← Back to Arcos

Privacy Policy

Effective Date: February 23, 2026 · Last Updated: February 23, 2026

1. Introduction

Arcos (“we,” “us,” or “our”) operates the website located at www.usearcos.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. This policy is designed to comply with the New Jersey Data Privacy Act (N.J.S.A. 56:8-166 et seq.), the New Jersey Consumer Fraud Act, and other applicable state and federal privacy laws.

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address and password (stored as a cryptographic hash) when you create an account.
  • Settings & Preferences: Theme choices, scheduling preferences, and calendar display options you configure within the app.
  • Calendar Data: If you choose to connect your Google Calendar, we access calendar event data (event titles, times, and calendar identifiers) through Google’s OAuth 2.0 protocol.

2.2 Information Stored Locally

  • Task Titles & Descriptions: By default, task names and descriptions are stored exclusively in your browser’s local storage and are never transmitted to or stored on our servers. This is a core part of our privacy-first architecture.

2.3 Information Collected Automatically

  • Task Metadata: Non-identifying task attributes such as priority level, duration, energy level, scheduling window, due dates, and completion status are stored on our servers to power the scheduling engine.
  • Usage Data: We may collect information about how you interact with the Service, including pages visited, features used, and timestamps of activity.
  • Device & Browser Data: Browser type, operating system, screen resolution, and similar technical information transmitted automatically by your browser.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the Service
  • To authenticate your identity and secure your account
  • To generate personalized task schedules and productivity insights
  • To synchronize calendar data when you connect external calendar services
  • To respond to your inquiries and provide customer support
  • To send administrative communications regarding your account or the Service
  • To detect, prevent, and address security vulnerabilities and fraudulent activity
  • To comply with legal obligations

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:

  • Service Providers: With trusted third-party services that assist us in operating the Service (such as hosting and database providers), subject to confidentiality obligations.
  • Google Calendar Integration: When you connect your Google Calendar, data is exchanged between our Service and Google’s APIs in accordance with Google’s API Services User Data Policy.
  • Legal Requirements: When required by law, subpoena, court order, or other governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity.

5. Your Rights Under New Jersey Law

Under the New Jersey Data Privacy Act, New Jersey residents have the following rights regarding their personal data:

  • Right to Know: You have the right to confirm whether we are processing your personal data and to access a copy of that data.
  • Right to Correct: You may request correction of inaccurate personal data we hold about you.
  • Right to Delete: You may request deletion of your personal data, subject to certain exceptions permitted by law.
  • Right to Data Portability: You may request a copy of your personal data in a portable, readily usable format.
  • Right to Opt Out: You have the right to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any of these rights, contact us at the email address provided in Section 11. We will respond to your request within 45 days as required by law. We will not discriminate against you for exercising your privacy rights.

6. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Passwords are stored using bcrypt cryptographic hashing and are never stored in plaintext
  • All data transmission is encrypted using TLS/SSL
  • CSRF (Cross-Site Request Forgery) protection on all form submissions
  • Content Security Policy (CSP) headers to prevent cross-site scripting attacks
  • Rate limiting on authentication endpoints to prevent brute-force attacks
  • Session tokens are securely generated and managed

While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Google Calendar Data & Google API Disclosure

Our use of Google Calendar data complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request access to the calendar data necessary to provide the Service’s scheduling features
  • Calendar data is used solely for displaying your events and detecting scheduling conflicts
  • You may revoke access to your Google Calendar at any time from the Settings page
  • We store OAuth tokens securely on our servers; tokens are automatically refreshed and can be deleted by disconnecting your calendar
  • We do not use Google Calendar data for advertising or share it with third parties

8. Cookies & Local Storage

We use the following browser storage technologies:

  • Session Cookies: Essential cookies used to maintain your authenticated session. These are strictly necessary for the Service to function.
  • Local Storage: Used to store your theme preferences and, by design, task titles and descriptions to protect your privacy. This data remains on your device and is not transmitted to our servers.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your personal data within 45 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

Task metadata and schedule blocks are deleted immediately upon account deletion. Locally stored data (task titles, preferences) is managed by your browser and can be cleared at any time through your browser settings.

10. Children’s Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a data concern, please contact us at:

Arcos
Email: privacy@usearcos.com

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Terms of ServiceBack to Arcos