Skip to content

Privacy Policy

Effective Date: [Date — to be set before launch]

Aro Cut ("we", "us", "our") operates the website at arocut.com and the Aro Cut iOS application. This privacy policy explains what data we collect, why, and how it is handled for each group of people who interact with our services.

This policy is a working draft and has not yet been reviewed by legal counsel. It will be finalized before launch.

1. Website Visitors

When you browse arocut.com, we collect limited data to understand how the site is used and to maintain security.

Analytics

We plan to use Cloudflare Web Analytics and PostHog as part of the website analytics stack described elsewhere in this site. At the time of this working draft, those tools may not yet be enabled in every environment. When enabled, Cloudflare Web Analytics provides privacy-focused traffic measurement and PostHog may use cookies for product analytics on the website. We will update this section before launch to reflect the production analytics configuration.

Logs and Security

Cloudflare, our hosting and CDN provider, processes request metadata (IP address, user agent, timestamp) for security and performance purposes. We do not store raw server logs beyond what Cloudflare retains in its standard operation.

Cookies

The marketing site is intended to avoid first-party advertising cookies. If PostHog or embedded third-party services are enabled, those services may set their own cookies. No advertising cookies are planned.

Contact and Demo Requests

If you email us at support@arocut.com to request a demo or ask a question, we collect the information you provide (name, email address, message content). This data is used only to respond to your inquiry and is not added to marketing lists unless you separately opt in.

2. Free Tool Users

Aro Cut offers free tools (bandwidth calculator, ROI calculator, safe-zone visualizer) on the website. These tools work entirely in your browser and do not require an account.

Optional Email Delivery

After using a tool, you may optionally request results by email. If you provide your email address for this purpose, we use it solely to send the requested results. This is a transactional email — it does not subscribe you to any marketing list.

Marketing Opt-In

A separate, optional marketing opt-in checkbox is available when providing your email. If you check it, you will receive occasional product updates. You can unsubscribe at any time using the link in any marketing email.

Retention

Transactional email addresses (without marketing opt-in) are retained only for delivery purposes and are deleted within 30 days. Marketing-opted-in addresses are retained until you unsubscribe.

3. Operators / Customers

Operators are businesses or individuals who subscribe to Aro Cut and use the iOS app to run photo booths at events.

Account Data

When you create an Aro Cut account, we collect your name, email address, and payment information. Payment processing is handled through the App Store for self-serve subscriptions or through our billing provider for Enterprise agreements — we do not store full payment card details on our servers.

Operational Data

The app stores event branding assets (logos, overlays, templates), capture metadata (timestamps, device info, event names), and delivery records (which guests received content and via which channel). This data is stored on your device and, when connectivity is available, synced to our cloud infrastructure for delivery and backup purposes.

Storage and Deletion

Captured media is stored in cloud storage (Cloudflare R2) for active gallery hosting. Starter and Pro plans include a default 60-day active retention window unless the operator purchases an archive add-on. Enterprise customers may receive different retention terms under contract. Tokenized guest landing pages expire automatically (50-use caps). When the applicable retention window ends or a subscription is canceled, we retain data for a reasonable wind-down period to allow export, after which it is deleted from active systems.

4. Guest Recipients

Guests are people who use a photo booth operated by an Aro Cut customer. When a guest provides their phone number or email address to the booth operator, that data is entered into the Aro Cut app by the operator — not collected directly by us.

What We Receive

We receive the phone number or email address the operator entered, solely to deliver the guest's photo or video via SMS (Twilio) or email (Resend).

How Delivery Works

Guests receive a link to a tokenized landing page where they can view and download their content. Landing page URLs have limited use caps (50 views) and can be revoked by the operator. No guest account or app download is required.

Operator Responsibility

The booth operator is responsible for obtaining any consent required by applicable law before entering guest contact information into the app. We act as a service provider processing this data on the operator's behalf.

Guest Rights

If you received a message from an Aro Cut-powered booth and want your data deleted, contact us at privacy@arocut.com or ask the booth operator directly. We will process deletion requests promptly.

5. Subprocessors

We use the following third-party services to operate Aro Cut. Each processes data only as needed for its specific function:

  • Cloudflare — hosting, CDN, DNS, cloud storage (R2), serverless compute (Workers, Durable Objects), web analytics
  • Twilio — SMS delivery for guest content links
  • Resend — email delivery for guest content links and transactional emails
  • Apple (App Store) — app distribution and subscription billing
  • PostHog — website product analytics (website only, not in-app)

Enterprise customers who require advance notice of subprocessor changes may request this under a Data Processing Agreement.

6. Data Security

All data in transit is encrypted via TLS. Cloud storage uses encryption at rest. Access to production systems is restricted to authorized personnel. We do not sell personal data to third parties.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To make a request, contact us at privacy@arocut.com.

We aim to respond to all data requests within 30 days. If we need more time, we will let you know.

8. Children's Privacy

Aro Cut is not directed at children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child's data has been collected, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page with an updated effective date. Continued use of our services after changes constitutes acceptance.

10. Contact

For privacy questions or data requests:
privacy@arocut.com