Archively.AIArchives Made Intelligent
Start free
Legal

Privacy Policy

Effective date: 22 May 2026 Version: 1.0

Archively is built for institutions that hold sensitive historical and cultural material. We treat our customers' data, and the personal information of their users, with the seriousness the work requires. This policy explains what we collect, how we use it, and the rights you have.

1. Who is responsible for your data

Archively is operated by Sharpian (샤피안), a sole proprietorship registered in the Republic of Korea ("Sharpian", "we", "us", "our"). For personal data we handle as a controller, Sharpian is the data controller. Business registration details are available on request.

  • Legal, privacy, and data protection contact: legal@archively.ai
  • General and support contact: hello@archively.ai

For personal data contained in customer collections that we process on a customer's behalf, the customer is the controller and we act as their processor; that relationship is governed by our Data Processing Agreement.

2. Who this applies to

This policy covers:

  • visitors to archively.ai (the marketing site);
  • tenants (institutions and their authorised users) using the Archively application; and
  • end-users of public portals built on Archively.

Your institution may have its own privacy policy that supplements or supersedes ours for its tenancy and portal.

3. What we collect

  • Account data: name, email address, organisation, and role, provided by you or your institution's administrator at sign-up.
  • Billing data: for paid plans purchased online, payment is processed by Paddle as Merchant of Record. We receive limited transaction data (such as a transaction ID, plan, and country) from Paddle; we do not receive or store full card numbers.
  • Usage data: feature activations, log and error events, device/browser metadata, and aggregate performance metrics, used to keep the Service stable and to prioritise work.
  • Content: the archival records, files, and metadata you upload ("Your Content"). This may contain personal data about third parties. We treat Your Content as strictly confidential and process it only to provide the Service. We do not use Your Content to train models, and the AI providers we use are not permitted to train on it under their API / business terms.
  • Communications: messages you send to us (e.g. support or waitlist enquiries).
  • Cookies and similar technologies: see our Cookie Policy.

4. How we use personal data, and our legal bases

We use personal data to:

  • operate, secure, and support the Service you or your institution use — legal basis: performance of a contract, and our legitimate interest in running the Service;
  • contact administrators about incidents, security, billing, and material changes — legal basis: contract and legitimate interest;
  • improve reliability and performance using aggregate, non-identifying usage patterns — legal basis: legitimate interest;
  • process payments and prevent fraud (via Paddle) — legal basis: contract and legal obligation;
  • respond to enquiries and waitlist requestslegal basis: legitimate interest / steps prior to a contract;
  • comply with law and enforce our terms — legal basis: legal obligation and legitimate interest.

Where we rely on consent (for example, certain analytics cookies), you may withdraw it at any time.

5. How AI processing works

  • When you run AI-assisted features (such as text extraction, transcription, entity recognition, description, or search), the relevant content is sent to the AI sub-processor(s) configured for the Service.
  • Content is processed only to generate the output you request. We do not use it to train models, and the AI providers we use process it under their API / business terms, which do not permit training on customer content.
  • The AI providers we use, and their processing location, may vary by feature and plan. The current list of AI sub-processors is part of our sub-processor list (Section 6) and is available on request.

Note: this commitment holds while the Service uses the AI providers' standard API / business tiers (which do not train on submitted content). We do not route Your Content through consumer chatbot products that may train on inputs, and we keep the sub-processor list current.

6. Sub-processors

We use a minimal set of sub-processors to run the Service, which may include cloud hosting, email delivery, analytics, payment processing (Paddle), and AI inference. Each is bound by confidentiality and data-protection obligations consistent with this policy. The current sub-processor list, including purpose and location, is available on request at legal@archively.ai, and material changes are notified to tenant administrators as set out in the Data Processing Agreement.

7. International transfers

We are based in the Republic of Korea, which the European Commission recognises under an adequacy decision for transfers of personal data from the EEA. Where personal data is transferred to other countries (for example, to a cloud or AI provider), we rely on appropriate safeguards such as Standard Contractual Clauses or an equivalent recognised mechanism. Details are available on request.

8. Data retention and deletion

  • Your Content is retained for the life of your tenancy plus a configurable grace period. On termination, you may export Your Content (in the formats the Service supports), and we delete it within 30 days of the end of the grace period unless you ask us to accelerate, or unless we are required by law to retain it.
  • Account and billing records are retained as long as needed for the relationship and for legal, tax, and accounting obligations.
  • Backups containing deleted data are overwritten on our routine backup cycle.

9. Your rights

Depending on where you live, you may have the right to access, correct, export, restrict, object to, or delete personal data we hold about you, and to withdraw consent. To exercise these rights, contact legal@archively.ai; we respond within the period required by applicable law (and within 30 days as a default).

  • EEA/UK (GDPR / UK GDPR): you may also lodge a complaint with your local supervisory authority.
  • Republic of Korea (PIPA): see Section 11.
  • California (CCPA/CPRA): we do not sell or share personal information for cross-context behavioural advertising, and we do not discriminate against you for exercising your rights.

If we process your personal data on behalf of an institution (i.e. it is part of that institution's collection or tenancy), please direct your request to that institution as controller; we will assist them as their processor.

10. Security

We protect personal data with administrative, technical, and physical measures appropriate to the risk, including encryption in transit and at rest, role-based access controls, the principle of least privilege, and logging of access to the Service. No system is perfectly secure, and we cannot guarantee absolute security. We review our security practices periodically and update them as the Service evolves. To report a vulnerability, contact legal@archively.ai.

11. Republic of Korea — PIPA

For users in the Republic of Korea, the following applies under the Personal Information Protection Act ("PIPA"):

  • Items processed: as described in Section 3.
  • Purposes: as described in Section 4.
  • Retention: as described in Section 8.
  • Provision to third parties / consignment: we use the sub-processors described in Section 6 to operate the Service; we do not otherwise provide personal information to third parties except as required by law.
  • Rights: you may request access, correction, deletion, and suspension of processing of your personal information.
  • Personal Information Protection Officer (개인정보 보호책임자): the Privacy Officer of Sharpian (샤피안), reachable at legal@archively.ai.

12. Children

The Service is intended for use by institutions and their authorised staff, not by children. We do not knowingly collect personal data directly from children. (Archival collections may describe individuals, including minors; that material is Your Content and is governed by the Data Processing Agreement.)

13. Changes to this policy

We may update this policy. Material changes will be posted here with an updated effective date and, where appropriate, notified to tenant administrators.

14. Contact

Legal, privacy, and data protection: legal@archively.ai General and support: hello@archively.ai