Privacy Policy
Who we are
ArchStage is a native desktop application developed and sold by M2GL SOLUTIONS, a company based in the European Union. ArchStage is distributed directly via archstage.app.
For any privacy-related questions, contact us at: privacy@archstage.app
The short version
ArchStage is built with privacy by design.
- Your project files never leave your machine
- We do not track your usage
- We do not run analytics on your behavior
- We do not sell your data to anyone
- The only personal data we process is what is strictly necessary to activate your license and handle your purchase
1. What data we collect and why
1.1 Purchase data
When you purchase ArchStage, your payment is processed by Paddle (Paddle.com Market Ltd.), our Merchant of Record. Paddle collects and processes your payment information (name, email address, billing address, payment method) directly. We do not receive or store your payment card details.
Paddle acts as the Merchant of Record for all ArchStage purchases, meaning they handle VAT collection, invoicing, and payment compliance on our behalf. Their privacy policy is available at paddle.com/legal/privacy.
After a successful purchase, we receive from Paddle:
- Your email address (for license delivery and support)
- Your license key
Legal basis (GDPR): Performance of a contract (Article 6(1)(b))
1.2 License activation data
When you activate your ArchStage license, the app sends a license validation request to Paddle's license API. This request includes:
- Your license key
- A hashed hardware identifier (machine ID) that identifies your device without identifying you personally. This identifier is a one-way hash of hardware properties — it cannot be reversed to identify your machine or you.
This data is used solely to enforce the single-machine activation limit and to validate your license on subsequent launches.
Legal basis (GDPR): Performance of a contract (Article 6(1)(b)) and our legitimate interest in preventing license fraud (Article 6(1)(f))
1.3 Trial registration data
When you launch ArchStage for the first time without a license, the app registers your trial start date against your hashed machine ID on our trial server. This is used solely to enforce the 7-day trial period and prevent trial resets. No personally identifiable information is sent.
Legal basis (GDPR): Legitimate interest (Article 6(1)(f))
1.4 Support communications
If you contact us by email, we receive your email address and the contents of your message. We use this solely to respond to your inquiry. We do not add you to any mailing list without your explicit consent.
Legal basis (GDPR): Legitimate interest (Article 6(1)(f))
1.5 What we do NOT collect
- We do not collect analytics or usage data
- We do not track which features you use
- We do not read, access, or transmit your project files or documents
- We do not use cookies or tracking pixels on our website
- We do not use third-party advertising networks
- We do not share your data with third parties for marketing purposes
2. Your project data
All data you create in ArchStage — projects, sprints, backlog items, documents, generated files — is stored locally on your machine in .archstg files (SQLite databases) and in the folder structure you choose.
This data is entirely under your control. We have no access to it, no visibility into it, and no copy of it. Deleting the files from your machine permanently removes them.
The only network calls ArchStage makes are:
- To Paddle's license API (activation and periodic validation)
- To our trial registration server (first launch only, no PII)
- To Anthropic's API via Claude Code CLI (your own account, your own key — we have no involvement in or visibility into these calls)
3. Data retention
| Data | Retention period |
|---|---|
| License key + machine ID | For the lifetime of your license |
| Trial machine ID | 1 year after trial registration |
| Support emails | 2 years from last correspondence |
| Purchase records | As required by applicable law (typically 7 years) |
4. Your rights under GDPR
If you are located in the European Union, you have the following rights:
Right of access — You can request a copy of the personal data we hold about you.
Right to rectification — You can ask us to correct inaccurate data.
Right to erasure — You can ask us to delete your personal data, subject to legal retention obligations.
Right to restriction — You can ask us to restrict processing of your data in certain circumstances.
Right to data portability — You can request your data in a machine-readable format.
Right to object — You can object to processing based on legitimate interests.
Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at privacy@archstage.app. We will respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority if you believe your data has been processed unlawfully.
5. Data transfers
Paddle (Paddle.com Market Ltd.) is a UK-based company. Transfers of your purchase data to Paddle are covered by their GDPR compliance measures and Standard Contractual Clauses (SCCs) where applicable. See their privacy policy at paddle.com/legal/privacy for details.
Our trial registration server is hosted in the EU. No personal data is transferred outside the EU in connection with trial registration.
6. Third parties
| Third party | Purpose | Their privacy policy |
|---|---|---|
| Paddle | Payment processing, license management | paddle.com/legal/privacy |
| Anthropic | AI processing via Claude Code (your account) | anthropic.com/privacy |
We have no control over Anthropic's data practices for your Claude Code usage. Your use of Claude Code is governed by your own agreement with Anthropic.
7. Security
We take reasonable technical measures to protect the data we hold:
- License keys are stored encrypted on your device using OS-level encryption (macOS Keychain, Windows DPAPI)
- Communications with our license and trial servers use HTTPS
- We do not store payment card data at any point
8. Children
ArchStage is not directed at children under 16. We do not knowingly collect personal data from children.
9. Changes to this policy
If we make material changes to this policy, we will update the date at the top of this page and, where appropriate, notify you by email. Continued use of ArchStage after changes constitutes acceptance of the updated policy.
10. Contact
For any privacy questions or to exercise your rights:
privacy@archstage.app
Response time: within 30 days.