Privacy Policy

ArchReady ("we", "us", "our") is an online platform that helps software engineers prepare for architecture and system design interviews. Our service is operated by ArchReady and is accessible at archready.co.

For privacy enquiries, contact us at privacy@archready.co.

We collect the following categories of personal data:

• Account data — your full name, email address, and phone number when you create an account.
• Usage data — exam attempts, topic progress, scores, streaks, and activity timestamps generated as you use the platform.
• Payment data — subscription tier, billing period, currency, and payment gateway (eSewa or Stripe). We do not store raw card numbers — these are handled by our payment processors under their own PCI-DSS compliance.
• Technical data — IP address, browser type, device information, and session tokens used to secure and operate the service.

• To create and manage your account.
• To deliver the exam, library, and scenario practice features.
• To process subscription payments and send receipts.
• To send transactional emails (account verification, password reset).
• To improve the platform through aggregated, anonymised analytics.
• To comply with legal obligations.

We do not sell your personal data to third parties or use it for targeted advertising.

Where applicable, we process your data under the following legal bases:

• Contract — processing necessary to provide the service you signed up for.
• Legitimate interests — security monitoring, fraud prevention, and product improvement.
• Legal obligation — tax records, dispute resolution.
• Consent — optional marketing communications (you can opt out at any time).

We retain your account and usage data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (typically 7 years for billing records).

We share data with the following processors solely to operate the service:

• Stripe — payment processing for global users.
• eSewa — payment processing for Nepal users.
• Vercel — hosting and edge infrastructure.
• Email provider — transactional email delivery.

Each processor is bound by a Data Processing Agreement and applicable privacy laws.

We use browser localStorage to store your authentication refresh token and session preferences. We do not use third-party tracking cookies. If you clear your browser storage, you will be signed out.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict certain processing.
• Data portability — receive your data in a machine-readable format.

To exercise any of these rights, email privacy@archready.co and we will respond within 30 days.

All data in transit is encrypted with TLS 1.3. Passwords are never stored — we use token-based authentication. Access tokens are stored in memory only and refresh tokens are stored in localStorage. We conduct periodic security reviews.

We may update this policy as the product evolves. When we do, we will update the "Last updated" date above and, for material changes, notify you by email. Continued use of ArchReady after a change constitutes acceptance of the updated policy.

Questions about this policy? Email privacy@archready.co or write to us at ArchReady, Kathmandu, Nepal.