Arkezone is a trading name of EMRIONLABS LTD, a private limited company registered in England and Wales under company number 16941907, with its registered office at [Registered Office Address, United Kingdom]. In this document, “Arkezone”, “we”, “us”, and “our” refer to EMRIONLABS LTD.
This page is provided for transparency and general information. It does not constitute legal advice. You should obtain independent legal advice before relying on it for compliance or risk decisions.
Privacy Notice
1. Who we are
EMRIONLABS LTD (“Arkezone”, “we”, “us”, or “our”) is the controller of the personal data we collect about visitors to our websites and users of the Arkezone platform and related services (the “Services”).
Where merchants use Arkezone to collect or process personal data about their own end customers, the relevant merchant is the controller of that data and Arkezone acts as a processor on the merchant’s behalf, as described below.
2. Contact
For privacy or data protection enquiries, please contact us at [email protected].
Postal address: [Registered Office Address, United Kingdom]
ICO registration number: [ICO Registration Number, if applicable]
3. Personal data we collect
Account and identity data
When you create an Arkezone account, we collect your email address, password (stored as a one-way hash), and, where provided, your full name.
If you sign in using Google, we may receive your name, email address, and avatar URL from Google.
Authentication and session data
After sign-in, we issue authentication credentials to keep you signed in and allow the application to communicate with our API. Depending on the area of the platform you use, this may include cookies, local storage, and session storage.
Billing data
If you purchase a paid plan, payment details are collected directly by our payment provider, Stripe. We do not store full card numbers. We do receive billing-related metadata such as customer ID, subscription status, invoice references, and payment amounts.
Content, assets, and configuration
We store the content, themes, settings, uploads, and assets you add to the builder so we can provide hosting, publishing, storefront, and platform functionality.
Product analytics
We use analytics tools, including PostHog, to understand how the platform is used and to improve the Services. Product analytics may include pseudonymous user identifiers, page activity, feature usage, and masked session replay data.
We configure session replay safeguards intended to reduce exposure of sensitive content, including masking visible text and form inputs and disabling replay on certain authentication routes.
Error monitoring
We use error monitoring tools, including Sentry, to identify and diagnose application issues. These tools may receive technical diagnostics such as stack traces, request metadata, and performance information. We configure them to avoid intentionally attaching unnecessary personal identifiers where possible.
Storefront analytics
On published merchant sites, we provide a lightweight first-party analytics beacon to help merchants understand traffic and page usage. This may involve browser-generated visitor and session identifiers, page paths, referrers, UTM parameters, and approximate country derived from connection metadata.
Communications
We process the content of emails and support messages you send to us. Transactional emails such as sign-up confirmations, password resets, OTPs, and service alerts may be sent through third-party email providers.
Technical, security, and log data
When you use the Services, we automatically collect certain technical information such as IP address, browser and device details, request paths, timestamps, and security or error logs. We use this data to operate, secure, maintain, and debug the platform.
4. Merchant data
If you use Arkezone to operate a site, storefront, lead form, customer area, or checkout experience, you decide what personal data your own end customers submit and how that data is used.
For personal data processed through merchant-controlled features, including data stored in records such as leads, customers, and orders, the merchant is the controller and Arkezone acts as the processor on the merchant’s behalf.
As a merchant, you are responsible for:
- having an appropriate lawful basis for collecting and using that data;
- providing your own privacy notice and, where required, cookie disclosures to your end customers;
- obtaining any necessary consents; and
- responding to data subject requests.
We will process merchant-controlled data only on documented instructions from the merchant, unless otherwise required by applicable law.
5. How we use personal data
We use personal data to:
- provide, operate, and maintain the Services;
- create and manage user accounts;
- authenticate users and protect account security;
- process billing and manage subscriptions;
- host, publish, and deliver user content and storefronts;
- respond to support requests and service communications;
- improve functionality, performance, and product experience;
- detect, prevent, and investigate fraud, abuse, and security incidents; and
- comply with legal, tax, accounting, and regulatory obligations.
6. Legal bases for processing
Where UK GDPR or EU GDPR applies, we rely on the following legal bases:
- Contract — where processing is necessary to provide the Services you requested or to take steps before entering into a contract.
- Legitimate interests — where processing is necessary for platform security, fraud prevention, service improvement, diagnostics, and product analytics, provided those interests are not overridden by your rights and freedoms.
- Consent — where required for non-essential cookies, similar technologies, or certain direct marketing activities.
- Legal obligation — where processing is necessary to comply with applicable legal or regulatory requirements.
7. Sharing of personal data
We may share personal data with:
- the subprocessors listed below;
- professional advisers such as lawyers, accountants, auditors, and insurers, under appropriate confidentiality obligations;
- regulators, law enforcement, courts, and public authorities where required by law; and
- parties involved in a merger, acquisition, financing, restructuring, or sale of business assets, subject to appropriate protections.
8. International transfers
Some of our service providers may process personal data outside the United Kingdom or the European Economic Area.
Where we transfer personal data internationally, we rely on lawful transfer mechanisms where required, including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other valid safeguards under applicable law.
9. Retention
We retain personal data only for as long as necessary for the purposes described in this notice, including to provide the Services, meet contractual commitments, resolve disputes, enforce our agreements, and comply with legal obligations.
In general:
- account data is retained while your account remains active and for a reasonable period afterwards;
- billing and tax records are retained for the period required by applicable law, typically up to six years in the UK;
- technical logs are retained for limited rolling periods appropriate to security and diagnostics; and
- merchant-controlled data is retained according to the merchant’s instructions, subject to legal retention requirements.
10. Your rights
Subject to applicable law, you may have the right to:
- access your personal data;
- correct inaccurate or incomplete data;
- request deletion of your data;
- restrict certain processing;
- object to certain processing;
- request portability of your data; and
- withdraw consent where processing is based on consent.
You can exercise these rights by contacting [email protected].
If you are located in the UK, you also have the right to complain to the UK Information Commissioner’s Office. If you are located in the EEA, you may complain to your local supervisory authority.
If your request relates to data controlled by a merchant using Arkezone, you should contact that merchant directly. We will assist them where required.
11. California privacy disclosures
If you are a California resident, we may collect categories of personal information such as identifiers, commercial information, internet activity, and approximate geolocation derived from IP-based signals.
We do not sell personal information and do not share personal information for cross-context behavioural advertising.
Subject to applicable law, California residents may have rights to know, access, correct, delete, and limit certain uses of personal information. Requests may be sent to [email protected].
12. Children
The Services are not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, please contact us so we can investigate and, where appropriate, delete the data.
13. Security
We use technical and organisational measures designed to protect personal data, including encryption in transit, access controls, audit logging, and rate limiting on sensitive endpoints.
No system is completely secure. You are responsible for maintaining the confidentiality of your credentials and for using a strong, unique password.
14. Changes to this Privacy Notice
We may update this Privacy Notice from time to time. When we do, we will update the “Last updated” date on this page and, where appropriate, notify users by email or in-product notice.
Subprocessors
We use third-party service providers to help operate the Services. The list below reflects our current core subprocessors and may be updated from time to time.
| Subprocessor | Purpose | Data involved | Region |
|---|---|---|---|
| Stripe Payments Europe Ltd / Stripe, Inc. | Platform billing and payment processing | Billing identity, subscription metadata, transaction data | Ireland / United States |
| PostHog | Product analytics, feature usage, masked session replay | Pseudonymous identifiers, events, page activity, masked replay data | EU or US depending on configuration |
| Functional Software, Inc. (Sentry) | Error monitoring and performance diagnostics | Technical diagnostics, stack traces, limited request metadata | United States / EU |
| Sendinblue SA (Brevo) | Transactional email | Recipient email address, message metadata | European Union |
| Resend, Inc. | Optional transactional email provider | Recipient email address, message metadata | United States |
| Google LLC | OAuth / Google Sign-In | Name, email address, avatar URL | United States |
| Cloudflare, Inc. | DNS, CDN, security, edge delivery | Connection metadata, IP address, request handling data | Global |
| Vercel Inc. | Hosting and web infrastructure where applicable | Connection metadata, request logs | Global |
| Laravel Forge / applicable infrastructure providers | API, application, and database infrastructure | Data necessary to host and operate the platform | [Specify actual hosting region/provider] |
Terms of Service
1. Agreement
These Terms of Service form a binding agreement between you, or the organisation you represent, and EMRIONLABS LTD trading as Arkezone.
By creating an account, accessing, or using the Services, you agree to these Terms.
2. The Services
Arkezone provides a website and commerce platform that may include builder tools, themes, content management, publishing, hosting, storefront capabilities, payment integrations, analytics, and related operational features.
We may add, modify, suspend, or discontinue features from time to time. Where reasonably practicable, we will provide notice of material changes.
3. Eligibility and accounts
You must be at least 18 years old, or the age of legal majority in your jurisdiction, to use the Services.
You are responsible for:
- keeping your credentials secure;
- ensuring the information associated with your account is accurate; and
- all activity that occurs under your account.
You must notify us promptly if you believe your account has been compromised.
4. Acceptable use
You must not misuse the Services. This includes, without limitation:
- attempting to gain unauthorised access to the platform or related systems;
- interfering with normal operation or security;
- uploading malware or harmful code;
- sending spam or unlawful communications;
- infringing intellectual property, privacy, or other legal rights; or
- using the Services in violation of applicable law.
We may suspend or terminate access where we reasonably believe these Terms have been breached or where continued access creates security, legal, or operational risk.
5. Merchant responsibilities
If you use Arkezone to sell goods or services, you are solely responsible for your:
- products and services;
- product descriptions and pricing;
- taxes, duties, and regulatory compliance;
- shipping, fulfilment, cancellations, refunds, and returns;
- customer support; and
- compliance with applicable consumer, privacy, and marketing laws.
You are also responsible for providing your own legal disclosures to your end customers where required, including your privacy notice, cookie notice, and store terms.
6. Your content
You retain ownership of the content you upload or create through the Services.
You grant us a worldwide, non-exclusive, revocable (to the extent possible), royalty-free licence to host, store, reproduce, transmit, adapt, and display your content only as necessary to operate, improve, and provide the Services.
You represent and warrant that you have all rights necessary for us to use that content for these purposes.
7. Third-party services
The Services may integrate with third-party services, including payment providers, analytics providers, identity providers, infrastructure providers, or email services.
Your use of third-party services may be governed by the terms and privacy notices of those third parties, and we are not responsible for their independent products or services.
8. Fees, billing, and taxes
Paid plans, billing cycles, and fees are presented at checkout or in your applicable order terms.
Unless stated otherwise, fees are exclusive of VAT and other applicable taxes, which may be added where required by law.
Where relevant:
- UK customers may be charged UK VAT;
- EU business customers may be required to provide valid VAT information to qualify for reverse-charge treatment;
- non-payment may result in suspension or termination of access.
9. Beta and early-access features
Features identified as beta, preview, or early-access are provided on an “as is” basis. They may be modified, interrupted, or discontinued at any time.
10. Intellectual property
The Services, including the software, platform design, functionality, themes other than your own custom content, branding, and related intellectual property, are owned by us or our licensors.
Except as expressly stated in these Terms, no rights are transferred to you.
11. Disclaimers
To the fullest extent permitted by law, the Services are provided “as is” and “as available.”
We disclaim all implied warranties, including warranties of merchantability, fitness for a particular purpose, non-infringement, and uninterrupted or error-free operation.
12. Limitation of liability
Nothing in these Terms excludes or limits liability that cannot lawfully be excluded under applicable law, including liability for death or personal injury caused by negligence, fraud, or fraudulent misrepresentation.
Subject to that, to the fullest extent permitted by law:
- neither party will be liable for indirect, incidental, special, consequential, or punitive damages; and
- we will not be liable for loss of profits, revenue, business opportunity, goodwill, or data.
Our total aggregate liability arising out of or relating to the Services in any twelve-month period will not exceed the greater of:
- the total fees paid by you to us during that period; or
- £100.
13. Indemnity
You agree to indemnify and hold us harmless against third-party claims, losses, liabilities, damages, and reasonable costs arising out of or related to:
- your content;
- your products or services;
- your use of the Services in breach of these Terms; or
- your violation of applicable law or third-party rights,
except to the extent caused by our own breach of law or these Terms.
14. Suspension and termination
You may stop using the Services at any time.
We may suspend or terminate your access where reasonably necessary for breach, security, fraud prevention, legal compliance, non-payment, or operational protection.
Where the Services support export, we will provide a reasonable opportunity to export your content following termination, unless we are prohibited from doing so or immediate suspension is necessary.
15. Changes to these Terms
We may update these Terms from time to time. If changes are material, we will provide reasonable notice by email, in-product notice, or by updating this page.
Your continued use of the Services after the effective date of the updated Terms constitutes acceptance of the revised Terms.
16. Governing law and jurisdiction
These Terms and any dispute or claim arising out of or in connection with them are governed by the laws of England and Wales.
The courts of England and Wales will have exclusive jurisdiction, except where mandatory consumer protection laws provide otherwise.
17. Miscellaneous
You may not assign or transfer these Terms without our prior written consent.
We may assign these Terms in connection with a merger, acquisition, corporate reorganisation, or sale of assets.
If any provision is held unenforceable, the remaining provisions will remain in full force and effect.
These Terms, together with any applicable order terms and our Privacy Notice, form the entire agreement between you and us in relation to the Services.
18. Notices
Legal notices and questions should be sent to [email protected].