Argus HQ — Privacy Policy
Last updated: June 28, 2026 Version: 1.0 Effective date: Date of publication.
This Privacy Policy explains how Digital Empire LLC ("Argus HQ", "we", "us", "our"), a Wyoming limited liability company with its registered office at 30 N Gould St Ste N, Sheridan, WY 82801, collects, uses, shares, and protects personal data when you visit argushq.ai or use the Argus HQ service (the "Service").
For purposes of the EU General Data Protection Regulation ("GDPR") and the UK GDPR, Digital Empire LLC is the controller of personal data we collect directly from website visitors and account holders, and a processor in respect of personal data contained in Customer Data submitted by Customer through the Service.
For purposes of the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA"), Digital Empire LLC is the "business".
Modeled on the publicly available privacy policies of Stripe, Notion, Linear, Vercel, and Plaid, and on the IAPP CCPA / GDPR template structures. Reviewed against the IAB Transparency and Consent Framework v2.2 standards for cookie disclosure.
1. Plain-English summary (non-binding)
- We collect your email when you sign up, watchlist content you create, payment information through Stripe, and product-usage analytics through PostHog.
- We use this data to operate the Service, send you the alerts and emails you signed up for, support you, and improve the product. We do not sell personal data.
- We use sub-processors (Stripe, Supabase, Resend, Anthropic, PostHog, and a hosting provider). Each has its own privacy policy linked below.
- If you are in the EU, UK, California, Virginia, Colorado, Connecticut, Utah, or any other jurisdiction with privacy rights, you can request access, deletion, correction, or portability of your personal data by emailing
privacy@argushq.ai. - Active-account data is retained while your account exists. After cancellation, we delete or anonymize Customer Data within ninety (90) days, except where law requires longer retention.
2. Personal data we collect
2.1 Data you give us
- Account data: email address, organization name (optional), authentication tokens. We use passwordless magic links via Supabase Auth, so we do not collect or store a password.
- Watchlist data: company names, NAICS codes, SKUs, keywords, and other terms you submit for monitoring. Watchlist data may incidentally contain personal data if you enter the name of a natural person — you are responsible for the lawfulness of that submission.
- Billing data: handled by Stripe. We receive a customer ID, the last four digits of your payment method, the card brand, and an invoice history. We do not see or store full payment-card numbers, CVCs, or bank account credentials.
- Support data: emails, chat transcripts, screenshots, or other content you send to us.
- Integration data: webhook URLs, Slack workspace IDs, OAuth tokens — strictly as needed to deliver alerts.
2.2 Data we collect automatically
- Device and connection data: IP address, browser type and version, operating system, device identifiers, time zone, language, referring URL.
- Usage data: pages viewed, features used, watchlist match events, click events, error logs, performance metrics. Collected via PostHog (product analytics) and our own logging.
- Cookies and similar technologies: see the Cookie Policy.
2.3 Data we generate
- AI Output: summaries, classifications, and confidence scores generated by Anthropic Claude when processing public source records matched to your watchlists.
- Aggregated and de-identified data: statistics that cannot be linked back to you.
2.4 Data we do not collect
- We do not collect sensitive personal data under GDPR Art. 9 (e.g., race, religion, biometrics, health) unless you voluntarily place it in a watchlist or support message. Do not submit sensitive data to the Service.
- We do not knowingly collect data from anyone under sixteen (16) years of age (see Section 9).
- We do not collect precise geolocation.
3. Why we use personal data (legal bases under GDPR)
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide the Service, fulfill the subscription contract | Performance of a contract (Art. 6(1)(b)) |
| Send transactional emails (magic-link, billing receipts, alerts you subscribed to) | Performance of a contract (Art. 6(1)(b)) |
| Process payments via Stripe | Performance of a contract (Art. 6(1)(b)) |
| Operate analytics, monitor uptime, debug, improve the product | Legitimate interests (Art. 6(1)(f)) — running and improving a paid B2B service |
| Send product update or marketing emails | Consent (Art. 6(1)(a)) for EU/UK; legitimate interests with opt-out for the US |
| Comply with law, respond to lawful requests, defend legal claims | Legal obligation / legitimate interests (Art. 6(1)(c), (f)) |
| Detect fraud, abuse, and security incidents | Legitimate interests (Art. 6(1)(f)) |
4. How we share personal data
We do not sell personal data and we do not share personal data for cross-context behavioral advertising (in CCPA terms).
We share personal data with:
4.1 Sub-processors
| Sub-processor | Purpose | Location | Privacy policy |
|---|---|---|---|
| Stripe, Inc. | Payment processing, subscription billing | USA | https://stripe.com/privacy |
| Supabase, Inc. | Database, authentication, file storage | USA | https://supabase.com/privacy |
| Resend, Inc. | Transactional and alert email delivery | USA | https://resend.com/legal/privacy-policy |
| Anthropic, PBC | AI summarization of public records | USA | https://www.anthropic.com/legal/privacy |
| PostHog, Inc. | Product analytics, session-level event data | USA (with EU region option) | https://posthog.com/privacy |
| Vercel, Inc. | Web hosting and edge delivery | USA / global edge | https://vercel.com/legal/privacy-policy |
| Cloudflare, Inc. | DNS, CDN, security | USA / global edge | https://www.cloudflare.com/privacypolicy/ |
We may add or change sub-processors. The current list is maintained at argushq.ai/legal/subprocessors. Material changes are notified by email at least thirty (30) days in advance for Customers who request notice.
Each sub-processor is bound by written terms restricting their use of personal data to the purposes described.
4.2 Compliance, safety, and legal
We may disclose personal data when required by law, valid legal process, or to investigate suspected fraud, abuse, or threats to the security of the Service or any person.
4.3 Business transfers
If Argus HQ is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction. We will give notice consistent with applicable law.
4.4 With your consent
For any other sharing, we will ask you first.
5. International data transfers
Our primary infrastructure is hosted in the United States. If you access the Service from outside the US, including the EU, UK, or Switzerland, your personal data will be transferred to and processed in the US, which may not provide the same level of protection as your home country.
For transfers of EU/UK/Swiss personal data, we rely on:
- the EU Standard Contractual Clauses (Module Two for controller-to-processor) and the UK International Data Transfer Addendum, as applicable, with each sub-processor;
- additional technical and organizational measures, including encryption in transit (TLS 1.2+) and at rest;
- a Data Processing Addendum available on request at
privacy@argushq.ai.
6. Your rights
Depending on your jurisdiction, you may have the right to:
- Access a copy of the personal data we hold about you.
- Correct inaccurate or incomplete personal data.
- Delete personal data ("right to be forgotten") — subject to certain exceptions, e.g., where retention is required by law or for tax or accounting purposes.
- Restrict or object to certain processing.
- Portability — receive a copy of certain personal data in a structured, machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Opt out of "sale" or "sharing" under CCPA (we do neither, but you may still submit a request).
- Limit the use of sensitive personal information under CCPA (not applicable — we do not collect sensitive PI).
- Lodge a complaint with a supervisory authority (for EU residents) or the California Attorney General (for California residents).
To exercise any right, email privacy@argushq.ai from the email associated with your account. We respond within thirty (30) days (forty-five (45) days under CCPA) and may need to verify your identity before fulfilling the request.
We will not discriminate against you for exercising any privacy right.
7. Data retention
| Category | Retention |
|---|---|
| Active account data (email, watchlists, alert history) | While account is active |
| Account data after cancellation | Deleted or anonymized within 90 days of cancellation, except as required by law |
| Billing records (invoices, payment metadata) | Seven (7) years for US tax and accounting compliance |
| Server logs and security audit logs | 90 days rolling |
| Product analytics (PostHog event data) | 12 months rolling |
| Support email threads | 2 years from last interaction |
| Backups | Encrypted, overwritten within 30 days |
If you request deletion, we will purge data from active systems within thirty (30) days and from backups within the next backup-rotation cycle (no more than thirty additional days), except for data we are legally required to retain.
8. Security
We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal data, including:
- TLS 1.2+ encryption in transit
- Encryption at rest for Supabase Postgres
- Row-level security on all customer data tables
- Sub-processor selection that meets SOC 2 Type II (Stripe, Supabase, Vercel, Cloudflare, Anthropic, PostHog)
- Principle of least privilege for administrative access
- Magic-link authentication via Supabase (no stored passwords on our side)
No system is perfectly secure. We do not warrant that the Service is invulnerable to breach. If we become aware of a breach affecting your personal data, we will notify you and any regulator as required by applicable law.
9. Children's privacy
The Service is intended for business users aged 18 or older. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, contact privacy@argushq.ai and we will delete it.
10. Cookies
See the Cookie Policy. In short: we use essential authentication cookies, an optional PostHog analytics cookie, and Stripe checkout cookies. EU/UK visitors are presented with a consent banner before any non-essential cookie is set.
11. Do Not Track
The Service does not currently respond to browser "Do Not Track" signals because there is no agreed industry standard. You can opt out of analytics via the cookie banner or by emailing privacy@argushq.ai.
12. California-specific disclosures (CCPA / CPRA)
In the prior 12 months we have collected the following categories of personal information under CCPA: identifiers (email, IP, account ID), commercial information (subscription status, invoices), internet activity (usage events), and inferences derived from the foregoing. We collected this from you directly and automatically through the Service.
We disclosed identifiers and internet activity to service providers (the sub-processors in Section 4.1) for business purposes. We did not sell or share personal information for cross-context behavioral advertising in the prior 12 months and do not intend to. We have no actual knowledge of selling or sharing personal information of consumers under 16.
California residents may submit requests to know, delete, correct, or limit by emailing privacy@argushq.ai or by mail to the address in Section 16. You may designate an authorized agent — we will require written authorization and identity verification.
13. EEA, UK, and Swiss residents
The data controller is Digital Empire LLC at the address in Section 16. We have not appointed an Article 27 EU representative because we do not currently target users in the EU at scale; we will appoint one if and when our EU processing meets the Art. 27 threshold. You may lodge a complaint with the supervisory authority in your jurisdiction.
14. State-specific notices
For residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other US states with privacy laws, the rights and processes described in Sections 6 and 7 satisfy applicable state requirements. The appeal address for denied requests is privacy@argushq.ai.
15. Changes to this policy
We may update this Privacy Policy. Material changes will be notified by email and posted at argushq.ai/legal/privacy with a new "Last updated" date. Continued use of the Service after the effective date constitutes acceptance.
A version history is maintained at argushq.ai/legal/privacy/history.
16. Contact
Privacy requests: privacy@argushq.ai
General legal: legal@argushq.ai
Mailing address: Digital Empire LLC, 30 N Gould St Ste N, Sheridan, WY 82801, USA

