Privacy Policy

Document version: v0.1 — placeholder, pending DPO review Last review: 2026-05-02

> ⚠️ Placeholder per RELEASE_CHECKLIST.md § R0-3. Each jurisdiction needs a > tailored annex: NL — AVG, DE — DSGVO, PL — RODO, UA — ЗУ № 2297-VI.

1. Controller

The data controller is identified at /legal/offer. DPO contact: privacy@archi.sulerr.com.

2. Data we collect

• Brief details: plot, building parameters, preferences (technical data).
• Contact: name, email, optional phone.
• Account: magic-link auth, session cookie.
• Usage telemetry: aggregated, no third-party trackers by default.

3. Lawful basis (GDPR Art. 6)

• Performance of a contract — to deliver the CP and project documentation.
• Legal obligation — record-keeping for permits and consumer protection.
• Legitimate interest — service security and abuse prevention.
• Consent — marketing emails (opt-in only).

4. AI processing

Brief content may be processed by Anthropic (Claude API, EU region) under a data-processing agreement. We do not allow training on customer data per the Anthropic Zero-Data-Retention provisions for our enterprise tier.

5. Retention

• Active project: until completion plus the local statutory archival period.
• Inactive accounts: 24 months, then anonymised.
• Logs: 90 days.

6. Your rights

Access, rectification, erasure, portability, objection, withdrawal of consent. Use /lk/data for self-service export and erasure requests.

7. International transfers

EU↔UA transfers under Article 49 GDPR adequacy assessment; full text in the local annex.

8. Complaints

You may complain to the supervisory authority of your habitual residence (NL: AP; DE: BfDI; PL: UODO; UA: Уповноважений ВРУ з прав людини).