Data Processing & Security Overview

This section is for transparency, especially if anyone (e.g., schools later) asks how we handle data.

1. Roles

  • Arqive Solutions (Lexicon) = Data Controller for end-users.
  • Selected vendors (Supabase, Resend, AI providers, etc.) act as Data Processors or independent controllers (payments/analytics).

2. Processing Activities

  • Account creation & authentication
  • Voice capture, analysis, and scoring
  • Progress tracking
  • Subscription management & billing
  • Security logging & incident monitoring
  • Analytics and product improvement (primarily aggregated/anonymised)

3. Security Measures (Examples)

  • HTTPS/TLS encryption in transit.
  • Encrypted storage at reputable cloud providers.
  • Limited personnel access to production data.
  • API keys and secrets stored in environment variables (not in source control).
  • Regular updates and monitoring.

4. Sub-processors

Our current subprocessors include:

  • Supabase (hosting, auth, DB)
  • Resend (email)
  • Polar.sh (payments)
  • AI model providers (for audio/feedback)
  • Analytics providers

5. Data Subject Requests

Users can contact arqive.solutions.app@gmail.com or use in-app controls to:

  • Access or export their data.
  • Delete their account.
  • Withdraw consent (where relevant).