ArrowAI decision studio
Legal · Arrow

Privacy Policy

Last updated: 2026-07-14

This policy explains what personal data ARROWHNW GROUP LTD ("Arrow", "we") collects when you use the Arrow AI decision and strategy studio, why we collect it, and the rights you have over it.

1. Who is responsible for your data

The data controller is ARROWHNW GROUP LTD, registered office 83 Riverside 83 Riverside, CB5 8HN, England. For any privacy request, contact support@arrowgroup.shop or call +44 7168829006. Arrow is an online-only digital service; we do not operate physical premises for visitors.

2. What we collect

  • Account data: email address, and authentication identifiers when you create an account.
  • Workspace inputs: the goals, situations, options, constraints and reference notes you enter or upload to generate a decision.
  • Generated results: the decisions, matrices, plans, visuals and pitch reels Arrow produces for you.
  • Billing data: subscription plan, billing status and the last four digits and card brand returned by our payment processor. We never receive or store your full card number.
  • Support data: messages you send us and the email address you send them from.
  • Technical data: IP address, device and browser type, and essential/analytics cookie data (see our Cookie Policy).

3. Where the data comes from (collection sources)

Our collection sources are: data you provide directly (workspace user input, account details, support messages), data gathered automatically from your device (technical and cookie data), and data received from our payment processor (billing status and card metadata). We do not buy personal data or scrape it from third parties, and these are the only collection sources we use.

4. Why we use it and our legal bases

  • To provide the service — generate decisions, visuals and exports (legal basis: performance of a contract).
  • To take payment and manage subscriptions (legal basis: performance of a contract).
  • To provide support and respond to you (legal basis: legitimate interests / contract).
  • To secure and improve the service and prevent abuse (legal basis: legitimate interests).
  • Analytics and non-essential cookies (legal basis: your consent, which you can withdraw).
  • To meet legal obligations such as tax and accounting (legal basis: legal obligation).

We do not use your workspace inputs, uploads or generated results to train AI models, and we do not sell your personal data.

5. How we process AI user input, outputs and uploads

Your user input — the goals, situations, options and constraints you type — together with any uploaded reference material (notes, résumé text, project descriptions) is processed to produce your decision and deliverables. When you request a visual or reel, the relevant user input is sent to our third-party AI provider (the model provider named in Section 6) solely to generate the requested output. The AI provider processes this data under contract and is not permitted to use it for its own purposes. Generated results are stored so you can return to them; uploaded reference material is cached for up to 30 days and then cleared. We do not use your user input, uploads or generated results to train any AI model. You can delete a decision or your whole account at any time. See the Content License for ownership terms.

6. Who we share it with

We share limited data with processors who help us run the service, under contract and only as needed:

  • Hosting & delivery: our cloud hosting and content-delivery provider.
  • Payments: Stripe, which processes card payments and stores card details on our behalf.
  • Authentication & database: our backend provider that stores account and lead records.
  • AI provider (AI generation): the third-party AI provider / model provider that renders visuals and reels from your confirmed decision. User input sent to the AI provider for generation is limited to what is needed to produce the requested output, and the AI provider may not reuse it or train on it.
  • Email: our transactional email provider for receipts and support replies.

We may also disclose data where required by law or to protect our rights, users and service.

7. International transfers

Some processors are located outside the UK/EEA. Where data is transferred internationally, we rely on adequacy decisions or Standard Contractual Clauses (and the UK Addendum) to keep your data protected to UK/EU standards.

8. How long we keep it

Account and decision data are kept while your account is active and for a reasonable period afterwards. Uploaded reference material is cleared within 30 days. Billing and tax records are kept for the period required by law (generally up to 6–7 years). Support messages are kept for up to 24 months. We delete or anonymise data when it is no longer needed.

9. Your rights (UK GDPR / EU GDPR)

  • Access a copy of your data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time (e.g. analytics cookies).
  • Complain to the UK Information Commissioner's Office (ICO) or your local EU supervisory authority.

To exercise any right, email support@arrowgroup.shop. We respond within one month.

10. California rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion, to correct it, and to be free from discrimination for exercising these rights. We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. To make a request, email support@arrowgroup.shop.

11. Do Not Sell or Share

We do not sell or share your personal information for cross-context behavioural advertising. There is no opt-out to configure because no such selling or sharing takes place.

12. Automated decisions and children

Arrow produces informational analysis to support your decisions; it does not make legally or similarly significant decisions about you automatically. The service is not for children: it is prohibited for anyone under 13, and users aged 13–17 must have verifiable parental or guardian consent. Arrow is designed for adult career, business and side-project decisions.

13. Security

We use encryption in transit, access controls, and reputable infrastructure providers. Payment card data is handled entirely by our PCI-compliant payment processor. No method of transmission is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a qualifying breach as required.

14. Contact & complaints

Questions or complaints: support@arrowgroup.shop, +44 7168829006, or write to us at 83 Riverside 83 Riverside, CB5 8HN, England. You may also complain to the ICO at ico.org.uk.

ARROWHNW GROUP LTD

83 Riverside 83 Riverside, CB5 8HN, England

support@arrowgroup.shop · +44 7168829006

Governing law: England and Wales