Privacy Policy

This Privacy Policy explains how ArchAdemia Ltd ("we", "us", "our") collects, uses, discloses, and safeguards your personal data when you access or use our Service. This policy is intended for UK/EU Users; if you are in another jurisdiction additional rights may apply.

1. Data Controller

ArchAdemia Ltd, company no. 13602105, registered address Independence House, 6 Tapton Way, Liverpool, Merseyside, United Kingdom, L13 1DA, is the data controller for the purposes of the UK GDPR / UK Data Protection Act 2018 and applicable EU data protection laws.

2. What Information We Collect

We collect the following types of personal information (depending on how you use the Service):

2.1 Account / registration data

Name, email address, username, password, billing information, country of residence, payment method details (but not full card numbers).

2.2 Subscription and entitlement data

Subscription status (e.g., trial/annual), renewal dates, cancellation status, and feature entitlements, including AI Credit balances and AI Credit usage history.

2.3 Usage data

Date/time of access, login history, service usage (which courses or tools you access), IP address, device information, browser and network data.

2.4 Profile data

Optional profile information you provide such as job role (architecture student, junior architect, BIM manager etc), profile photo or avatar, biography, projects posted via Drawing Board.

2.5 User Content

Any User Content you post via the Drawing Board (projects, comments, messages).

2.6 Communications data

Correspondence with us (via email, in-app messages), support requests.

2.7 Tool output / interaction data (including AI)

Data related to your use of CORB or other Tools (for example: inputs you give, outputs generated, usage metrics, and AI Credit consumption). Your AI prompts/inputs may include text you type, questions you ask, and any context you choose to provide.

2.8 Marketing & preferences

Your communication preferences, marketing consent, newsletter subscription.

2.9 Cookies & similar technologies

We use cookies and tracking technologies to analyse usage, personalise your experience and for analytics. See section 12 for full details on our cookie consent mechanism and the choices available to you.

2.10 Advertising attribution data

When you arrive at our site via an advertising link, we collect advertising click identifiers (such as Google Ads click IDs, Meta click IDs, and Microsoft Ads click IDs), UTM campaign parameters, the page you landed on, your referring URL, and your approximate country (derived from your IP address — we do not store your full IP address). This data is stored server-side and may be linked to your account if you subsequently register or log in.

2.11 App Store purchase and consumption data

When you make purchases through the Apple App Store, we may collect and process data about your usage and consumption of purchased content. This may include details such as how long you have been subscribed, the degree to which purchased content has been accessed, and your purchase history within the app.

2.12 Children / parental consent

Parental Consent (for 16–17-year-olds): If you are between 16 and 18, we may request verification of parental/guardian consent before full account activation. We do not knowingly collect data from children under 16.

3. Purposes & Legal Bases for Processing

We process your personal data for the following purposes:

• to register and administer your account (legal basis: performance of contract)
• to provide the Service (including access to Content, the CORB Tool, Drawing Board, Tools) (legal basis: performance of contract)
• to carry out billing, payments and subscriptions (legal basis: performance of contract)
• to administer Free Trials, renewals, and your subscription entitlements (including AI Credits) (legal basis: performance of contract)
• to monitor, analyse and improve the Service (legal basis: legitimate interest)
• to send you service-related notices, updates and administrative messages (legal basis: performance of contract or legitimate interest)
• to send marketing communications (where you have consented) (legal basis: consent)
• to send a small number of reminder emails (maximum 2) if you begin but do not complete the signup process, to help you complete your registration (legal basis: legitimate interest). You can opt out of these reminders at any time by clicking the unsubscribe link in the email, by checking the opt-out box during signup, or by contacting us
• to personalise your experience, recommend content, use profiling/analytics (legal basis: legitimate interest)
• to measure the effectiveness of our advertising campaigns by matching ad clicks to sign-ups and purchases, and to report conversion data to advertising platforms including Google Ads and Meta (legal basis: legitimate interest)
• to detect and prevent fraud, unauthorised access or misuse (legal basis: legitimate interest)
• to enable user-to-user interactions on the Drawing Board and maintain the community (legal basis: legitimate interest)
• to process your interactions with the CORB Tool and other Tools (legal basis: performance of contract, legitimate interest)
• for compliance with child-protection and age-verification obligations (legal basis: legal obligation, legitimate interest)

4. Community Content & Moderation

To protect the ArchAdemia community, we may monitor and process Drawing Board posts for moderation, safety and compliance with our Terms and Community Guidelines.

We use a mix of automated filters and human moderation. Any flagged data may be reviewed manually.

This processing is based on our legitimate interest in maintaining a safe environment and complying with legal obligations.

5. AI Tools – Third-Party Processing and Retention

5.1 How our AI tools work

ArchAdemia offers several AI-powered tools including CORB (AI chat assistant), Nano Banana (image generation), Vectorizer (sketch-to-CAD conversion), Site Analysis (automated site reports), CV Export (cover letter generation), and others. When you use these tools, your inputs — such as text prompts, uploaded images, or design briefs — are sent to third-party AI services to generate outputs for you.

5.2 Third-party AI processors

Anthropic — Powers CORB (AI chat), cover letter generation, portfolio assistance, site analysis summaries, concept massing, and other text-based AI features. Your text inputs and the resulting outputs are processed by Anthropic's API. Anthropic states that it does not use API inputs or outputs to train its models unless you explicitly opt in. Anthropic Commercial Terms.

Google Gemini — Powers image generation in the Nano Banana tool. Your text prompts and generation parameters are processed by Google's Gemini API. Images you generate are returned to you and are not stored or shared publicly by ArchAdemia. Google Generative AI Terms of Service.

OpenAI — Provides text-to-speech for CORB's voice feature. Text submitted for voice synthesis is processed by OpenAI's API. OpenAI Privacy Policy.

Recraft — Powers the Vectorizer tool's image-to-vector conversion. Images you upload (such as sketches or drawings) are processed by Recraft's API to produce vector outputs. Recraft Privacy Policy.

5.3 Retention

Anthropic states that for API users it automatically deletes inputs and outputs within 30 days, except in limited circumstances (e.g., if needed to enforce usage policy or required by law). Google, OpenAI and Recraft each process data in accordance with their respective terms linked above. We encourage you to review those policies directly.

5.4 Important user guidance

Please do not submit:

• confidential client information (unless you have a lawful basis and permission)
• personal data about third parties without lawful basis
• special category data unless strictly necessary and lawful

6. Third-Party Data Processors

In addition to the AI processors listed in section 5, we use the following third-party services to operate the platform. We only share data necessary for each service to perform its function, and each operates under its own privacy and data processing terms.

6.1 Supabase (Database, Authentication & Storage)

Supabase provides our database, user authentication and file storage infrastructure. All account data, course progress, user-generated content and uploaded files are stored via Supabase. Supabase Privacy Policy.

6.2 Stripe (Payments & Billing)

Stripe processes all payments, subscriptions and billing on the platform. Data transmitted includes your email address, billing details, payment method information and subscription status. We do not store full card numbers. Stripe Privacy Policy.

6.3 Brevo (Email Communications)

Brevo (formerly Sendinblue) handles our transactional and marketing emails, including purchase confirmations, account notifications and abandoned cart reminders. Data transmitted includes your name and email address. Brevo Privacy Policy.

6.4 Cloudflare Stream (Video Delivery)

Course video content is hosted and delivered via Cloudflare Stream. Standard viewing data (such as video requests and playback quality metrics) is processed by Cloudflare. Cloudflare Privacy Policy.

6.5 Pusher (Real-Time Features)

Pusher provides real-time messaging for live chat and notification features. Chat messages and user identifiers are transmitted through Pusher's servers during live sessions. Pusher Privacy Policy.

6.6 CloudConvert (File Conversion)

CloudConvert converts vector files (SVG) to CAD-compatible formats (DWG/DXF) when you use the Vectorizer export feature. Your design files are transmitted to CloudConvert for processing. CloudConvert Privacy Policy.

6.7 Mapbox & MapTiler (Maps)

The Site Analysis tool uses Mapbox and MapTiler to display interactive maps. Map interactions and location coordinates you search for are transmitted to these services. Mapbox Privacy Policy · MapTiler Privacy Policy.

6.8 OpenRouteService (Travel-Time Analysis)

The Site Analysis tool uses OpenRouteService to calculate walking and cycling travel-time isochrones. Location coordinates are transmitted to generate travel-time maps. OpenRouteService Terms of Service.

6.9 OpenStreetMap Nominatim (Geocoding)

Address searches in the Site Analysis tool are processed by OpenStreetMap's Nominatim geocoding service. Addresses or coordinates you enter are transmitted to resolve locations. OpenStreetMap Foundation Privacy Policy.

6.10 DEFRA UK-AIR (Air Quality Data)

The Site Analysis tool retrieves air quality data and Air Quality Management Area boundaries from DEFRA's UK-AIR service. Site coordinates are transmitted to fetch local environmental data. This is a UK Government open data service.

6.11 Discourse (Community Forum)

Our community forum is powered by Discourse. When you access the forum, your user ID, email address, username and profile image are shared via single sign-on (SSO) to authenticate your forum account. Discourse Privacy Policy.

6.12 RevenueCat (Mobile Subscriptions)

RevenueCat manages in-app purchases and subscription status for our mobile app. Your user ID, subscription status and purchase history are transmitted to synchronise your membership across platforms. RevenueCat Privacy Policy.

6.13 Vercel (Hosting & Web Analytics)

The platform is hosted on Vercel. Vercel processes standard web request data and provides web performance analytics (Core Web Vitals). Vercel Privacy Policy.

7. Disclosure / Sharing of Personal Data

We may disclose your personal data to:

• our service providers and subcontractors (payment processors, hosting providers, analytics providers, advertising platforms, app store operators) — only as necessary and under contractual protections
• other Users via the Drawing Board in relation to your profile or content you have chosen to share publicly
• legal or regulatory authorities where required by law or to protect our rights
• third parties in connection with a business restructuring, sale or merger, subject to appropriate safeguards
• in anonymised or aggregated form (which cannot reasonably identify you)

We do not sell your personal data to third parties for their own marketing purposes.

8. International Users & Data Transfers

If you reside in the European Union, EEA or other jurisdictions with additional privacy rights, you may exercise these in accordance with local law.

For EU residents, ArchAdemia complies with the UK GDPR and, where applicable, the EU GDPR.

We maintain appropriate safeguards for international data transfers (Standard Contractual Clauses or equivalent).

9. Data Retention

We will retain your personal data for as long as necessary to fulfil the purposes described in this Policy (including the period your account is active) and to comply with our legal obligations (for example tax/accounting records). When your account is closed we will delete or anonymise your personal data in accordance with our retention policy.

10. Security

We implement appropriate technical and organisational measures to protect your personal data. However, no system is entirely secure, and we cannot guarantee absolute security; you are responsible for maintaining the security of your account credentials.

11. Refunds & Payment Information

Payment processing is handled by third-party providers (e.g. Stripe, PayPal).

We do not store full payment card details.

Refunds, where applicable, are managed in accordance with our Terms & Conditions refund policy.

11.1 Apple App Store refund processing

When you make purchases through the Apple App Store, we may share data about your usage and consumption of purchased content with Apple to help process refund requests. This information may include details such as how long you have been subscribed, the degree to which purchased content has been accessed, and your purchase history. This data is shared in compliance with Apple's App Store policies and only as necessary to process refund requests.

12. Cookies & Tracking Technologies

12.1 Cookie consent

When you first visit our site, a cookie banner allows you to accept or reject non-essential cookies. Your preference is stored in a cookie called archademia_consent (valid for one year). You can change your preference at any time by clearing this cookie from your browser.

12.2 Essential cookies

These are required for the site to function and cannot be disabled. They include authentication session cookies and the consent preference cookie itself.

12.3 Analytics cookies (requires consent)

If you accept analytics cookies, we use Google Analytics (GA4) and Microsoft Clarity for usage analysis and session recording. These are only loaded after you give consent.

12.4 Marketing cookies (requires consent)

If you accept marketing cookies, we load Google Tag Manager and the Meta Pixel for advertising measurement and remarketing. These are only loaded after you give consent.

12.5 Server-side conversion measurement

Separately from browser-based cookies, we operate server-side conversion measurement. When a purchase or subscription event occurs, we send conversion data (transaction value, hashed email address, and the original advertising click identifier if one was captured) to Google Ads and Meta via their respective server APIs. This processing is based on our legitimate interest in measuring advertising effectiveness and operates independently of your cookie consent preference, as it does not use cookies or run in your browser. You may object to this processing at any time by contacting us at hello@archademia.com.

12.6 Google Consent Mode v2

We implement Google Consent Mode v2. When you decline cookies, Google receives anonymised, cookieless signals that allow it to model conversions without identifying you. When you accept, full measurement is enabled.

13. Your Rights

If you are a UK/EU resident you have certain rights under data protection law, including:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten") in certain circumstances
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent for marketing at any time
• Right to lodge a complaint with the UK Information Commissioner's Office (ICO) or relevant supervisory authority

14. Children

Users must be at least 16 years of age.

For users aged 16–17, parental or guardian consent is required.

We do not knowingly collect data from persons under 16; if such data is discovered it will be promptly deleted.

15. Changes to the Privacy Policy

We may change this Privacy Policy from time to time. We'll notify you by posting the updated policy on the Service and indicating the date of revision. Your continued use of the Service after changes constitutes your acceptance of the revised policy.