Legal · Ark HQ
Trust & Compliance
School data is sensitive personal data. Here is how Ark HQ handles it, and the policies that back it up.
Policies in final legal review
Our policies
- Privacy Policy — what data we hold, why, and your rights.
- Cookie Policy — cookies and similar technologies.
- Terms of Service — the terms for using this website.
- Accessibility — our WCAG 2.2 AA commitment.
Data protection
For data inside our products the school is the controller and Ark HQ is a processor on its instructions. We provide a signed Data Processing Agreement on request, with DPIA support. We are subject to the Irish Data Protection Commission and, for UK schools, the ICO.
Sub-processors
We use a small, named set of sub-processors — EU hosting [—], our AI model provider [—], Resend (transactional email) and HubSpot (scheduling and CRM). The definitive list is available on request and is kept current here.
[Publish and maintain the sub-processor table.]
Security & EU data residency
Data is hosted in the European Union and isolated per school. Access is least- privilege; data is encrypted in transit and at rest; and AskArk tokenises identifiers before any AI processing, so the model only ever sees anonymised data. [Add the formal security overview / certifications.]
Children’s & student data
We follow the DPC’s Fundamentals for a Child-Oriented Approach to Data Processing: minimise what we hold, keep it for the school, never use it to train a public model, and prefer on-device processing for the most sensitive summarising.
Data-protection contact
For any data-protection matter — a DPA, a DPIA, a sub-processor query or a data-subject request — contact privacy@thearkhq.com. [Name the DPO.]