Home

Privacy Policy

Privacy Policy

How we collect, use, and protect your data

This Privacy Policy explains how artoo ("artoo," "we," "us") processes personal information in connection with the D2 authorization service and our websites.

Information We Collect

You provide: account details (name, email, company), authentication and profile data, billing/payment info (for paid tiers), and support communications.

Automatically collected: service telemetry (e.g., policy evaluation outcomes, tool-call metadata, latency), device/usage data (IP address, user agent, referring URL), and cookie/SDK events. See Cookies & Similar Technologies.

From third parties: payment processors (payment status, limited billing metadata), email service providers (deliverability events), and hosting providers (security/availability logs).

How We Use Information (Purposes & Legal Bases)

  • Provide and operate D2; create and manage accounts. (GDPR Art. 6(1)(b))
  • Secure, monitor, and troubleshoot the services; prevent fraud/abuse; enforce policies. (6(1)(f))
  • Billing and account administration; collect payments; send transactional emails. (6(1)(b))
  • Communicate about product updates; market with consent where required. (6(1)(a),(f))
  • Anonymize/aggregate telemetry to improve D2 and our documentation. (6(1)(f))

We do not use customer data to build profiles for unrelated third-party advertising.

Roles of the Parties (Controller vs. Processor)

  • For the D2 service as used by your organization, artoo generally acts as a processor of Customer Data under your instructions.
  • For our marketing website, accounts, and billing, artoo acts as a controller.

Data Retention

We retain personal data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary based on the type of data and applicable legal requirements.

International Transfers

If personal data is transferred outside your region, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and additional measures. You may request a copy at privacy@artoo.love.

Data Location

Customer Materials and personal data may be processed in locations where we or our subprocessors operate. We take appropriate measures for cross-border transfers as required by law.

Your Rights

EEA/UK/Swiss residents: access, correct, delete, restrict, object, portability; lodge a complaint with your supervisory authority.

U.S. state privacy laws (e.g., CA/CO/CT/VA/UT): access, delete, correct, portability, and the right to opt-out of certain processing like "sale," "sharing," or targeted advertising (as defined by law).

At this time, artoo does not sell personal information and does not share it for cross-context behavioral advertising. If this changes, we will update this Policy and provide an opt-out mechanism.

Submit a request: visit /legal/dsr or email privacy@artoo.love.

Data Subject Requests (Scope & Limits)

We may request information to verify identity before responding and may deny or charge a reasonable fee for requests that are excessive, repetitive, or manifestly unfounded, as permitted by law.

Subprocessors & Hosting

We use carefully vetted subprocessors to help us provide D2. Current list: /legal/subprocessors.

Security

We implement organizational and technical measures appropriate to the risk, including encryption in transit and at rest, least-privilege access controls, change management, vulnerability management, and incident response procedures. If we become aware of a security incident affecting your data, we will notify you as legally required and where appropriate under the circumstances.

Cookies & Similar Technologies

We use:

  • Strictly necessary cookies for core functionality and security.
  • Analytics cookies to understand product usage in aggregate.
  • Functional cookies to remember preferences.

Manage preferences via the Cookie Settings link. "Do Not Track" signals may not be honored by all components due to ecosystem limitations.

Changes

We will post updates here and adjust the "Last Updated" date. For material changes, we will provide additional notice (e.g., email or in-product message).

Contact

artoo — Attn: Privacy
privacy@artoo.love

Last Updated: 2025-11-08