Legal

Privacy Policy

Last updated: 15 February 2026

1. Who we are

Archivers is a trading name of Broadhurst Digital Limited, a company registered in England and Wales. Our website address is archivers.ai and our application is available at app.archivers.ai.

For the purposes of data protection law, Broadhurst Digital Limited is the data controller. If you have any questions about this policy or how we handle your data, please contact us at hello@archivers.ai.

This privacy policy covers both our marketing website (archivers.ai) and our application (app.archivers.ai).

2. What data we collect

We may collect and process the following personal data:

2.1 Marketing Website (archivers.ai)

Information you provide to us

  • Contact form submissions: name, email address, organisation, role, estimated collection size, phone number (optional), and the content of your message.
  • Email correspondence: any information you provide when you contact us directly by email.

Information collected automatically

  • Analytics data: we use Google Tag Manager, Microsoft Clarity, and VBout to collect anonymised usage data, including pages visited, time on site, referring URLs, browser type, device type, and approximate geographic location (country/city level). Microsoft Clarity may also record anonymised session replays and heatmaps to help us understand how visitors interact with our site.
  • Cookies: small text files placed on your device to support analytics and site functionality. See Section 7 for details.

2.2 Application (app.archivers.ai)

Account information

  • Registration data: name, email address, and password (stored securely using industry-standard hashing).
  • Account settings: subscription tier (Free, Pro, Team, or Enterprise), email verification status, and account creation date.
  • Usage metrics: storage space used, total items processed, and API usage statistics.

Archive materials you upload

  • File content: documents, images, audio, and video files uploaded for processing and cataloguing.
  • Metadata: bundle names, repository information, donor contact details, provenance notes, and ISAD(G)-compatible archival descriptions.
  • AI-generated data: automated classifications, OCR text extractions, image descriptions, audio transcriptions, and metadata suggestions generated by our AI models.
  • Sensitivity classifications: public, restricted, or closed access levels assigned to materials.

Technical and usage data

  • Session data: authentication tokens (stored in secure, HTTP-only cookies).
  • API logs: records of AI model usage, including operation type, tokens consumed, and processing costs (for billing and service improvement).
  • Email communications: account verification emails, password reset requests, and service notifications sent via our email provider.

3. How we use your data

We use the personal data we collect for the following purposes:

3.1 Marketing Website

  • To respond to enquiries: when you submit our contact form or email us, we use your details to reply and arrange consultations.
  • To improve our website: analytics data helps us understand how visitors use our site so we can improve content and user experience.
  • To send relevant communications: if you opt in, we may send occasional updates about our services. You can unsubscribe at any time.

3.2 Application

  • To provide the service: your account information allows us to authenticate you, manage your subscription tier, and provide access to the cataloguing platform.
  • To process archive materials: files and metadata you upload are processed using AI models (Mistral AI and Google Gemini) to generate catalogue descriptions, classifications, OCR text, and other metadata to assist with archival cataloguing.
  • To store and manage your data: your files are stored securely in Vercel Blob storage, and your account and metadata are stored in a Neon PostgreSQL database.
  • To track usage and billing: we record API usage (tokens consumed, models used, processing costs) to manage service limits for each subscription tier and to calculate costs for enterprise clients.
  • To communicate with you: we send account verification emails, password reset links, and service notifications via Resend email service.
  • To improve our service: we analyze anonymised usage patterns to understand how the platform is used and to improve AI accuracy and user experience.

3.3 AI Model Processing and Training

Important: We use third-party AI models (Mistral AI and Google Gemini) to process your uploaded archive materials. The content you upload is sent to these providers for processing (e.g., image analysis, OCR, classification, transcription). We do not use your uploaded materials or generated metadata to train our own AI models. However, you should review the data processing policies of our AI providers:

  • Mistral AI: processes data according to their privacy policy. By default, Mistral does not use API data for model training unless explicitly opted in.
  • Google Gemini: processes video content via Google AI APIs. Google's AI services may retain data temporarily for abuse prevention but do not use API inputs for model training without consent.

If you have concerns about specific materials being processed by third-party AI services, please contact us to discuss alternative arrangements.

4. Legal basis for processing

We process your personal data on the following legal bases under UK GDPR:

  • Consent: when you submit a contact form, subscribe to communications, or create an account, you consent to us processing your data for those purposes.
  • Legitimate interests: we process analytics data to understand website and application usage and improve our services, where this does not override your rights and freedoms.
  • Contractual necessity: when you create an account and use our application, we process your data (account information, uploaded files, usage logs) to provide the service you have requested. For paid subscriptions and enterprise engagements, processing is necessary to fulfill our contractual obligations.
  • Legal obligations: we may process data to comply with legal requirements, such as tax obligations or responding to lawful requests from authorities.

5. Who we share your data with

We do not sell your personal data to third parties. We may share data with the following service providers who process data on our behalf:

5.1 Marketing Website Service Providers

  • VBout: form submissions and marketing analytics.
  • Google: tag management via Google Tag Manager.
  • Microsoft: website analytics and session recording via Microsoft Clarity.
  • GitHub: website hosting via GitHub Pages.

5.2 Application Service Providers

  • Vercel: application hosting and file storage (Vercel Blob) for uploaded archive materials.
  • Neon: PostgreSQL database hosting for account data, metadata, and usage logs.
  • Mistral AI: AI model processing for document classification, OCR, image analysis, audio transcription, and metadata generation.
  • Google (Gemini): AI model processing for video analysis and content description.
  • Resend: transactional email delivery for account verification, password resets, and service notifications.

5.3 Data Processing Safeguards

All service providers listed above process data in accordance with their own privacy policies. Where required by UK GDPR, we have data processing agreements in place with these providers. We only share the minimum data necessary for each provider to perform their specific function.

Archive materials you upload: files and content uploaded to the application are processed by Mistral AI (for documents, images, and audio) and Google Gemini (for video). These AI providers process your content to generate metadata but do not use your data for model training without consent (see Section 3.3).

6. How long we keep your data

6.1 Marketing Website

  • Contact form data: retained for up to 24 months after your last interaction with us, unless you request earlier deletion.
  • Analytics data: retained in anonymised form as configured in our analytics tools (typically 14–26 months).

6.2 Application

  • Active accounts: account data, uploaded files, and metadata are retained for as long as your account remains active.
  • File retention by tier:
    • Free tier: uploaded files and generated metadata are retained for 28 days from upload, after which they are automatically deleted.
    • Pro, Team, and Enterprise tiers: uploaded files and metadata are retained indefinitely while your account is active and your subscription is current.
  • Deleted accounts: when you delete your account or request deletion, we will permanently delete your account data, uploaded files, and associated metadata within 30 days. API usage logs may be retained in anonymised form for up to 12 months for billing reconciliation and service improvement.
  • Inactive accounts: accounts that have been inactive for 24 months with no uploaded files may be deleted after we notify you via email. Free tier accounts with no activity for 12 months may be deleted without notice.
  • Email verification and password reset tokens: expire and are deleted within 24 hours of generation.
  • Session tokens: expire after a period of inactivity as configured in the application (typically 30 days).

6.3 Legal and Accounting Retention

Where required by law (e.g., tax, accounting, or legal obligations), we may retain certain records (such as invoices, contracts, and payment records) for up to 7 years after the end of the relevant financial year.

7. Cookies and similar technologies

We use cookies and similar technologies to support site functionality, analytics, and authentication. A cookie is a small text file stored on your device when you visit our websites or applications.

7.1 Marketing Website Cookies

Cookie Name Provider Purpose Duration
_clck Microsoft Clarity Analytics and session tracking 12 months
_clsk Microsoft Clarity Session recording and heatmaps 1 day
VBout cookies VBout Form interaction tracking Varies
Google Tag Manager Google Tag management and analytics Varies

7.2 Application Cookies

Cookie Name Purpose Type Duration
Session token User authentication and session management Strictly necessary (HTTP-only, Secure) 30 days (or until logout)

7.3 Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored and delete them individually or all at once.
  • Block third-party cookies.
  • Block cookies from specific sites.
  • Block all cookies from being set.
  • Delete all cookies when you close your browser.

Note: disabling or blocking cookies may affect the functionality of our websites and application. In particular, blocking session cookies will prevent you from logging into the application.

For more information about cookies and how to manage them, visit www.aboutcookies.org or www.allaboutcookies.org.

8. Your rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data (the “right to be forgotten”).
  • Restrict processing of your data in certain circumstances.
  • Object to processing based on legitimate interests.
  • Data portability: receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at hello@archivers.ai. We will respond within 30 days.

9. Data security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

9.1 Technical Safeguards

  • Encryption in transit: all data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Password security: user passwords are hashed using industry-standard algorithms (bcrypt or Argon2) and are never stored in plain text.
  • Secure session management: authentication tokens are stored in HTTP-only, secure cookies to prevent unauthorized access.
  • Database security: our database (Neon PostgreSQL) is configured with encryption at rest and access controls limiting who can access your data.
  • File storage security: uploaded files are stored in Vercel Blob with access controls and served over HTTPS.
  • Regular security updates: we keep our application dependencies and infrastructure up to date with the latest security patches.

9.2 Organizational Safeguards

  • Access controls: internal access to personal data is limited to authorized personnel who require it to perform their duties.
  • Vendor security: we select service providers (Vercel, Neon, Mistral AI, Google, Resend) with strong security practices and data protection commitments.

9.3 Limitations

While we implement robust security measures, no system is entirely secure. We cannot guarantee absolute security of data transmitted over the internet. You are responsible for maintaining the confidentiality of your account password and for all activities under your account.

10. International transfers

Some of our service providers may process data outside the UK and European Economic Area (EEA). This includes:

  • United States: Google (Google Tag Manager, Gemini AI), Microsoft (Clarity), Vercel (hosting and storage), Neon (database), Mistral AI (AI processing), Resend (email), VBout (forms).
  • Other locations: GitHub (may process via global infrastructure).

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place in compliance with UK GDPR, including:

  • Standard Contractual Clauses (SCCs): approved by the UK ICO for transfers to countries without adequacy decisions.
  • Adequacy decisions: where the UK government has determined that a country provides adequate data protection (e.g., EEA countries under the UK GDPR).
  • Processor commitments: our service providers have committed to GDPR-equivalent protections in their data processing agreements.

You have the right to request more information about the specific safeguards we use for international transfers. Please contact us at hello@archivers.ai.

11. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

12. Contact and complaints

If you have any questions or concerns about this privacy policy, please contact:

Broadhurst Digital Limited
Email: hello@archivers.ai

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.