Privacy Policy

Effective Date: February 11, 2026

1. Introduction

This Privacy Policy explains how The Deep Lab, Inc. ("The Deep Lab," "we," "our," or "us") collects, uses, and discloses information about you when you use our Archet platform and other products and services (collectively, the "Services"). Archet is a product of The Deep Lab, Inc. By accessing or using any part of our Services, you acknowledge you have been informed of our practices with regard to your personal information and data.

Archet is a multi-tenant AI agent platform that enables organizations to build, configure, and deploy autonomous AI agents. The platform includes an agent designer, knowledge base management (including website crawling), MCP connector integrations, an embeddable chat widget SDK, and analytics tools.

2. Our Privacy Commitments

Key Privacy Principles

  • We do not sell your personal data to third parties
  • We do not use your content to train AI models without explicit opt-in consent
  • Organization users control their own data and can delete their account at any time
  • End customer conversation data is owned and controlled by the deploying organization
  • Knowledge base content is crawled only from URLs explicitly provided by the organization
  • No third-party advertising cookies or tracking

3. Information We Collect

3.1 Information You Provide to Us

We collect information that you directly provide to us when using the Services:

  • Account Information: Name, email address, and authentication credentials when you create an account (processed through Firebase Authentication)
  • Organization Details: Company name, team member information, and organization settings (for business accounts)
  • Payment Information: Billing details (processed securely through Stripe, our payment processor — we do not store credit card numbers)
  • Agent Configurations: Agent goals, system prompts, skill definitions, guardrail settings, and tool configurations
  • Knowledge Base Content: URLs you provide for website crawling, uploaded documents, and other content used to build agent knowledge bases
  • Widget Session Data: Conversations between end customers and your deployed AI agents, including messages, session metadata, and customer identifiers
  • Connector Credentials: API keys and OAuth tokens for third-party MCP connector integrations (encrypted with Google Cloud KMS)
  • Communications: Messages you send to us (support requests, feedback, inquiries)

3.2 Information We Collect Automatically

When you use our Services, we automatically collect certain technical information:

  • Device Information: Device type, operating system, browser type and version
  • Log Data: IP address, access times, pages viewed, features used
  • Usage Statistics: Agent conversations processed, API calls made, feature usage patterns
  • Performance Data: Error logs and performance metrics (with PII redacted)
  • Location Information: Approximate location based on IP address

3.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our Services:

  • Essential Cookies: Required for authentication, session management, and security
  • Analytics Cookies: Help us understand usage patterns and improve the Service (opt-out available)
  • No Advertising Cookies: We do not use cookies for third-party advertising or tracking

What We DON'T Collect:

  • We do not independently collect personal information from end customers beyond what is transmitted through widget conversations
  • We do not collect information from individuals under 18 years of age
  • We do not collect data from sources other than you and your use of the Services

4. How We Use Your Information

  • Service Delivery: Operate the platform, execute AI agents, manage your account and organizations
  • Agent Execution: Process conversations through your configured AI agents using Anthropic's Claude models
  • Knowledge Base: Crawl specified websites and process uploaded documents to build agent knowledge bases
  • Widget Sessions: Deliver AI agent conversations to your end customers through the embeddable widget
  • Billing: Process payments, manage subscriptions, enforce plan usage limits
  • Support: Respond to inquiries, troubleshoot issues
  • Security: Detect fraud, prevent abuse, enforce Terms of Service
  • Improvement: Improve accuracy and service quality (only with opt-in consent for content data)
  • Communication: Send transactional emails (receipts, status updates, security alerts)
  • Legal Compliance: Comply with applicable laws and regulations

AI Model Training

We will NOT use your agent configurations, knowledge base content, conversation data, or other content to train AI models (ours or third-party) unless you explicitly opt in.

Limited exceptions where we may review your data:

  • Security review: When our automated systems flag potential security issues or Terms violations
  • Explicit feedback: When you explicitly report an error or submit feedback about agent behavior
  • Opt-in improvement: If you explicitly consent to allow your data to be used for service improvement

AI agent responses are generated by Anthropic's Claude models. We configure Anthropic to not use your data for training their models. Please refer to Section 5 for how data is shared with AI providers.

5. Data Sharing and Disclosure

5.1 With AI Providers

To power AI agent conversations, we send conversation messages, agent system prompts, and relevant knowledge base content to Anthropic's Claude API. This data is processed to generate agent responses. Anthropic's use of your data is governed by their privacy policy and data processing terms:

5.2 With Service Providers

We work with third-party service providers to help us operate, provide, improve, and secure our Services:

  • Cloud Hosting: Google Cloud Platform (Cloud Run, Cloud SQL, Cloud Storage, Memorystore)
  • Authentication: Firebase Auth (user authentication and session management)
  • Payment Processing: Stripe (billing and subscription management)
  • Key Management: Google Cloud KMS (encryption of connector credentials)

These providers have access to your information only to perform services on our behalf and are obligated not to disclose or use it for any other purpose.

5.3 With Organization Owners

Organizations can access all end customer conversations conducted through their deployed agents. If you are an end customer interacting with an agent through an embeddable widget, the organization that deployed that agent can view your conversation history and session data.

5.4 For Legal Reasons

We may disclose your information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process, or governmental request.

5.5 To Protect Rights and Property

We may disclose your information if we believe it's necessary to protect the rights, property, or safety of The Deep Lab, Inc. (and its Archet Services), our users, or others.

5.6 Business Transfers

In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your information may be transferred.

5.7 We DO NOT Share With

  • Third-party advertisers
  • Data brokers
  • AI training partners (unless you explicitly opt in)

6. Data Security

  • Encryption: TLS in transit, encryption at rest for all stored data
  • Credential Protection: Connector credentials encrypted with Google Cloud KMS
  • Sandboxed Execution: Connector integrations run in isolated containers (Docker/gVisor)
  • Access Controls: Role-based access control (owner, admin, member) with JWT authentication
  • Domain Allowlists: Widget deployments restricted to authorized domains
  • API Key Security: Deployment API keys are hashed and can be rotated

7. Your Rights and Choices

You have the following rights regarding your personal data. Depending on your location, these rights are granted under laws such as GDPR (EU), CCPA (California), and other applicable privacy regulations:

7.1 Access and Portability

You can request a copy of your personal data in a structured, commonly used, and machine-readable format. We will provide your data within 30 days of your request.

7.2 Correction

You can update or correct inaccurate personal information through your account settings or by contacting us.

7.3 Deletion

You can delete your account through the account settings page. You can also request deletion of your personal data by contacting us. Note that some data may be retained as required by law or for legitimate business purposes (e.g., billing records).

7.4 Withdraw Consent

Where we rely on your consent to process your data, you can withdraw that consent at any time. This will not affect the lawfulness of processing before your withdrawal.

7.5 Object to Processing

You can object to processing of your data for direct marketing purposes or on grounds relating to your particular situation.

7.6 No Sale of Personal Data

We do not sell your personal data to third parties for advertising or marketing purposes.

To exercise these rights, contact us at:

Email: legal@thedeeplab.ai

We will respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reason for it.

8. Data Retention

Data TypeRetention Period
Account DataUntil account deletion
Agent ConfigurationsUntil deleted by organization
Knowledge Base ContentUntil deleted by organization
Widget ConversationsPer organization plan settings
Billing Records7 years (compliance)

9. International Data Transfers

Your data is stored in Google Cloud Platform data centers in the United States. If you are accessing the Services from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States. By using the Services, you consent to the transfer of your data to the United States.

10. Children's Privacy

Archet is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on our website
  • In-app notification

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

If you have any questions about this Privacy Policy, please contact us at legal@thedeeplab.ai

The Deep Lab, Inc.
San Francisco, CA, USA

Last updated: February 11, 2026