Back to Home

Privacy policy

Last updated: 4 June 2026

1. Introduction

Alchemy ("the Service") is operated by Archer & Rose Inc., a Canadian corporation registered in Alberta ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your personal information.

The sole purpose of Alchemy is to help leaders become better leaders. The Service collects sensitive psychometric and reflective data that requires a high degree of trust. Your data is never shared for any reason beyond delivering the Service itself, and any technologies we use, such as session tokens, exist only to make the tool easier and more secure to use. Without this commitment to privacy and security, the Service could not provide the psychological safety needed for honest reflection and personal learning.

2. Information we collect

Account information

When you register, we collect your email address and a securely stored password. If you choose to use biometric login (fingerprint or face recognition) instead of a password, your biometric data never leaves your device. We store only a cryptographic key that allows your device to verify your identity on your behalf. We do not store passwords in readable form.

Profile and personal data

You may provide personal information such as your name, professional context, psychometric assessment results, and uploaded documents. This data is used exclusively to personalise your experience and allow you the ability to interact with these materials to learn more about your leadership style.

Chat conversations

Your conversations within the application are stored to provide continuity across sessions and to build a history you can reference in other conversations. All message content is encrypted at rest.

Usage data

We collect interaction events (e.g., session starts, feature usage) for service improvement. These logs are also encrypted and are not shared externally.

Payment information

We do not collect or store credit card numbers, bank details, or other payment credentials. All payment processing is handled by Paddle.com, our merchant of record. Paddle's privacy policy applies to payment data:  paddle.com/legal/privacy.

3. How we use your data

  • To provide and personalise the Service
  • To maintain your profile and conversation history
  • To send service-related communications (account verification, password resets)
  • To respond to help requests and feedback
  • To monitor and improve the Service
  • To enforce our Terms of Service

4. How we protect your data

  • Encryption at rest: Personal data, chat messages, and psychometric data are encrypted before storage
  • Encryption in transit: All connections use HTTPS/TLS
  • Access control: Only you and the application access your personal data. Administrators cannot view your data without a time-limited support token that you generate
  • Biometric authentication: WebAuthn passkey support for passwordless login

5. Data sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. The Service uses a dedicated engine to generate responses. Your conversation content is processed solely to provide the Service and is never used to train other models or applications.

What we never do

Alchemy holds sensitive reflective and psychometric data, so some commitments are easier to state by what we will never do:

  • We never obtain information about you from outside sources. We do not buy, license, or collect personal information about you from data brokers, social media platforms, public records, or any other third party. Everything we hold, you gave us directly.
  • We never build a profile of you from outside data. Your information is never combined with data acquired from anyone else to enrich or infer details you did not share.
  • We never sell or rent your personal data, to anyone, for any purpose.
  • We never share your data with advertisers, advertising or affiliate networks, data brokers, or marketing partners. We run no advertising and no third-party tracking (see Section 8).

Payment

We never receive or store your card details. When you subscribe, your payment information is collected directly by Paddle.com, our merchant of record, under Paddle's own privacy policy. We see only what we need to manage your subscription, such as whether it is active, never your financial credentials.

6. Data retention

Your data is retained for as long as your account is active. You may delete individual files, conversations, or your entire profile at any time. Full account withdrawal permanently and irreversibly deletes all personal data, with interaction logs anonymised for aggregate analytics.

7. Your rights

You have the right to:

  • Access your personal data (via your profile and file manager)
  • Correct inaccurate data (via profile editing)
  • Delete your data (via the data purge or account withdrawal features)
  • Export your data (via the chat export feature)
  • Withdraw consent at any time by deleting your account

8. Cookies and tracking

The Service uses session-based authentication tokens stored in your browser's session storage. We do not use third-party tracking cookies, advertising pixels, or third-party analytics services such as Google Analytics. We run no cross-site tracking and no advertising.

To understand how people find and use our public pages, we operate our own first-party, cookieless analytics. It is built into the Service and uses no third party. On our public marketing pages we record an anonymous page view that captures the page visited, the kind of source that referred you (for example a search engine or a link), your approximate location (country, province or state, and city), and whether you are on a mobile or desktop device. Location is approximate, derived from your IP at the city level at best; we do not collect precise or GPS location. We do not store your IP address: it is converted on the fly into a daily, one-way code that cannot be traced back to you and cannot be linked from one day to the next. We do not run this analytics inside the signed-in application.

9. Children's privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

10. International data transfers

The Service is hosted on secure infrastructure in Canada. If you access the Service from outside Canada, your data may cross international borders during transit. All data at rest is stored within Canada.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. Continued use after changes constitutes acceptance.

12. Contact

For privacy-related questions or data requests, contact: research@alchemyleadership.ai