Privacy Policy

1. Introduction

This Privacy Policy explains how The Deep Lab, Inc. ("The Deep Lab," "we," "our," or "us") collects, uses, and discloses information about you when you use our Archet platform and other products and services (collectively, the "Services"). Archet is a product of The Deep Lab, Inc. By accessing or using any part of our Services, you acknowledge you have been informed of our practices with regard to your personal information and data.

Archet is a multi-tenant AI agent platform that enables organizations to build, configure, and deploy autonomous AI agents. The platform includes an agent designer, knowledge base management (including website crawling), MCP connector integrations, an embeddable chat widget SDK, human-in-the-loop workflows (escalation, approval, and human takeover), audit logging, source citations, quality monitoring, and analytics tools.

2. Our Privacy Commitments

3. Information We Collect

3.1 Information You Provide to Us

We collect information that you directly provide to us when using the Services:

• Account Information: Name, email address, and authentication credentials when you create an account (processed through Firebase Authentication)
• Organization Details: Company name, team member information, and organization settings (for business accounts)
• Payment Information: Billing details, processed securely through Stripe (for direct web sign-ups) or Shopify Billing (for merchants who install Archet through the Shopify App Store). We do not store credit card numbers.
• Agent Configurations: Agent goals, system prompts, skill definitions, guardrail settings, and tool configurations
• Knowledge Base Content: URLs you provide for website crawling, uploaded documents, and other content used to build agent knowledge bases
• Widget Session Data: Conversations between end customers and your deployed AI agents, including messages, session metadata, and customer identifiers
• Connector Credentials: API keys and OAuth tokens for third-party MCP connector integrations (encrypted with Google Cloud KMS)
• Connector Data: Data accessed through installed connectors during agent conversations, such as product catalogs, order information, and customer records from e-commerce platforms (e.g., Shopify), or workspace data from collaboration tools (e.g., Slack, GitHub)
• Channel Messages: Messages received through inbound channel deployments (such as Slack or WhatsApp) that are routed to your agents for processing
• Communications: Messages you send to us (support requests, feedback, inquiries)
• Approval & Escalation Data: Escalation reasons, approval decisions, reviewer identities, and associated comments
• Quality Assessment Data: Automated quality scores, conversation tags, and compliance flags generated by AI evaluation of widget conversations

3.2 Information We Collect Automatically

When you use our Services, we automatically collect certain technical information:

• Device Information: Device type, operating system, browser type and version
• Log Data: IP address, access times, pages viewed, features used
• Usage Statistics: Agent conversations processed, API calls made, feature usage patterns, and per-call records of AI compute consumed (tokens used, model invoked, computed dollar cost). The compute records are used to enforce plan usage limits and bill metered overage as described in our Terms of Service §5.2.
• Performance Data: Error logs and performance metrics (with PII redacted)
• Location Information: Approximate location based on IP address

3.3 Cookies and Similar Technologies

We and our service providers use cookies, browser localStorage, and similar storage technologies to operate the platform and improve your experience. We use them in three categories:

• Essential — required for sign-in, session continuity, payment processing, and the embeddable chat widget. These cannot be disabled without breaking the platform.
• Analytics — help us understand usage patterns and improve the Service. These are off by default and require your consent.
• No advertising or cross-site tracking — we do not use cookies for advertising, retargeting, or third-party tracking, and we do not sell or share cookie data with advertisers.

When you first visit our site, you will see a cookie consent banner where you can accept all, reject non-essential cookies, or manage your preferences. You can change your choice at any time:

You can also control cookies through your browser settings. Blocking essential cookies may prevent parts of the platform from functioning correctly.

4. How We Use Your Information

• Service Delivery: Operate the platform, execute AI agents, manage your account and organizations
• Agent Execution: Process conversations through your configured AI agents using Anthropic's Claude models
• Knowledge Base: Crawl specified websites and process uploaded documents to build agent knowledge bases
• Widget Sessions: Deliver AI agent conversations to your end customers through the embeddable widget
• Channel Delivery: Process and respond to messages received through inbound channel deployments (Slack, WhatsApp, etc.)
• Connector Execution: Access third-party services on your behalf during agent conversations (e.g., querying product data from Shopify, retrieving information from connected tools)
• Billing: Process payments, manage subscriptions, enforce plan usage limits
• Support: Respond to inquiries, troubleshoot issues
• Security: Detect fraud, prevent abuse, enforce Terms of Service
• Improvement: Improve accuracy and service quality (only with opt-in consent for content data)
• Communication: Send transactional emails (receipts, status updates, security alerts)
• Audit Logging: Record organizational actions in an immutable audit trail for compliance and security
• Quality Monitoring: Automatically evaluate conversation quality using AI to score accuracy, tone, resolution, and safety; flag potential compliance issues for organizational review
• Legal Compliance: Comply with applicable laws and regulations

5. Data Sharing and Disclosure

5.1 With AI Providers

To power AI agent conversations, we send conversation messages, agent system prompts, and relevant knowledge base content to Anthropic's Claude API. This data is processed to generate agent responses. We also use Anthropic's Claude models to automatically evaluate conversation quality, generating scores, tags, and compliance flags. This evaluation data is stored within your organization's account. Anthropic's use of your data is governed by their privacy policy and data processing terms:

• Anthropic: Anthropic Privacy Policy

5.2 With Service Providers

We engage third-party providers to help us operate, secure, and improve the Services. They have access to your information only to perform services on our behalf and are contractually obligated not to disclose or use it for any other purpose. Categories of providers include:

• Cloud infrastructure — compute, storage, database, caching, and key management (Google Cloud Platform, including Firebase Auth)
• Payment processing — Stripe (direct web sign-ups, subscription billing, metered usage charges) and Shopify Billing (for merchants who install Archet through the Shopify App Store)
• AI model providers — Anthropic, as described in Section 5.1
• Channel and connector platforms — third-party services you choose to connect (e.g., Slack, WhatsApp, Shopify, GitHub) so your agents can send and receive messages or read data on your behalf
• Operational tooling — monitoring, error reporting, and customer support tools we use to keep the Services running

5.3 With Organization Owners

Organizations can access all end customer conversations conducted through their deployed agents. If you are an end customer interacting with an agent through an embeddable widget, the organization that deployed that agent can view your conversation history and session data. Organization owners and authorized members can also view audit logs and escalation/approval activity associated with their agents and deployments.

5.4 For Legal Reasons

We may disclose your information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process, or governmental request.

5.5 To Protect Rights and Property

We may disclose your information if we believe it's necessary to protect the rights, property, or safety of The Deep Lab, Inc. (and its Archet Services), our users, or others.

5.6 Business Transfers

In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your information may be transferred.

5.7 We DO NOT Share With

• Third-party advertisers
• Data brokers
• AI training partners (unless you explicitly opt in)

6. Data Security

• Encryption: TLS in transit, encryption at rest for all stored data
• Credential Protection: Connector credentials encrypted with Google Cloud KMS
• Sandboxed Execution: Connector integrations run in isolated containers (Docker/gVisor)
• Access Controls: Role-based access control (owner, admin, member) with JWT authentication
• Domain Allowlists: Widget deployments restricted to authorized domains
• API Key Security: Deployment API keys are hashed and can be rotated

7. Your Rights and Choices

You have the following rights regarding your personal data. Depending on your location, these rights are granted under laws such as GDPR (EU), CCPA (California), and other applicable privacy regulations:

7.1 Access and Portability

You can request a copy of your personal data in a structured, commonly used, and machine-readable format. We will provide your data within 30 days of your request.

7.2 Correction

You can update or correct inaccurate personal information through your account settings or by contacting us.

7.3 Deletion

You can delete your account through the account settings page or by contacting us. Some data may be retained as required by law or for legitimate business purposes:

• Billing records — retained for 7 years for tax and accounting compliance.
• Trial-eligibility records — a record of which paid plans you have previously trialed is retained at the user level (keyed to your user ID) so we can enforce one trial per user per plan. This record persists if you delete your organization but does not include the contents of agent configurations, knowledge base, or conversations from the deleted organization.
• Audit logs — security-relevant events may be retained for compliance and incident investigation.

Outside of those categories, deletion removes your agent configurations, knowledge base content, conversation history, connector credentials, and other Customer Data within 30 days.

7.4 Withdraw Consent

Where we rely on your consent to process your data, you can withdraw that consent at any time. This will not affect the lawfulness of processing before your withdrawal.

7.5 Object to Processing

You can object to processing of your data for direct marketing purposes or on grounds relating to your particular situation.

7.6 No Sale of Personal Data

We do not sell your personal data to third parties for advertising or marketing purposes.

8. Data Retention

9. International Data Transfers

Your data is stored in Google Cloud Platform data centers in the United States. If you are accessing the Services from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States. By using the Services, you consent to the transfer of your data to the United States.

10. Children's Privacy

Archet is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to your registered address
• Prominent notice on our website
• In-app notification

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: