Privacy Policy

Privacy Policy

Last Updated: May 15, 2025

Privacy Policy

Ark Privacy Policy

Last Updated: November 2025

1. WHO WE ARE

Ark provides AskArk™, an AI-powered platform designed exclusively for schools.

📧 Email: hello@askark.ai | 🔒 Data Protection: dpo@askark.ai

🌐 Website: https://askark.ai

Supervisory Authority: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2 | info@dataprotection.ie

2. WHAT DATA WE COLLECT

When You Visit Our Website

  • IP address, browser type, pages visited
  • Cookies (see Section 8)

When You Contact Us

  • Name, email, phone number, school name
  • Your message and correspondence

When Your School Subscribes

As Data Controller:

  • School account details and billing information
  • Contact details for programme coordination
  • Usage analytics (anonymized)

As Data Processor (on School’s behalf):

  • Content Schools upload to AskArk™
  • User login details and activity logs
  • Any personal data Schools choose to include

Important: Schools control what data they submit. We advise minimising personal data and using pseudonymization (e.g., “Student A” instead of names).

3. HOW WE USE YOUR DATA

Website Visitors

✓ Operate and improve our website 

✓ Send marketing emails (with consent) 

✓ Respond to inquiries 

✓ Analytics and performance monitoring

School Subscribers

✓ Provide AskArk™ services 

✓ Process queries through AI models 

✓ Deliver Programme Manager support 

✓ Manage accounts and billing 

✓ Send service updates

We do NOT:

  • ❌ Sell your data
  • ❌ Use school content for marketing
  • ❌ Train AI models on your data

4. LEGAL BASIS

We process data based on:

  • Contract: To provide AskArk™ services
  • Consent: Marketing to non-customers, cookies
  • Legitimate Interest: Service improvement, fraud prevention, customer marketing
  • Legal Obligation: Tax, accounting, legal compliance

5. WHO WE SHARE DATA WITH

AI Providers (for platform functionality)

  • Anthropic (Claude) – EU hosting, GDPR compliant
  • OpenAI (GPT-4) – EU hosting, GDPR compliant
  • Google (Gemini) – EU hosting, GDPR compliant

Safeguards: Encryption, contractual prohibition on training with your data, EU data residency

Infrastructure Providers

  • AWS, Google Cloud, Microsoft Azure – EU hosting (Ireland/Belgium/Netherlands)
  • ISO 27001 certified, GDPR compliant

Other Service Providers

  • Email: Mailgun, Brevo (EU)
  • CRM: HubSpot (EU)
  • Analytics: Google Analytics 4 (EU, anonymized)
  • Project Management: Asana (EU)

Full list: https://thearkhq.com/subprocessors

All providers: 

✓ Sign Data Processing Agreements 

✓ Meet GDPR requirements 

✓ Use encryption and access controls 

✓ Located primarily in EU

6. INTERNATIONAL TRANSFERS

Primary location: EU (Ireland, Belgium, Netherlands)

If data goes outside EU: 

✓ Protected by EU-approved Standard Contractual Clauses 

✓ Transfer Impact Assessments conducted 

✓ Strong encryption and security measures 

✓ Contractual protections against improper access

7. HOW LONG WE KEEP DATA

School content: During subscription + 30 days (then deleted)

Account data: 7 years after subscription ends (tax/legal requirements)

Marketing contacts: Until you unsubscribe (suppression list kept indefinitely)

Website analytics: 26 months

Support records: 3 years

8. COOKIES

Essential Cookies (Always On): Necessary for website security and operation

Analytics Cookies (With Consent): Google Analytics 4 – understand website usage (anonymized IP)

Marketing Cookies (With Consent): HubSpot, LinkedIn Ads – deliver relevant content

Manage Cookies:

  • Update preferences: https://thearkhq.com/cookie-settings
  • Browser settings: Block/delete cookies
  • Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

9. YOUR RIGHTS

You have the right to:

Access – Get a copy of your data

Rectify – Correct inaccurate data

Erase – Delete your data (with exceptions for legal obligations)

Restrict – Limit how we use your data

Port – Receive data in machine-readable format

Object – Stop processing for marketing or legitimate interests

Withdraw Consent – For consent-based processing

Complain – To the Data Protection Commission

Exercise Your Rights: Email dpo@thearkhq.com with proof of identity

We’ll respond within 30 days (may extend 60 days for complex requests)

10. SECURITY

We protect your data with:

  • ✓ Encryption (TLS 1.3 in transit, AES-256 at rest)
  • ✓ Multi-factor authentication
  • ✓ Access controls and monitoring
  • ✓ Regular security testing
  • ✓ ISO 27001 certified infrastructure
  • ✓ Staff training and confidentiality agreements

Data Breaches: We’ll notify Schools within 24 hours and the Data Protection Commission within 72 hours (if required).

11. CHILDREN’S PRIVACY

AskArk™ is for adult professionals (18+). We don’t knowingly collect children’s data directly.

If Schools include student data in their content, they’re responsible for ensuring lawful processing and appropriate safeguards.

Parents: Contact your school to exercise rights on behalf of your child.

12. MARKETING

Opt Out Anytime:

  • Click “Unsubscribe” in any email
  • Email hello@askark.ai
  • Note: Service emails (billing, security, account management) continue even after marketing opt-out.

13. CONTROLLER VS PROCESSOR

We Are Controller For:

  • Website visitors
  • Marketing contacts
  • Account and billing information
  • Programme coordination

We Are Processor For:

  • Content Schools upload to AskArk™
  • Personal data Schools submit
  • School determines legal basis and controls processing

Schools must:

  • Establish lawful basis for processing
  • Provide privacy notices to data subjects
  • Respond to data subject rights requests
  • Notify Data Protection Commission of breaches

14. CHANGES TO THIS POLICY

We may update this policy to reflect service changes or new legal requirements.

Material changes: 30 days’ email notice

Minor changes: Updated on website immediately

Last updated date shown at top of policy

15. CONTACT US

Privacy Questions: dpo@askark.ai