Privacy Policy

1. Introduction

Archived-It ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our message archiving service.

2. Information We Collect

2.1 Information You Provide

When you register for Archived-It, we collect:

• Company information (name, address, business registration)
• User information (name, email, phone number, job title)
• Payment information (processed by third-party payment processors)
• Configuration preferences

2.2 Archived Communications

As a compliance archiving service, we collect and store:

• WhatsApp message content
• Message metadata (timestamps, sender, recipient, phone numbers)
• Attachments (images, documents, videos, voice notes)
• Group information and participant lists

2.3 Usage Information

We automatically collect:

• Access logs (user ID, timestamp, IP address, action performed)
• Search queries and filters used
• System usage patterns and performance metrics
• Device information and browser type

3. How We Use Your Information

We use collected information to:

• Provide the Service: Archive messages, enable search, and facilitate regulatory compliance
• Maintain Security: Detect fraud, abuse, and security incidents
• Ensure Compliance: Meet financial services regulations (FINRA, SEC, MAS, HKMA, etc.)
• Improve the Service: Analyze usage patterns and enhance features
• Customer Support: Respond to inquiries and provide technical assistance
• Legal Obligations: Comply with applicable laws and regulatory requests

4. Data Retention

We retain data according to regulatory requirements and your subscription:

• Archived Messages: Minimum 7 years from message date (HKMA/SFC requirement)
• Audit Logs: 7 years from log creation
• Account Information: Duration of subscription plus 30 days
• Backups: 90 days rolling backup retention

Upon account termination, data is retained per compliance requirements, then securely deleted.

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information or archived messages.

5.2 Limited Sharing

We may share information with:

• Service Providers: Cloud hosting (AWS/Azure), payment processing, email delivery - all under strict confidentiality agreements
• Regulators: When required by law or regulatory inquiry (FINRA, SEC, MAS, HKMA, etc.)
• Legal Requirements: Court orders, subpoenas, or legal processes
• Business Transfers: In the event of merger or acquisition, with continued privacy protection

5.3 Company Isolation

Your data is completely isolated from other customers. No cross-company access occurs.

6. Data Security

We implement enterprise-grade security measures:

6.1 Encryption

• At Rest: AES-256 encryption for all stored data
• In Transit: TLS 1.3 for all network communications
• Backups: Encrypted with separate encryption keys
• WhatsApp: End-to-end encryption preserved from source

6.2 Access Controls

• Role-Based Access Control (RBAC) - Admin, Staff, Compliance roles
• Multi-Factor Authentication (MFA) available
• Session management with automatic timeouts
• IP whitelisting for administrative access

6.3 Infrastructure Security

• SOC 2 Type II compliance ready
• ISO 27001 security management ready
• Regular penetration testing and vulnerability assessments
• 24/7 security monitoring and intrusion detection
• Automated backups with disaster recovery plan

6.4 WORM Storage

Archived messages use Write Once, Read Many (WORM) storage, ensuring immutability and tamper-proof compliance.

7. Your Privacy Rights

7.1 General Rights

You have the right to:

• Access: Request copies of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion (subject to regulatory retention requirements)
• Export: Download your data in machine-readable format (CSV, JSON)
• Restriction: Request limitations on processing
• Objection: Object to certain processing activities

7.2 Regulatory Compliance Limitations

Important: Financial services regulations (FINRA, SEC, MAS, HKMA, Bank Negara) require 5-7 year retention of business communications. We cannot delete archived messages during the retention period, even upon request. This is a legal requirement, not our choice.

7.3 GDPR Rights (European Users)

If you are in the European Union, you have additional rights under GDPR:

• Right to be informed about data processing
• Right to data portability
• Right to object to automated decision-making
• Right to lodge a complaint with supervisory authority

7.4 Exercising Your Rights

To exercise any privacy rights, contact us at privacy@archivedit.online. We will respond within 30 days.

8. Cookies and Tracking

8.1 Essential Cookies

We use cookies essential for service functionality:

• Authentication tokens (session management)
• Security tokens (CSRF protection)
• Preferences (language, timezone)

8.2 Analytics

We may use analytics tools to understand service usage and improve performance. You can opt-out via browser settings.

8.3 Third-Party Cookies

We do not use third-party advertising cookies. Any third-party cookies are limited to essential service providers (e.g., payment processing).

9. International Data Transfers

Archived-It operates globally. Data may be transferred to and stored in:

• United States (AWS US regions)
• European Union (AWS EU regions)
• Asia-Pacific (AWS Singapore, Hong Kong regions)

You may choose your hosting region during signup. All transfers comply with applicable data protection laws and use Standard Contractual Clauses where required.

10. Children's Privacy

Archived-It is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has provided information, contact us immediately at privacy@archivedit.online.

11. Third-Party Services

We integrate with third-party services:

• WhatsApp Business API (Meta Platforms) - Message archiving
• AWS/Azure - Cloud hosting and storage
• Stripe/PayPal - Payment processing

These services have their own privacy policies. We recommend reviewing them.

12. Data Breach Notification

In the unlikely event of a data breach:

• We will notify affected users within 72 hours
• We will notify relevant regulatory authorities as required
• We will provide details of the breach, impact, and remediation steps
• We maintain cyber liability insurance

13. Business Transfers

If Archived-It is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and prominent notice on our website 30 days before any transfer. The acquiring entity must honor this Privacy Policy.

14. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in our practices
• New regulatory requirements
• Feature additions

We will notify you of material changes via:

• Email to registered account email
• Prominent notice on login page
• In-app notification

Continued use after notification constitutes acceptance of changes.

15. Contact Information

For privacy-related questions or concerns:

We will respond to all privacy inquiries within 30 days.

16. Regulatory Compliance

This Privacy Policy complies with:

• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - United States
• PDPA (Personal Data Protection Act) - Singapore
• PDPO (Personal Data (Privacy) Ordinance) - Hong Kong
• PDPA (Personal Data Protection Act) - Malaysia

17. Consent

By using Archived-It, you consent to:

• Collection and processing of information as described
• Storage of archived messages for 7-year retention period
• Use of cookies for essential service functionality
• International data transfers to your selected region

You may withdraw consent by closing your account, subject to regulatory retention requirements for archived business communications.

---

Effective Date: January 4, 2026
Version: 1.0
Jurisdiction: Hong Kong
Return to Home