Effective Date: February 3, 2026
Last Updated: February 3, 2026
Welcome to Arca, a privacy-first transcription assistant designed specifically for therapists and mental health professionals. We are committed to protecting your privacy and ensuring your sensitive clinical data remains secure. This Privacy Policy explains how we collect, use, and protect your information.
The core principle of Arca is that your sensitive audio and transcription data never leave your device.
On-Device Processing: All Speech-to-Text (STT) transcription is performed entirely on your physical hardware.
No Audio Storage: We do not upload, collect, or store your audio recordings or their resulting transcripts on our servers or any third-party cloud.
Local Encryption: Your clinical notes are stored in an encrypted local database (Hive) using hardware-backed security (iOS Keychain and Android Keystore).
To provide and manage your professional service, we collect a minimal amount of technical metadata:
2.1. Store-Linked Identity: We do not require you to create an account or provide an email address. Instead, we use your device's unique App Store or Google Play Store ID to manage your access and subscription status.
2.2. Metadata & Credit Balance: Your remaining session credits and subscription status are managed through a secure cloud ledger. This ensures that if you switch devices, you can use the "Restore Purchases" feature to regain access to your professional tools and credit balance.
2.3. Transactional Data: RevenueCat processes and validates your in-app purchases through your platform's official store. We do not have access to your payment methods or personal financial details.
We use the collected metadata solely for the following purposes:
To manage your "Plus" subscription and session credit balance.
To facilitate secure in-app purchases and handle payment restoration.
To ensure the security and technical functionality of the application.
We partner with a minimal number of trusted service providers for billing and infrastructure:
RevenueCat: For cross-platform in-app purchase management and entitlement validation.
Apple App Store / Google Play Store: For payment processing. We do not see or store your credit card details.
Google Firestore: For maintaining a secure, anonymous ledger of your purchased session credits.
Metadata: Information related to your credits and purchase history is retained as long as necessary to facilitate your subscription and comply with store policies.
User Control: Because we do not store personal identifiers like names or emails, you can discontinue service simply by deleting the app or managing your subscription in your device's store settings.
Local Data: You are solely responsible for the deletion of transcripts and audio files stored locally on your device.
KVKK (Türkiye): We comply with the Turkish Personal Data Protection Law (KVKK). As a developer based in İstanbul, I respect your rights to access or request the deletion of your anonymous metadata.
HIPAA (USA): Arca is designed to support HIPAA compliance by ensuring that Protected Health Information (PHI), such as session audio and transcripts, is encrypted at rest and never transmitted to our servers.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top.
If you have any questions or suggestions about this Privacy Policy, please contact:
Samet Şahin Email: a.sahin.ual@gmail.com Location: İstanbul, Türkiye