Privacy Policy

This Privacy Policy explains how Archiva ("we", "our", or "us") collects, uses, and protects information when you use our website, dashboard, APIs, and services (collectively, the "Service").

Archiva is designed to collect and store audit data on behalf of our customers. We take privacy seriously and intentionally limit the personal data we collect and process.

1. Information We Collect

Information You Provide

When you create an account or use the dashboard, we may collect:

  • Name and email address
  • Organization or project information
  • Billing and subscription details

This information is used only to provide access to the Service and manage accounts.

Audit Event Data

When you use Archiva to log audit events, you control what data is sent to us. This may include:

  • Actor identifiers and display names
  • Entity identifiers
  • Event timestamps
  • Contextual metadata
  • Optional change records

Archiva does not require or encourage the submission of sensitive personal data. Customers are responsible for determining what data they include in audit events.

Automatically Collected Information

When accessing the website or dashboard, we may automatically collect:

  • IP address
  • Browser type and version
  • Device and operating system information
  • Usage and interaction data

This information is used to maintain service reliability and security.

2. How We Use Information

We use collected information to:

  • Provide and operate the Service
  • Authenticate requests and enforce project isolation
  • Secure and maintain audit data
  • Monitor system performance and prevent abuse
  • Communicate with customers about service updates or issues

We do not sell personal data.

3. Data Ownership and Control

Audit event data belongs to the customer who submits it.

Archiva acts as a data processor for audit data and does not use customer audit data for analytics, advertising, or training unrelated systems.

Customers control:

  • What data is sent to Archiva
  • How long data is retained through retention policies
  • Which projects and environments store data

4. Data Retention

Audit data is retained according to the retention settings configured for each project.

Account and billing information is retained only as long as necessary to provide the Service or comply with legal obligations.

5. Security Measures

We implement technical and organizational measures to protect data, including:

  • Encryption of audit data at rest
  • Secure authentication using project-scoped API keys
  • HTTPS for all data transmission
  • Project-level isolation of stored data

While no system is completely secure, we design Archiva to minimize risk and exposure.

6. Sharing of Information

We do not share customer audit data with third parties except:

  • When required by law
  • To comply with valid legal processes
  • With trusted service providers who assist in operating the Service, under strict confidentiality obligations

We do not allow third parties to access audit data for their own purposes.

7. International Data Transfers

Archiva may process and store data in locations outside your country of residence. We take reasonable steps to ensure appropriate safeguards are in place when transferring data internationally.

8. Your Responsibilities

Customers are responsible for:

  • Protecting their API keys
  • Avoiding the submission of unnecessary personal or sensitive data
  • Complying with applicable privacy and data protection laws when using the Service

Archiva provides tools and guidance, but customers control the content of audit events.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal information associated with your account.

Requests can be made by contacting us using the information below.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: