1. Introduction
This Privacy Policy explains how Arbor AI, Inc., referred to as “Arbor,” “we,” “us,” or “our,” collects, uses, discloses, and otherwise processes information in connection with Arbor’s websites, applications, beta products, software platform, professional interactions, communications, and related services, collectively, the “Services.”
Arbor provides legal technology software for attorneys and law firms. Arbor is not a law firm, does not provide legal advice, and does not form an attorney-client relationship with any person. The Services are intended to assist legal professionals with organizing matter materials, analyzing legal issues, generating structured legal reasoning artifacts, and working with uploaded documents. Attorneys and law firms remain responsible for legal judgment, professional obligations, client communications and use of any outputs generated through the Services.
This Privacy Policy should be read together with Arbor’s applicable customer agreement, order form, beta agreement, data processing agreement, business associate agreement if any, acceptable use terms and other written terms between Arbor and the applicable customer, collectively, the “Agreement.” If this Privacy Policy conflicts with a signed Agreement governing Arbor’s processing of Customer Content, the Agreement will control to the extent of the conflict and as permitted by law.
2. Scope and Defined Terms
For purposes of this Privacy Policy:
“Customer” means a law firm, legal organization, attorney, or other entity that has entered into an Agreement with Arbor or has been invited by Arbor to participate in a limited beta.
“Authorized User” means an attorney, paralegal, staff member, contractor, consultant, or other individual authorized by a Customer to access the Services.
“Customer Content” means information submitted to, uploaded to, stored in, processed through, or generated within the Arbor platform by or on behalf of a Customer or Authorized User. Customer Content may include prompts, instructions, uploaded documents, extracted text, document metadata, case summaries, matter notes, annotations, AI outputs, structured legal reasoning artifacts, search indexes, embeddings and other case or matter materials.
“Personal Information” means information that identifies, relates to, describes, can reasonably be associated with, or can reasonably be linked to an identified or identifiable person, including “personal data” and similar terms under applicable privacy laws.
When Arbor processes Customer Content to provide the platform to a Customer, Arbor generally acts as a service provider, processor, or similar role on behalf of the Customer, depending on the applicable law. The Customer is generally responsible for determining the purposes and lawful basis for processing Customer Content, including client, claimant, patient, medical, insurance, litigation and third-party information included in matter materials.
When Arbor processes business contact information, website information, marketing information, account administration information, security information, billing information, support communications, or similar information for Arbor’s own business purposes, Arbor may act as a controller, business, or similar role under applicable law.
3. Who Arbor Serves
Arbor is designed for attorneys, law firms and legal teams, including plaintiff-side personal injury and civil litigation practices. Arbor is not intended for direct use by law firm clients, prospective clients seeking legal representation, patients, claimants, witnesses, minors, or general consumers unless expressly authorized by a law firm Customer.
Customers and Authorized Users are responsible for ensuring that they have appropriate authority to submit information to the Services, including client information, case materials, medical records, police reports, insurance documents, discovery materials, correspondence, legal research, attorney work product and other litigation-related information.
4. Information Arbor Collects
The information Arbor collects depends on how a person interacts with the Services, whether the person is a Customer, Authorized User, website visitor, vendor, investor, job applicant, or other contact, and the configuration of the Services.
4.1 Account Information
We may collect account and authentication information, such as name, business email address, password or authentication credentials, firm affiliation, role, user permissions, workspace membership, account settings, multifactor authentication status if enabled, and related account administration information.
4.2 Firm and User Information
We may collect information about Customers and Authorized Users, such as firm name, business address, phone number, practice area, title, bar or professional role if provided, billing contact, contract contact, beta participation status, workspace configuration, user invitations and administrative preferences.
4.3 Client and Case Information
Customers and Authorized Users may upload or submit client and case information to the Services. This may include names, contact information, incident details, claims information, allegations, injury descriptions, treatment history, damages information, employment information, insurance information, family information, settlement information, court information, deadlines, legal theories, evidence summaries, witness information and other litigation-related information.
4.4 Uploaded Documents and Matter Materials
The Services may process documents and matter materials uploaded by or on behalf of Customers, such as client intake materials, medical records, billing records, police reports, accident reports, photographs, correspondence, pleadings, discovery, deposition materials, expert materials, insurance communications, demand materials, legal research, notes and work product. Arbor may extract text, metadata, entities, dates, topics, citations, summaries, tags, relationships, embeddings, search indexes and other processing artifacts from those materials to provide the Services.
4.5 Prompts, AI Inputs, Outputs and Feedback
When an Authorized User uses AI-enabled features, we may process prompts, questions, instructions, selected documents, retrieved context, generated responses, citations, reasoning artifacts, user edits, feedback, ratings, comments and related interaction data. AI outputs may be stored in the applicable workspace or matter, depending on product configuration and the Agreement.
4.6 Usage Data, Logs, Analytics and Device Information
We may collect information about use of the Services, including IP address, device identifiers, browser type, operating system, referring pages, pages viewed, feature usage, clicks, session information, timestamps, error logs, performance data, access logs, authentication events, security events and similar technical information. We may use cookies, pixels, local storage, software development kits and similar technologies as described in Section 17.
4.7 Communications and Support Information
We may collect information when you communicate with us, request access, participate in onboarding, ask for support, complete a survey, provide product feedback, join a beta interview, attend a demo, correspond by email or otherwise interact with Arbor. This may include contact details, message content, attachments, call notes, support logs and recordings where permitted by law and disclosed at the time of collection.
4.8 Payment, Contracting and Administrative Information
If applicable, we may collect billing, payment, tax, contract, procurement, vendor diligence and related administrative information. Payment processing may be handled by third-party payment providers subject to their own terms and privacy notices.
4.9 Information From Integrations and Third Parties
If a Customer enables an integration or directs Arbor to connect with another system, Arbor may receive information from that system as authorized by the Customer or Authorized User. Examples may include document repositories, cloud storage, email systems, practice management systems, identity providers, calendars, e-signature tools, customer support tools, legal research systems and other approved integrations. Arbor may also receive business contact information from referral partners, events, public sources, vendors and service providers.
4.10 Sensitive Information
Customer Content may include sensitive information, including attorney-client privileged information, attorney work product, legal matter information, information about injuries, health conditions, medical treatment, disability, insurance claims, financial losses, minors, precise incident locations, criminal or traffic matters, government identifiers and other information that may be regulated or confidential.
Arbor processes sensitive information in Customer Content to provide the Services at the direction of the Customer and as otherwise described in the Agreement. Customers should not submit sensitive information unless they are authorized to do so and the submission is necessary or appropriate for the intended legal workflow.
If a Customer is a HIPAA covered entity, business associate, or otherwise expects Arbor to create, receive, maintain or transmit protected health information subject to HIPAA, the Customer must ensure that an appropriate written agreement, including a business associate agreement if required, is in place before uploading such information. Arbor’s ability to support HIPAA-regulated data must be confirmed through the applicable Agreement and Arbor’s operational controls.
5. How Arbor Uses Information
Arbor may use information for the following purposes:
1. To provide, operate, maintain, secure and improve the Services.
2. To create and administer accounts, authenticate users, manage permissions and support Customer workspaces.
3. To process Customer Content, including uploading, parsing, extracting, indexing, searching, summarizing, analyzing and generating outputs from matter materials.
4. To provide AI-enabled features, including retrieval, document analysis, structured reasoning, drafting assistance, classification, chronology generation, issue spotting and related workflows.
5. To provide onboarding, training, beta support, technical support and customer success.
6. To monitor performance, troubleshoot errors, maintain reliability, prevent abuse, investigate security events and protect the Services.
7. To communicate with Customers and Authorized Users about the Services, including administrative notices, product updates, support responses, security notices and beta feedback.
8. To manage contracts, billing, procurement, vendor diligence and business operations.
9. To analyze usage trends, evaluate features and develop improvements, subject to the Customer Content restrictions described in this Privacy Policy and the Agreement.
10. To create aggregated or deidentified information that does not identify Customers, Authorized Users, clients, matters, documents, claimants, patients, witnesses, or other individuals.
11. To comply with legal obligations, enforce agreements, resolve disputes and protect rights, safety and security.
12. To send marketing communications to business contacts where permitted by law and subject to available opt-out choices.
Arbor does not use Customer Content for targeted advertising.
6. AI-Related Processing
Arbor uses AI, machine learning, large language models, retrieval systems, document processing tools, embeddings, classifiers and related technologies to provide the Services. These technologies may process Customer Content, prompts, uploaded documents, extracted text, metadata, user instructions, matter context and generated outputs.
AI-enabled features are intended to assist attorneys and legal professionals. AI outputs may be incomplete, inaccurate, inapplicable, outdated, unsupported, or inappropriate for a particular legal matter. Authorized Users are responsible for reviewing, validating and exercising independent professional judgment before relying on, filing, sending, or otherwise using any AI output. Arbor does not provide legal advice and does not replace attorney review.
Arbor may process Customer Content through Arbor systems and through approved service providers, including AI model providers, cloud infrastructure providers, document processing providers and other subprocessors, to provide the requested functionality. Customer Content may be transformed into temporary prompts, retrieved context, document chunks, embeddings, summaries, classifications, indexes, citations, annotations, outputs and other processing artifacts as necessary to provide the Services.
7. Use of Customer Content for AI Training and Product Improvement
As of the Last Updated date, Arbor does not use Customer Content from law firm workspaces to train or fine tune general purpose foundation models or third-party AI models, unless the Customer has expressly agreed in writing or affirmatively enabled a feature that clearly states otherwise.
Arbor seeks to use third-party AI model providers under business or enterprise terms that restrict the provider from using Customer Content to train the provider’s generally available models. The specific providers, configurations, retention settings and processing locations may be described in the Agreement, a subprocessor list, a security schedule, or other customer-facing documentation.
The restriction above does not prevent Arbor from:
1. Processing Customer Content to provide, secure, support and troubleshoot the Services for the applicable Customer.
2. Creating Customer-specific indexes, embeddings, summaries, structured artifacts, retrieval systems, configurations, or similar outputs within or for the Customer’s workspace.
3. Using Customer-authorized samples, feedback, evaluations, bug reports, or support materials to test, validate, debug, improve, or secure the Services.
4. Using aggregated, statistical, or deidentified information that does not identify a Customer, Authorized User, client, matter, document, claimant, patient, witness, or other person.
5. Processing information as necessary to comply with law, enforce the Agreement, prevent abuse, investigate security issues, or protect the Services.
6. Using information in any other manner expressly permitted by the Agreement.
Customers should review the applicable Agreement, subprocessor list and product settings before submitting highly sensitive Customer Content.
8. Legal Bases for Processing
Where applicable law requires a legal basis for processing Personal Information, Arbor relies on one or more of the following legal bases when Arbor acts as a controller or similar role:
1. Contract performance, including to provide the Services, administer accounts, provide support and manage the Customer relationship.
2. Legitimate interests, including securing the Services, improving product performance, preventing fraud and abuse, communicating with business contacts, conducting analytics and operating Arbor’s business, where those interests are not overridden by applicable rights and interests.
3. Consent, including for certain cookies, marketing communications, beta feedback activities, recordings, or optional features where consent is required.
4. Legal obligations, including compliance with tax, accounting, legal process, regulatory and security obligations.
5. Protection of rights, safety and security, including to protect Arbor, Customers, Authorized Users and others.
For Customer Content processed on behalf of a Customer, the Customer is generally responsible for identifying the applicable legal basis, providing required notices, obtaining required consents or authorizations and responding to requests from individuals whose Personal Information appears in Customer Content. Arbor will assist Customers as required by the Agreement and applicable law.
9. How Arbor Shares Information
Arbor may disclose information as described below:
1. With Customers and Authorized Users. Information in a Customer workspace may be available to the Customer, its administrators and Authorized Users based on account settings, permissions and product functionality.
2. With service providers and subprocessors. Arbor may share information with vendors that provide hosting, infrastructure, data storage, security, logging, analytics, AI processing, document processing, OCR, search, email, customer support, billing, communications, professional services and related functions.
3. With integrations selected by the Customer. If a Customer or Authorized User enables an integration, Arbor may share information with that third-party service as directed by the Customer or Authorized User.
4. With professional advisors. Arbor may disclose information to attorneys, auditors, accountants, insurers, consultants and other professional advisors.
5. For legal, safety and compliance purposes. Arbor may disclose information when we believe disclosure is required or appropriate to comply with law, legal process, regulatory requests, enforce agreements, protect rights, investigate security issues, prevent abuse, or protect the safety of Arbor, Customers, Authorized Users, clients, or others.
6. In business transactions. Arbor may disclose information in connection with a merger, acquisition, financing, investment, reorganization, bankruptcy, sale of assets, due diligence, or similar corporate transaction, subject to appropriate confidentiality protections where applicable.
7. With consent or direction. Arbor may disclose information with the consent or direction of the Customer, Authorized User, or other applicable person.
Arbor does not sell Customer Content. Arbor does not disclose Customer Content to data brokers or use Customer Content for cross-context behavioral advertising.
10. Service Providers and Subprocessors
Arbor uses service providers and subprocessors to operate and support the Services. These providers may process Personal Information and Customer Content only as necessary to perform services for Arbor and subject to contractual obligations appropriate to the nature of the services provided.
Subprocessors may include cloud hosting providers, database providers, identity and authentication providers, AI model providers, document processing providers, OCR providers, vector database or search providers, analytics and logging providers, customer support providers, email and communication providers, security providers and professional service providers.
Arbor makes available or will make available a subprocessor list upon request at patrick@arborcase.com. Customer rights to receive notice of new subprocessors or object to subprocessor changes, if any, will be governed by the applicable Agreement.
11. Law Firm Customer Responsibilities
Customers are responsible for their use of the Services and for the Customer Content they submit. Without limiting the Agreement, Customers are responsible for:
1. Determining whether they have authority to upload, process and use client, case, medical, insurance, employment, litigation, discovery, third-party and other matter materials through the Services.
2. Providing any client, claimant, patient, witness, employee, expert, opposing party, court, regulator, or other notices required by law, professional rules, protective orders, engagement letters, client agreements, court orders, discovery obligations, settlement agreements, or other duties.
3. Obtaining any required consents, authorizations, waivers, approvals, protective order permissions, HIPAA authorizations, business associate agreements, data processing agreements, or other permissions before submitting information to Arbor.
4. Evaluating privilege, work product, confidentiality, protective order, discovery, retention, legal hold, ethical and professional responsibility implications.
5. Configuring user access, workspace permissions, authentication settings, matter membership and integrations.
6. Reviewing AI outputs and exercising independent legal judgment.
7. Responding to individual rights requests relating to Personal Information contained in Customer Content, except where Arbor is legally required to respond directly.
8. Ensuring that use of the Services complies with applicable law and the Customer’s professional obligations.
Arbor is not responsible for a Customer’s legal advice, representation, professional judgment, client relationship, court filings, discovery decisions, client notices, privilege determinations, medical record authorizations, HIPAA status, or other legal or professional obligations.
12. Confidentiality and Attorney Work Product Sensitivity
Arbor recognizes that Customer Content may include confidential legal matter information, attorney-client communications, attorney work product, litigation strategy, sensitive health information and other highly sensitive materials. Arbor uses Customer Content to provide the Services and as otherwise permitted by this Privacy Policy and the Agreement.
Arbor maintains internal policies and access controls intended to limit personnel access to Customer Content to individuals with a business need, such as providing support, maintaining security, troubleshooting, improving reliability, or complying with legal obligations. Arbor personnel and service providers with access to Customer Content are expected to be subject to confidentiality obligations appropriate to their roles.
Use of Arbor does not itself determine whether attorney-client privilege, work product protection, confidentiality, or other protections apply or are preserved. Customers should evaluate privilege, work product and confidentiality considerations before uploading or processing matter materials through any technology platform.
13. Security Measures
Arbor uses administrative, technical and organizational safeguards designed to protect information processed through the Services. These safeguards may include access controls, authentication controls, encryption in transit, encryption at rest where supported, logging and monitoring, vendor review, personnel confidentiality obligations, role-based access, vulnerability management, backup practices, incident response procedures and security-oriented development practices.
No method of transmission, processing, or storage is perfectly secure. Arbor cannot guarantee that information will be completely secure or that unauthorized access, loss, misuse, disclosure, alteration, or destruction will never occur.
Customers and Authorized Users are responsible for maintaining the confidentiality of credentials, using appropriate authentication settings, limiting user access, promptly removing users who no longer need access and notifying Arbor of suspected unauthorized access or security issues at patrick@arborcase.com.
Security measures, certifications, audit reports, penetration testing summaries, incident notification commitments and similar obligations, if any, will be described in the applicable Agreement, security documentation, or customer diligence materials.
14. Data Retention
Arbor retains information for as long as reasonably necessary to provide the Services, maintain accounts, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements and maintain security, unless a different retention period is specified in the Agreement.
Customer Content is retained in accordance with the Agreement, product functionality, Customer settings and applicable legal requirements. During beta, some deletion, export and retention features may require assistance from Arbor support.
Arbor may retain account records, billing records, business communications, support records, security logs and legal records for longer periods where necessary for legitimate business, compliance, accounting, tax, security, audit, dispute resolution, or legal purposes.
Backups and disaster recovery copies may persist for a limited period after deletion from active systems and will be overwritten or deleted in accordance with Arbor’s backup practices, unless retention is required by law or the Agreement. Aggregated or deidentified information may be retained for longer periods if it does not identify Customers, Authorized Users, clients, matters, documents, or other individuals.
15. Data Deletion, Return and Export
Customers may request deletion, return, or export of Customer Content as provided in the Agreement and available product functionality. Arbor will take commercially reasonable steps to delete or return Customer Content in accordance with the Agreement, subject to technical feasibility, backup retention, legal obligations, dispute preservation, security requirements and any other lawful basis for retention.
Authorized Users should contact their Customer administrator for requests involving Customer Content in a law firm workspace. Arbor may be unable to respond directly to requests involving Customer Content without instructions from the Customer, unless required by law.
Deletion may affect related outputs, indexes, embeddings, summaries, annotations and other processing artifacts associated with the deleted Customer Content. Some information may remain in support tickets, logs, backups, audit records, or legal records for the periods described in this Privacy Policy and the Agreement.
16. International Processing and Transfers
Arbor is based in the United States of America. Information may be processed and stored in the United States and other countries where Arbor or its service providers operate. These countries may have data protection laws that differ from the laws of the country where the information was originally collected.
Where required by applicable law, Arbor will use appropriate transfer mechanisms for international transfers, which may include Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, data processing agreements, contractual commitments, or other lawful transfer mechanisms. Region-specific hosting or processing commitments, if any, must be set out in the applicable Agreement.
17. Cookies and Tracking Technologies
Arbor may use cookies and similar technologies on its websites and within the Services. These technologies may be used to:
1. Operate essential website and platform functionality.
2. Authenticate users and maintain sessions.
3. Remember preferences.
4. Measure performance and usage.
5. Understand how visitors and users interact with the Services.
6. Improve reliability, security and product design.
7. Support marketing and communications for Arbor’s website, where permitted by law.
Arbor does not use Customer Content for targeted advertising. If Arbor uses website analytics or advertising technologies that constitute a “sale,” “sharing,” or “targeted advertising” under applicable state privacy laws, Arbor will provide the required opt-out mechanism, including through a cookie preference tool where appropriate.
Arbor’s response to browser-based opt-out preference signals, including Global Privacy Control, will be implemented where required by applicable law and supported by Arbor’s applicable website tooling.
18. Marketing Communications
Arbor may send marketing communications to business contacts, including information about products, events, updates and resources. Recipients may opt out of marketing emails by using the unsubscribe link in the email or contacting patrick@arborcase.com. Arbor may still send transactional, administrative, security, legal and service-related communications.
Arbor does not use Customer Content to market to law firm clients, claimants, patients, witnesses, opposing parties, or other individuals whose information appears in Customer Content.
19. User Choices and Privacy Rights
Depending on applicable law and Arbor’s role, individuals may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, opt-out of certain processing, or other rights regarding Personal Information.
Arbor may deny or limit requests where permitted by law, including where fulfilling the request would adversely affect the rights of others, conflict with legal obligations, compromise security, reveal confidential business information, or interfere with Customer-controlled data.
Requests relating to Personal Information contained in Customer Content should generally be directed to the law firm Customer that controls the relevant matter or workspace. Arbor will assist Customers with such requests as required by the Agreement and applicable law.
20. U.S. State Privacy Notice
This section supplements the Privacy Policy for residents of California and other U.S. states with privacy laws, to the extent those laws apply to Arbor.
20.1 Categories of Personal Information
Arbor may collect the following categories of Personal Information:
1. Identifiers, such as name, business email address, postal address, phone number, account identifiers and online identifiers.
2. Customer records information, such as business contact details, billing contact information and account information.
3. Commercial information, such as subscription, beta participation, product interest, contract and transaction information.
4. Internet, device and network activity information, such as IP address, device information, logs, pages viewed, feature usage, cookies and analytics data.
5. Professional or employment-related information, such as firm name, title, role, practice area and professional affiliation.
6. Audio, electronic and visual information, such as support call recordings, demo recordings, uploaded images, or document images, where applicable.
7. Inferences, such as business preferences, product interests, usage patterns and support needs.
8. Sensitive Personal Information, such as account credentials and, within Customer Content, information that may relate to health, injuries, medical treatment, government identifiers, minors, precise locations, legal matters, financial information, or other sensitive subjects.
Customer Content may include additional categories of Personal Information depending on what the Customer uploads or submits.
20.2 Sources
Arbor may collect Personal Information from individuals, Customers, Authorized Users, devices, browsers, service providers, integrations, business partners, public sources and Customer-submitted materials.
20.3 Purposes
Arbor uses Personal Information for the purposes described in Sections 5 through 7, including providing the Services, administering accounts, processing Customer Content, supporting AI-enabled workflows, security, support, analytics, compliance, communications and business operations.
20.4 Disclosures
Arbor may disclose Personal Information to the categories of recipients described in Sections 9 and 10, including service providers, subprocessors, Customers, Authorized Users, integrations selected by Customers, professional advisors, legal recipients and parties involved in business transactions.
20.5 Sale, Sharing and Targeted Advertising
Arbor does not sell Customer Content and does not use Customer Content for cross-context behavioral advertising or targeted advertising.
Arbor may use certain website analytics or advertising technologies for business-to-business marketing. Depending on applicable law, some of these technologies may be considered a sale, sharing, or targeted advertising.
20.6 Sensitive Personal Information
Arbor uses Sensitive Personal Information only for purposes permitted by applicable law, including providing the Services, securing accounts, processing Customer Content at the direction of Customers, detecting security incidents, resisting malicious activity, providing support, complying with law and as otherwise authorized by the individual or Customer.
20.7 State Privacy Rights
Subject to applicable law, residents of certain states may have rights to:
1. Know or access the Personal Information collected about them.
2. Receive a portable copy of certain Personal Information.
3. Correct inaccurate Personal Information.
4. Delete certain Personal Information.
5. Opt out of sale, sharing, targeted advertising, or certain profiling.
6. Limit certain uses or disclosures of Sensitive Personal Information.
7. Appeal a denied privacy request.
8. Be free from unlawful discrimination for exercising privacy rights.
To exercise these rights, contact patrick@arborcase.com. To appeal a decision, contact patrick@arborcase.com with “Privacy Appeal” in the subject line. Authorized agents may submit requests where permitted by law, subject to verification and proof of authority.
21. International Privacy Rights
If you are located in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with similar laws, you may have rights to access, correct, delete, restrict, object to processing, request portability, withdraw consent and lodge a complaint with a supervisory authority, subject to applicable law.
Where Arbor acts as a processor for Customer Content, requests should generally be submitted to the Customer that controls the relevant workspace or matter. Where Arbor acts as a controller, requests may be submitted to patrick@arborcase.com.
22. Children’s Privacy
The Services are not directed to children and are not intended for use by individuals under 18 years of age. Arbor does not knowingly collect Personal Information directly from children through the Services.
Customer Content may include information about minors where relevant to a legal matter. In those circumstances, Arbor processes such information at the direction of the Customer and in accordance with the Agreement. Customers are responsible for determining whether they have appropriate authority to submit information about minors to the Services.
23. Third-Party Sites and Services
The Services may link to or integrate with third-party websites, applications and services. This Privacy Policy does not apply to third-party services that Arbor does not control. Customers and Authorized Users should review the privacy notices and terms of any third-party service before enabling integrations or sharing information with that service.
24. Beta Product Limitations and Evolving Practices
Arbor is currently making the Services available through a limited beta with selected law firms. Beta features, workflows, AI capabilities, retention settings, security controls, integrations, hosting arrangements, subprocessors, support processes and documentation may evolve as Arbor develops the Services.
During beta, Arbor may collect enhanced feedback, diagnostics, support information, reliability data and product usage information to evaluate, secure and improve the Services. Arbor will handle that information consistent with this Privacy Policy and the Agreement.
Customers should not upload information to the beta Services unless they have authority to do so, have evaluated applicable legal and professional obligations, and are comfortable with the beta nature of the Services. If a Customer requires specific security, retention, deletion, hosting, compliance, HIPAA, audit, subprocessor, or AI provider commitments, those commitments must be documented in the applicable Agreement before the Customer uploads regulated or highly sensitive information.
25. Changes to This Privacy Policy
Arbor may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, industry practices, or Arbor’s operations. The updated version will be indicated by an updated “Last Updated” date.
If Arbor makes material changes to this Privacy Policy, Arbor will provide notice as required by law, which may include posting notice on the website, providing notice within the Services, or sending notice to Customers or Authorized Users. Continued use of the Services after an updated Privacy Policy becomes effective will be governed by the updated Privacy Policy, subject to the applicable Agreement.