Privacy Policy

Effective June 15, 2026

This policy explains what data Arxos (operated by Midfluence LLC, a Delaware limited liability company) collects when you use joinarxos.com, how we use it, and the choices you have. We wrote this to be readable. If anything is unclear, email privacy@joinarxos.comand we'll explain in plain English.

1. Who we are

Arxos is a software service that gives ecommerce founders an "AI operating team" — automated assistants (Operators) for customer support, inventory, content, finance, and competitive research. The service is provided by Midfluence LLC("Arxos," "we," "us"), 221 North Broad Street, Suite 3A, Middletown, DE 19709, USA.

2. Data we collect

2.1 Account data

When you sign up, our identity provider Clerk collects your name, email address, and (if you choose) a password or third-party login (Google, etc.). We never see or store your password directly.

2.2 Connected-store data

If you connect a Shopify store, we receive an OAuth access token granting read-only access to orders, products, inventory, and customers in your store. We store this token encrypted at rest (AES-256-GCM) and only use it to retrieve data on your behalf.

2.3 Email data

If you connect a customer-support email account, we read incoming messages so the Triage Operator can draft responses. Drafts are shown to you for approval; we never send mail without your action.

2.4 Content you provide

Brand guidelines, support policies, supplier information, purchase orders, financial entries (bank balances, credit cards, loans), and anything else you type into Arxos is stored to deliver the service.

2.5 Usage + diagnostic data

Server logs (IP address, request path, timestamps, error traces) for debugging and security. We retain these for up to 90 days.

2.6 Payment data

Subscriptions are processed by Stripe. We do not store your card number or CVC. We store the Stripe customer + subscription IDs and your billing tier / status.

2.7 Bank and financial-account data (Plaid)

If you connect a bank or credit-card account, we use Plaidto retrieve your account balances and transaction history so Arxos can show your real cash position, spending, and runway. You enter your bank login directly with Plaid; Arxos never sees or stores those credentials. We receive the resulting data through Plaid and store a Plaid access token encrypted at rest (AES-256-GCM), used only to refresh your financial dashboard on your behalf. We never sell this data. You can disconnect at any time, which revokes Plaid's access and deletes the stored connection. Plaid's own handling of your data is described in the Plaid End User Privacy Policy.

3. How we use your data

  • Provide the Arxos service (run Operators, surface insights, send notifications)
  • Authenticate you and protect your account
  • Send service-related emails (receipts, security alerts, important updates)
  • Improve product quality (aggregated, de-identified analytics only)
  • Comply with legal obligations

We do not sell your data. We do not use your data to train AI models for other customers. We do not advertise to you.

4. Third parties that process your data

Arxos uses the following sub-processors. Each has its own privacy commitments; links below.

  • Anthropic — powers AI drafts (CS replies, content ideation, web search). Inputs sent to Anthropic include relevant context from your account (e.g. a customer email being drafted). Anthropic does not train on Arxos data per its zero-retention policy. Anthropic privacy
  • Supabase — Postgres database hosting (US-East). Supabase privacy
  • Vercel — application hosting + serverless runtime. Vercel privacy
  • Clerk — authentication. Clerk privacy
  • Stripe — payment processing. Stripe privacy
  • Plaid — connects your bank and credit-card accounts to retrieve balances and transactions for your financial dashboard. You enter your bank login directly with Plaid; Arxos never receives your credentials. Plaid End User Privacy Policy
  • Shopify — when you connect your store, data flows between Shopify and Arxos via OAuth. Shopify privacy
  • Google (Gmail)— if you connect a Gmail account for customer support, Arxos accesses messages via Gmail IMAP/SMTP using credentials you provide. Data is processed per Google's policies.

5. Data retention

  • Account + subscription data: while your account is active, plus up to 90 days after cancellation for billing reconciliation.
  • Customer-support drafts + cases: retained while you actively use the Triage Operator; deletable on request.
  • Amazon buyer personally identifiable information (PII):When a Triage case is associated with an Amazon Seller Central order, buyer-identifying fields (name, email address, message body content that references buyer identity) are deleted or irreversibly anonymized no later than 30 days after the associated Amazon order is delivered. Aggregated, anonymized analytics derived from these records may persist longer for the seller's reporting needs, but the underlying PII does not. This retention window matches the commitment Arxos made to Amazon's Solution Provider Portal for Account Management service registration.
  • Connected-store data: deleted within 30 days of disconnecting the integration.
  • Bank and financial-account data accessed via Plaid: retained while the account is connected; deleted when you disconnect, which also revokes Plaid's access.
  • Server logs: 90 days, then deleted.

6. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, etc.) you may have rights including:

  • Access — request a copy of your data
  • Correction — fix inaccurate data
  • Deletion — request we delete your data
  • Portability — receive your data in a machine-readable format
  • Restriction or objection — limit how we process your data
  • Withdrawal of consent — for processing based on consent

To exercise any of these, email privacy@joinarxos.com. We'll respond within 30 days.

7. Security

We use industry-standard security practices: TLS 1.2+ in transit, encryption at rest for sensitive credentials (AES-256-GCM), least- privilege database access, automated daily backups, and reasonable physical/operational safeguards via our hosting providers.

No system is perfectly secure. If you discover a vulnerability, please report it to security@joinarxos.com.

8. Cookies

We use first-party cookies set by Clerk to keep you logged in. We do not set third-party advertising or tracking cookies.

9. Children

Arxos is a B2B product not intended for users under 16. We do not knowingly collect data from children.

10. International transfers

Arxos servers are in the United States. If you use Arxos from outside the US, your data will be transferred to the US. By using the service, you consent to this transfer.

11. Changes to this policy

We may update this policy as Arxos evolves. We'll notify registered users by email of material changes at least 30 days before they take effect. The current version is always at this URL.

12. Contact

Privacy questions: privacy@joinarxos.com
Security disclosures: security@joinarxos.com
General support: support@joinarxos.com