our servers automatically record information including your IP address, access times, and pages viewed.
  • Cookies: We use essential cookies to maintain your session and preferences. We do not use third-party tracking cookies.

Information from Islands

When Cargos run on Island machines:

  • Islands receive only the minimum data necessary to execute Cargos
  • All data is encrypted in transit using TLS 1.3
  • Cargos run in isolated containers with no persistent storage
  • Islands cannot access or retain consumer data after Cargo completion

How We Use Your Information

We use the information we collect to:

  • Provide Services: Process your requests, route Cargos, and deliver results
  • Manage Accounts: Create and manage your account, process payments, and handle payouts
  • Improve Services: Analyze usage patterns to improve performance and develop new features
  • Ensure Security: Detect and prevent fraud, abuse, and security threats
  • Communicate: Send service announcements, security alerts, and support messages
  • Comply with Law: Meet legal obligations and respond to lawful requests

How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

With Service Providers

  • Stripe: Payment processing
  • Cloud infrastructure: Hosting and data storage (EU-based)
  • Email services: Transactional email delivery

With Islands

  • Islands receive anonymized Cargo data necessary for execution
  • Islands do not receive your identity, account details, or payment information
  • Geographic routing data is approximate (city-level) only

We may disclose information if required by law, court order, or government request, or to protect rights, safety, or property.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict access controls and authentication for internal systems
  • Monitoring: Continuous security monitoring and intrusion detection
  • Audits: Regular security assessments and penetration testing
  • Incident Response: Documented procedures for security incident handling

Data Retention

  • Account Data: Retained while your account is active, then deleted within 30 days of account closure
  • Usage Logs: Retained for 90 days for operational purposes
  • Payment Records: Retained for 7 years as required by financial regulations
  • Support Communications: Retained for 2 years after resolution

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing of your information
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at hey@archipelag.io.

International Data Transfers

Our primary infrastructure is located in the European Union. If you access our Services from outside the EU, your information may be transferred to, stored, and processed in the EU. We ensure appropriate safeguards are in place for any international transfers.

Children’s Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

For data protection inquiries in the EU, you may also contact your local data protection authority.

This policy is provided for informational purposes. For the legally binding terms, please refer to the Terms of Service.