Privacy Policy

Effective Date: March 8, 2026  |  Version 5.0

This Privacy Policy describes how Geometric Data Systems, Inc. (“Arithym,” “Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use the Arithym computation service, website, APIs, and related services (the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address, the date and time of registration, your IP address at the time of signup, and your acceptance of our Terms of Service with timestamp.

1.2 API Usage Data

When you use the Service, we collect: the number of API calls per day (aggregated by API key hash), the date and time of each request, and rate limit metadata. We do not log, store, or retain the content of your computational inputs or outputs. Your mathematical queries and their results are processed in memory and discarded after the response is returned.

1.3 Payment Information

If you subscribe to a paid tier, payment information (credit card numbers, billing addresses) is collected and processed directly by our payment processor, Stripe, Inc. We do not store your payment card information on our servers. We receive from Stripe only: your Stripe customer ID, subscription status, current billing period, and payment history (amounts and dates). For Stripe’s privacy practices, see Stripe’s Privacy Policy.

1.4 Technical Data

We may collect standard server logs including IP addresses, request timestamps, HTTP methods, response codes, and user agent strings. This data is used for security monitoring, abuse prevention, and service reliability.

1.5 Website Data

Our website (arithym.xyz) does not use cookies for tracking or advertising purposes. We do not use any third-party analytics services. The website loads Google Fonts for visual presentation; Google’s font serving may collect standard web request data per their privacy policy.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your API requests and enforce usage limits per your subscription tier
• Process payments and manage your subscription
• Communicate with you about your account, including service announcements and security alerts
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

We do not use your information for advertising, marketing to third parties, profiling, or automated decision-making. We do not sell your information.

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

Recipient	Data Shared	Purpose
Stripe, Inc.	Email, payment details	Payment processing
DigitalOcean, Inc.	Server infrastructure data	Cloud hosting
Law enforcement	As required by law	Legal compliance

We may also disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation, court order, or government request; (b) protect the rights, property, or safety of Arithym, our users, or the public; (c) enforce our Terms of Service; or (d) detect, prevent, or address fraud, security, or technical issues.

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your information as follows:

• Account information: Retained for the life of your account plus 30 days after deletion.
• Daily usage data: Aggregated into monthly summaries after 90 days. Daily records are deleted after aggregation.
• Monthly usage data: Aggregated into annual summaries after 13 months.
• Annual usage data: Retained for 7 years for tax and accounting purposes, then deleted.
• Server logs: Retained for up to 30 days, then deleted.
• Computational inputs/outputs: Not retained. Processed in memory only.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including:

• SSL/TLS encryption for all data in transit
• API key storage using one-way cryptographic hashing (SHA-256) — we cannot retrieve your raw API key
• Database encryption at rest
• Access controls limiting employee access to production systems
• Regular security monitoring and log review

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the security of your API Key and account credentials.

6. Your Rights

6.1 All Users

Regardless of your location, you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate personal information.
• Deletion: Request deletion of your account and associated personal information.
• Data Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your personal information in certain circumstances.

To exercise any of these rights, contact us at jacob@arithym.xyz. We will respond to your request within 30 days.

6.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of your personal information — we do not sell personal information
• The right to non-discrimination for exercising your privacy rights
• The right to correct inaccurate personal information
• The right to limit use and disclosure of sensitive personal information

In the preceding 12 months, we have collected the categories of personal information described in Section 1 above. We have not sold personal information to third parties. We have disclosed personal information to the service providers listed in Section 3 for the business purposes described therein.

6.3 European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your personal information is: (a) performance of a contract (providing the Service); (b) legitimate interests (security, fraud prevention); and (c) your consent (where applicable). For data transfers outside the EEA, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

7. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child under 18, please contact us.

8. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

9. Data Breach Notification

In the event of a data breach that compromises your personal information, we will: (a) investigate the breach promptly; (b) take reasonable steps to mitigate the effects; (c) notify affected users via email within 72 hours of becoming aware of the breach, where feasible; and (d) notify relevant regulatory authorities as required by applicable law.

10. Do Not Track

Our website does not respond to “Do Not Track” browser signals because we do not engage in cross-site tracking. We do not use cookies for tracking or advertising purposes.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party services you access.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Service after the effective date of revised policy constitutes your acceptance of those changes.