Arkestro Color Logo
Arkestro Color Logo
Arkestro Color Logo
Arkestro Color Logo
Arkestro, an AI-powered software, can provide you with multiple capabilities. Check out this comprehensive report from Gartner®.
Privacy Policy

Privacy Policy

Privacy Policy

Effective Date: 11/21/23

Arkestro, Inc. [and our subsidiaries and affiliates] (“we”, “us”, or “our”) is committed to protecting your privacy.  We have prepared this “Privacy Policy” to describe to you our practices regarding the personal information we collect in connection with our websites,,, and any permutation thereof owned and operated by Arkestro Inc., our mobile applications and our automated procurement platform (the “Website”), and all other websites, features or online services that are owned or controlled by Arkestro and that post a link to this Privacy Policy (collectively with our Website, the “Services”).

Click on one of the links below to jump directly to the listed section:

I. Scope of This Privacy Policy

This Privacy Policy describes the types of personal information we collect when you interact with us online in connection with our Services, and how Arkestro collects, uses, maintains, protects and discloses your personal information.  This policy governs any of the Services that link to or on which the Privacy Policy is posted, but does not apply to information collected by Arkestro offline or through any other means.

Arkestro does not control the privacy practices of users, buyers, vendors and other third parties that interact with and communicate through our Services.  These independent companies are solely responsible for their privacy practices and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection or handling of personal information that they may receive from other users in connection with the use of our Services.

NOTICE TO EUROPEAN USERS: Please see the Notice to European Users section for additional information for individuals located in the EEA or UK (which we refer to as “Europe”, and “European” should be understood accordingly) below.

II. Children

The Services are not designed for, or directed to, children under the age of 16 and Arkestro does not intentionally collect information about anyone under the age of 16 on the Website or Services.  If Arkestro discovers that it has inadvertently collected personal information from anyone younger than the age of 16, we will attempt to delete the information as soon as possible.  If you believe that we might have any personal information from a child under 16, please contact us at

III. How We Collect Personal Information

We may obtain personal information about you from various sources, including our Website, your interactions with the Services, when you call or email us or communicate with us through social media, or when you participate in events or other promotions.  We also may obtain information about you from our users, business partners, and other third parties.

You may choose not to provide some or all of your personal information to us, but doing so may prevent us from providing our services to you, or limit our ability to provide you with the level of service that you would otherwise expect from us.

IV. Types of Information We Collect

Information You Provide To Us

Personal information that you may provide or submit to us through the Services or otherwise includes:

  • Contact data, and other personal information we may collect when you register for an account to access or use our Services (“Account”) and/or sign up for an event or webinar with us, such as your name, email address, mailing address, telephone number, professional tile, company name and/or company website.
  • Billing and transaction data, including details about payments to and from you and other details of services you have purchased from us, including transaction data between buyers and vendors using the platform for the purpose of a vendor audit or other vendor relationship management services rendered to either buyer or vendor.
  • Profile data related to your Account, such as your username, password, bidding history, preferences and survey responses.
  • Bid and transaction data, which may include your name and company, a description of services or requests, pricing information, bidding history and other details that you submit or provide through our Services when participating in bids.
  • Communications data, such as feedback and correspondence, or other information you provide when you report a problem with the Services, receive customer support, communicate with us via chat features (where we may ask for event ID, buyer information and phone number), or otherwise correspond with us.
  • Job application information, including biographical information, education, employment history, professional and other work-related qualifications, references and other information that you may include on a resume or employment application that you submit through the Website.
  • User-generated content data, such as any content you upload to the Websites or otherwise submit to us through the Services, and information you provide when you use any interactive features of the Services, including comments, questions, messages, works of authorship, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
  • Marketing data, such your preferences for receiving marketing communications and details about how you engage with marketing communications.
  • Government-issued identification number data, such as national identification number (e.g., Social Security Number, tax identification number, passport number), state or local identification number (e.g., driver’s license or state ID number), and an image of the relevant identification card.
  • Other details that you may submit to us or that you provide at other points on our Website that state that personal information is being collected.

Information Collected Automatically

We, our service providers, and our business partners may automatically log information about you and your computer or mobile device when you access our Website.  For example, we may log:

  • Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.


Some of our automatic data collection is facilitated by cookies and similar technologies, such as session-replay and chat bot technologies. For more information, see our Cookie Policy. We will also store a record of your preferences in respect of the use of these technologies in connection with the Service.

Third Parties or Publicly Available Sources

We may receive personal information about you from various third parties.  For example, if you are on another website and you opt-in to receive information from us, the other website will forward your contact information and other information to us so that we may contact you as requested.  We also may supplement the information we collect with outside records from third parties in order to provide you with information, services or goods you have requested, to enhance our ability to serve you, and to tailor our content to you.  We may combine the information we receive from those other sources with information we collect through the Services.  In those cases, we will apply this Privacy Policy to the combined information.


Existing users of our Services may have the opportunity to refer friends or other contacts to us.  If you decide to invite a third party to create an Account, we will collect your and the third party’s contact information in order to communicate with the third party.  If you are an existing user, you may only submit a referral if you have obtained any appropriate consents that may be required by law to allow to access, upload and store the third party’s contact information as described above.  You or the third party may contact us at to request the removal of this information from our database.

V. How We Use Your Information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use the information we collect about you, including personal information, to:

  • Provide our products and Services (including, for example, facilitating bids and negotiations, connecting users with potential bid participants, and analyzing your use of the Services).
  • Register you for a Arkestro Account and manage and maintain your Account.
  • Identify you as a user in our system.
  • Respond to your questions and comments and provide customer support.
  • Operate, maintain, administer and improve our Services, including to improve the quality of experience when you interact with our Services.
  • Communicate with you about our products, services, offers, events and promotions, and offer you related products and services we believe may be of interest to you.
  • Bill you for Arkestro products or services.
  • Communicate with you, respond to your inquiries and provide you with information that you have requested or agreed to receive.
  • Communicate and manage your participation in our events and other promotions.
  • Understand your needs and interests, and personalize your experience with the Service and our communications to suit your personal interests and the manner in which visitors use our sites, applications and social media assets.
  • Operate, evaluate and improve our business and the products and Services we offer and for internal business purposes.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business and will not attempt to reidentify any such data.

Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:

  • Direct marketing. We may send you direct marketing communications and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
  • Interest-based advertising. Our third-party advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Service, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Your choices section of our Cookie Policy.

Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Job applications. We may determine your eligibility for and the terms or any potential employment with us, including conducting background checks, credit checks and other screening processes to the extent allowed under applicable employment laws.

Business interactions. If you communicate with us as an employee or representative of a service provider, business partner or other company we do business with, in addition to the other uses included in this section, we may use personal information about you to administer our relationship, maintain contractual relations and to operate our business.

VI. Retention

We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

VII. How We Disclose Your Information

We disclose your personal information as described below and as described elsewhere in this Privacy Policy.

Affiliates. Our corporate parent, subsidiaries, and affiliates.

Other users and the public. Your profile and other user-generated content data (except for messages) are/may be visible to other users of the Service and the public. For example, other users of the Service or the public may have access to your information if you chose to make your profile or other personal information available to them through the Service, such as when you send messages or share other content. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information. We have no control over, and take no responsibility for, the use, storage, dissemination or erasure of personal information embedded in user-generated content (including project files) or shared publicly. By posting personal information online in public or community forums, you may receive unsolicited messages from other parties.

Third Party Service Providers. We may share personal information with third party service providers in connection with the performance of services to, or on behalf of, Arkestro and the Services, such as customer support, billing, payment processing, hosting, online chat functionality providers, email delivery and database management services.

Partners. We may also share personal information with partners or enable partners to collect information directly via our Service. For example, when we work with businesses, partners or agents to develop a direct relationship with you or in connection with referrals.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.

Corporate Restructuring. We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets.  In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset.  If another company acquires our company, business, or assets, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

VIII. Third Party Websites

Our Services may contain links to third party websites. When you click on a link to any other website or location, you will leave our Service and go to another site and another entity may collect personal and/or other information from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of your personal information after you click on links to such outside websites. We encourage you to read the privacy policies of every website you visit. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, or websites.

IX. Third Party Products and Services

The Services may integrate with or enable access to third party tools. End users that register, install or access any third party tools may be required to accept privacy notices provided by those third parties. Please review those notices carefully, as Arkestro does not control and cannot be responsible for these providers’ privacy or information security practices.

X. Your Choices

Opt-out of communications

We may periodically send you information and emails that directly promote the use of our Website or Services.  When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly at  You may continue to receive service-related and other non-marketing emails.

Accessing and Correcting Your Information

You may review and change any of your personal information in your Account by editing your profile within your Account or by sending an e-mail to us at the e-mail address set forth below.

In addition, if you believe other personal information we maintain about you is inaccurate, you may request that we correct or amend the information by contacting us as indicated in the How to Contact Us section of this Privacy Policy.

Choosing Not To Share Your Personal Information

Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with the Services.  We will tell you what information you must provide to receive the Services by designating it as required in the Services or through other appropriate means.

Your California Privacy Rights

If you are a California resident, you may request that we provide to you (i) a list of the categories of personal information about you that Arkestro has disclosed to third parties for the third parties’ direct marketing purposes during the calendar year preceding your request, (ii) the names and addresses of such third parties, and (iii) if the nature of the third parties’ business cannot reasonably be determined from their names, examples of the products or services marketed, if known to Arkestro, sufficient to give you a reasonable indication of the nature of the third parties’ business.  To submit your request, please email, with the subject line “California Privacy” and your request in the body of your email.

XI. Security

The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.

XII. International Transfers

Arkestro is headquartered in the U.S. and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Users in Europe should read the important information provided below about transfer of personal information outside of Europe.

XIII. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time for any reason and without prior notice. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here and changing the “Effective Date” above. You should consult this Privacy Policy regularly for any changes.

XIV. How to Contact Us

If you have any questions or concerns or complaints about our Privacy Policy or our data collection or processing practices, or if you want to report any security violations to us, please contact us at  You may also write to us at:

Arkestro, Inc.
Attention: Privacy
60 29th St. #148
San Francisco, CA.

XV. Notice to European users


Where this Notice to European users applies. The information provided in this “Notice to European users” section applies only to individuals in the United Kingdom and the European Economic Area (i.e., “Europe” as defined at the top of this Privacy Policy).

Personal information. References to “personal information” in this Privacy Policy should be understood to include a reference to “personal data” (as defined in the GDPR) – i.e., information about individuals from they are either directly identified or can be identified.

Controller. Arkestro is the controller in respect of the processing of your personal information covered by this Privacy Policy for purposes of European data protection legislation (i.e., the EU GDPR and the so-called ‘UK GDPR’ (as and where applicable, the “GDPR”)). See the ‘How to contact us’ section above for our contact details.

Our GDPR Representatives. We have appointed the following representatives in Europe as required by the GDPR – you can also contact them directly should you wish:

Our Representative in the EU. Our EU representative appointed under the EU GDPR is EDPO. You can contact them:

Our Representative in the UK. Our UK representative appointed under the UK GDPR is EDPO. You can contact them:

Our legal bases for processing

In respect of each of the purposes for which we use your personal information, the GDPR requires us to ensure that we have a “legal basis” for that use.

Our legal bases for processing your personal information described in this Privacy Policy are listed below.

  • Where we need to perform a contract, we are about to enter into or have entered into with you (“Contractual Necessity”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your personal information for is set out in the table below.
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”).
  • We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your personal information – for more information on these Purposes and the data types involved, see ‘How we use your personal information’

Service delivery and operations (incl. business interactions)

  • Categories of personal information involved:
    • Contact data
    • Billing and transaction data
    • Profile data
    • Bid and transactions data
    • Communications data
    • User-generated content data
    • Data from Third Party Services
    • Device data
  • Legal basis:
    • Contractual Necessity


  • Categories of personal information involved:
    • Contact data
    • Device data
    • Online activity data
  • Legal Basis:
      • Compliance with Law.
      • Legitimate Interests. We have a legitimate interest in ensuring the ongoing security and proper operation of our Service and associated IT services, systems, and networks.

Marketing and advertisement

  • Categories of personal information involved:
    • Contact data
    • Communications data
    • Marketing data
    • Device data
    • Online activity data
    • User-generated content data
  • Legal basis:
    • Legitimate Interests. We have legitimate interests in promoting our operations and goals as an organization and sending and posting marketing communications for that purpose.
    • In circumstances or in jurisdictions where consent is required under applicable laws to the sending and posting of any given marketing communications.

Compliance and protection

  • Categories of personal information involved:
    • Any and all data types relevant in the circumstances
  • Legal basis:
    • Compliance with Law.
    • Legitimate interests. Where Compliance with Law is not applicable, we and any relevant third parties have legitimate interests in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We and any relevant third parties may also have legitimate interests of ensuring the protection, maintenance, and enforcement of our and their rights, property, and/or safety.

Research and development

  • Categories of personal information involved:
    • Any and all data types relevant in the circumstances
  • Legal basis:
    • Legitimate interests. We have legitimate interests, and believe it is also in your interests, that we are able to take steps to ensure that our Services operate as intended and are enhanced.
    • In circumstances or in jurisdictions where consent is required under applicable laws to improve our Service and perform analytics.

Further uses

  • Categories of personal information involved:
    • Any and all data types relevant in the circumstances
  • Legal basis:
    • The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the Personal Information was collected.
    • Consent, if the relevant further use is not compatible with the initial purpose for which the personal information was collected.

No Automated Decision-Making and Profiling. As part of the Service, we do not engage in automated decision-making and/or profiling, which produces legal or similarly significant effects.

Your rights

General. European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:

  • Provide you with information about our processing of your personal information and give you access to your personal information.
  • Update or correct inaccuracies in your personal information.
  • Delete your personal information where there is no good reason for us continuing to process it – you also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information, for example if you want us to establish its accuracy or the reason for processing it.
  • Object to our processing of your personal information where we are relying on Legitimate Interests – you also have the right to object where we are processing your personal information for direct marketing purposes.
  • Withdraw Consent. When we use your personal information based on your consent, you have the right to withdraw that consent at any time.

Exercising These Rights. You may submit these requests by email to or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal information), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.

Your Right to Lodge a Complaint with your Supervisory Authority. In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.

  • For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here:
  • For users in the UK – the contact information for the UK data protection regulator is below:

The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 303 123 1113

Data Processing outside Europe 

We are a U.S.-based company and many of our service providers, advisers, partners or other recipients of data are also based in the U.S. This means that, if you use the Service, your personal information will necessarily be accessed and processed in the U.S. It may also be provided to recipients in other countries outside Europe.

You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe. You may have the right to receive a copy of the appropriate safeguards under which your personal information is transferred by contacting us at

Data Privacy Framework

Arkestro complies with the (i) EU-U.S. Data Privacy Framework (EU-U.S. DPF), and (ii) the UK Extension to the EU-U.S. DPF(collectively, the “Data Privacy Framework”)* as set forth by the U.S. Department of Commerce. Arkestro has certified to the U.S. Department of Commerce that Arkestro adheres (i) to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the EU in reliance on the EU-U.S. DPF, and (ii) from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DP (collectively, the “DPF Principles”). If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles, the EU-U.S. DPF Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit the Data Privacy Framework website.

Data processed and purposes of data processing: Arkestro may collect, use, and disclose categories of personal data received in reliance on the Data Privacy Framework for the purposes described in this Privacy Policy, including the sections entitled “How we collect personal information” and “How we use your personal information.”

Third parties who may receive personal data: Arkestro uses a limited number of third parties to assist Arkestro in providing our services to customers. The types of third parties with which Arkestro may share personal data received in reliance on the Data Privacy Framework and for which purposes are set out in the section of this Privacy Notice entitled “How We Disclose Your Information.”

If recipients to whom Arkestro has disclosed personal data in reliance upon the Data Privacy Framework process it in a manner that does not comply with the DPF Principles, Arkestro may be accountable, unless Arkestro proves that Arkestro is not responsible for the event giving rise to the damage.

Inquiries and complaints: In compliance with the Data Privacy Framework, Arkestro commits to resolve DPF Principles-related complaints about our collection or use of your personal data. EEA and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the Data Privacy Framework should first contact us by email at, or please write to the following address:

Arkestro, Inc.
Attention: Privacy
60 29th St. #148
San Francisco, CA.

In compliance with the Data Privacy Framework, Arkestro commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of personal data received in reliance on the Data Privacy Framework.

Additionally, under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information on this option, please see the Data Privacy Framework website: Annex I

Your rights to access, to limit use, and to limit disclosure: Depending upon the context in which Arkestro processes personal data received in reliance upon the Data Privacy Framework, EEA and UK individuals may have rights to access personal data about them, and choices to limit the use and disclosure of their personal data. With our Data Privacy Framework self-certification, Arkestro has committed to respect those rights. Please submit a written request to exercise your rights or choices to the contact information provided in this Privacy Policy (see the section entitled “How to Contact Us”). Arkestro may request specific information from you to confirm your identity in an effort to respond to your request.

U.S. Federal Trade Commission enforcement: With respect to personal data received or transferred pursuant to the Data Privacy Framework, the U.S. Federal Trade Commission has jurisdiction over Arkestro’s compliance with the Data Privacy Framework.

Compelled disclosure: Arkestro may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Arkestro may amend this Notice on the Data Privacy Framework from time to time consistent with Data Privacy Framework requirements.

*We will not rely on the UK Extension to the EU-U.S. Data Privacy Framework until they enter into force, but we adhere to their required commitments in anticipation of their doing so.