ARVEXI
← Back to Legal

Privacy Policy

Last updated March 1, 2026

Arvexi, Inc. (“Arvexi,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard Personal Data, meaning information that relates to an identifiable individual, when you use our AI-powered lease accounting platform (the “Service”) and visit our website at arvexi.com. This policy also describes your rights under applicable privacy laws.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Name, email address, job title, company name, phone number, and professional details provided during registration, demo requests, or subscription onboarding.
  • Billing Information: Payment method details and billing address processed through our third-party payment processor. Arvexi does not store complete credit card numbers on its systems.
  • Customer Data: Lease documents, financial records, portfolio data, and other materials uploaded to the Service for processing.
  • Communications: Messages, support requests, survey responses, and feedback you send to us through any channel.
  • Social Media Information: Information from interactions with us on LinkedIn, X (formerly Twitter), YouTube, and other social media platforms.

1.2 Information Collected Automatically

  • Log Data: IP addresses, browser type and version, operating system, referring URLs, access timestamps, and request details.
  • Usage Data: Features accessed, query volumes, actions taken, session duration, time spent on specific pages, and interaction patterns within the Service.
  • Device Information: Device type, operating system, unique device identifiers, screen resolution, and language preferences.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies for authentication, session management, analytics, and marketing. See Section 8 for details.

1.3 Information from Third-Party Sources

  • Security Partners: Information about potentially compromised credentials or security threats from trusted security vendors.
  • Marketing Vendors: Business contact information, company details, and professional information from data enrichment providers and event organizers.
  • Publicly Available Information: Professional profiles, company information, and other publicly available data used for sales outreach and service improvement.

2. How We Use Information

We use the information we collect for the following purposes:

  • Service Delivery: Providing, maintaining, and improving the Service, including AI-powered lease document extraction, classification, calculation, and compliance reporting
  • Billing and Account Management: Processing payments, managing subscriptions, and communicating about your account
  • Product Improvement: Analyzing aggregate usage patterns to improve Service performance, reliability, and features
  • Customer Support: Responding to inquiries, resolving issues, and providing technical assistance
  • Security: Detecting, preventing, and responding to fraud, unauthorized access, and security threats
  • Communications: Sending product updates, security alerts, administrative messages, and marketing communications (with your consent where required)
  • Legal Compliance: Fulfilling legal obligations, enforcing our Terms of Service, and responding to lawful requests from authorities

3. How We Share Information

We do not sell your Personal Data. We may share information in the following limited circumstances:

  • Service Providers: Third-party vendors who assist in operating the Service, including cloud infrastructure providers, payment processors, analytics services, customer support tools, and email delivery services. These providers are contractually bound to protect your data and use it only for the purposes we specify.
  • Corporate Affiliates: Arvexi's affiliates and subsidiaries, subject to the same privacy protections described in this policy.
  • Auditor Access: When you grant access through the Auditor Portal, designated auditors can view your lease data, journal entries, and audit trails in read-only mode. This access is controlled by you.
  • Professional Advisors: Attorneys, accountants, and consultants who need access in connection with legal, financial, or compliance matters.
  • Legal Requirements: When required by law, subpoena, court order, or governmental regulation. We will notify you of such disclosures where legally permitted.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets. We will notify affected users before Personal Data is transferred and becomes subject to a different privacy policy.

4. AI and Customer Data

4.1. No Model Training. We do not use Customer Data — lease documents, financial records, Input, or Output, to train, fine-tune, or improve general-purpose AI models. Your data is processed exclusively to deliver the Service to your organization. This commitment is contractually enforceable through our Terms of Service and Security Policy.

4.2. AI Processing. When you upload lease documents, our AI models extract data fields, classify lease types, generate journal entries, and calculate amortization schedules. This processing occurs within our secure infrastructure and is subject to the same data protection controls as all Customer Data.

4.3. Output Review. AI-generated Output includes confidence scores and source citations. We strongly recommend human review of all Output by qualified accounting professionals before reliance in financial reporting.

4.4. Subprocessor Restrictions. Subprocessors involved in AI processing are contractually prohibited from retaining Customer Data beyond the processing session.

5. Data Security

We implement comprehensive security measures to protect your data, including:

  • AES-256 encryption at rest and TLS 1.3 encryption in transit
  • SOC 2 Type II and SOC 1 Type II certified controls
  • ISO 27001 certified information security management
  • Role-based access controls and multi-factor authentication
  • Regular penetration testing by independent third-party firms
  • 24/7 infrastructure monitoring and automated threat detection
  • Tenant isolation at the database level

For complete details, see our Security Policy.

6. Data Retention

We retain Customer Data for the duration of the subscription agreement and for 30 days following termination to allow for data export. After this period, Customer Data is securely deleted from our systems in accordance with our data retention procedures.

Account information and usage data may be retained for up to 3 years after account closure for legitimate business purposes, including analytics, compliance, audit requirements, and dispute resolution. We delete or anonymize this data when it is no longer needed.

We may retain certain information for longer periods as required by law, including for tax, legal, or regulatory compliance purposes.

7. Data Sovereignty and Control

You maintain control over your data within the Service. You decide what to upload, how long to retain it, and when to delete it. The Service provides data lifecycle management tools including:

  • Self-service data export in standard formats
  • Configurable retention policies per lease portfolio
  • On-demand deletion with confirmation
  • Complete audit trail of all data access and modifications

8. Cookies

We use the following categories of cookies and similar technologies:

  • Essential: Required for authentication, session management, security, and core Service functionality. Cannot be disabled.
  • Analytics: Help us understand how users interact with the Service, including page views, feature usage, and navigation patterns. You can opt out through your browser settings or our cookie preference center.
  • Marketing: Used on arvexi.com (not within the Service) to measure campaign effectiveness, attribute conversions, and deliver relevant content. Governed by your consent preferences.

Most browsers allow you to control cookies through settings. Disabling essential cookies may prevent you from using certain Service features.

9. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your Personal Data:

  • Access: Request a copy of the Personal Data we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request that we delete your Personal Data, subject to legal retention requirements
  • Restriction: Request that we restrict processing of your Personal Data in certain circumstances
  • Portability: Receive your Personal Data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing
  • Complaint: Lodge a complaint with your local supervisory authority

To exercise these rights, contact us at privacy@arvexi.com. We will respond within 30 days, or within the timeframe required by applicable law.

10. International Data Transfers

Arvexi processes data primarily in the United States. When we transfer Personal Data outside of your jurisdiction, we rely on appropriate transfer mechanisms, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where available
  • Your explicit consent where applicable

For customers in the European Economic Area (EEA), United Kingdom, or Switzerland, see our Data Processing Agreement for details on transfer safeguards.

11. Jurisdiction-Specific Provisions

11.1 European Economic Area, UK, and Switzerland

We process Personal Data on the following legal bases: (a) performance of a contract; (b) compliance with legal obligations; (c) your consent; and (d) our legitimate interests, including operating and improving the Service, ensuring security and fraud prevention, and personalizing user experience. You have the right to object to processing based on legitimate interests.

11.2 California (CCPA/CPRA)

California residents have additional rights under the CCPA and CPRA, including the right to know what Personal Data is collected, the right to delete, the right to correct, and the right to opt out of the sale or sharing of Personal Data. Arvexi does not sell Personal Data for monetary consideration. We may share information for targeted advertising purposes; you may opt out by contacting us at privacy@arvexi.com or using our opt-out mechanism on arvexi.com.

11.3 Canada

We collect, use, and disclose Personal Data with your consent or as otherwise permitted by applicable Canadian privacy law. You may withdraw consent at any time, subject to legal or contractual limitations. You have the right to access and correct your Personal Data. Residents of Quebec have additional rights including data portability.

12. Children's Privacy

The Service is not directed toward individuals under 18 years of age. We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from a child, we will take steps to delete it promptly. If you believe we have inadvertently collected such information, please contact us at privacy@arvexi.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will provide notice of material changes by email or through the Service at least 15 days before they take effect. Continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact Us

For questions about this Privacy Policy, to exercise your rights, or for any privacy-related concerns, contact us at:

Arvexi, Inc.
Attn: Privacy Team
privacy@arvexi.com

Unlock AI-Powered Lease Accounting for Your Firm

Request a Demo