This ArcOS wiki is still under active development, and contains errors and unfinished pages.
DiscordGitHubBoot ArcOS

Privacy Policy

Effective date: August 1st 2025

1. Introduction

ArcOS is a personal project operated by Izaak Kuipers, based in The Netherlands. This Privacy Policy explains how ArcOS collects, uses, and protects user information.

2. Information Collected

  • Account Information: Email address, username, display name, password (encrypted with Argon2id).

  • Activity Data: Login and logout activity. Each activity includes the date and time, the user agent, the type (being "unknown", "login" or "logout), and optionally the token used.

  • Cookies: Used to store authentication tokens. This token is created when you log into your ArcOS account afresh. This token is retained for 14 days after creation (effective in ArcOS 7.0.5 and above, older versions retain the token for 2 days).

  • User Files: Files uploaded to their ArcOS Filesystem or shared via Shared Drives.

  • Bug Report Data: Bug reports may include:

    • Crash details including stack trace. This will help me to identify why your ArcOS instance crashed, so that I can fix it. Third-party apps should not be capable of crashing ArcOS.

    • System log items (including kernel init and process spawns; collected only when a bug report is triggered, or included optionally by the user). The system log can always be viewed in Developer Tools or in the Logging app in ArcOS.

    • User account information including user preferences. This includes but is not limted to your username, email address, display name, profile picture, wallpaper, theme, installed apps.

    • Browser's user agent string.

    • Frontend/backend URLs. These should remain the same for unmodified ArcOS instances.

    • Version of ArcOS and its mode (e.g., RELEASE). This can be release, development, unstable, esr or rc.

    • Development metadata (e.g., Vite's import.meta.env).

3. Collection Methods

  • Data entered by users during the Initial Setup Wizard. Data entered in the initial setup wizard can be changed at any point, with the email address being an exception. You have to contact an ArcOS administrator to have your email address changed.

  • Automated collection of login/logout activity.

  • Bug report data is collected automatically when a crash occurs, or voluntarily submitted by the user through the Bug Reports app.

  • No third-party integrations or data collection tools, including TPAs, are allowed to collect user information. Every app submitted to ArcOS' app distribution system is to be explicitly verified by a system administrator to ensure no malicious code is distributed, and no data is collected.

4. Bug Reports App Details

  • Users may submit bug reports manually via the Bug Reports app.

  • Users may choose to:

    • Make the report anonymous or public. Public reports can be viewed by all users and do not include any personal data.

    • Exclude system log information from their report.

  • Data collected through manual bug reports includes required data outlined in this policy, and optionally system logs and user data.

  • The Bug Reports app displays the following privacy statement:

    In order to make bug reports useful for the ArcOS administrators, we collect some required data that we use to resolve the problem.

    This data includes, but is not limited to:

    • The version of ArcOS and its mode (RELEASE in this case);

    • Your User Agent String;

    • The frontend URL;

    • And the development metadata

    By clicking I agree you acknowledge that Bug Reports may include the aforementioned required data in the report, optionally including the system logs and your user data. You can also choose to make a bug report viewable by other ArcOS users by making it public.

5. Data Sharing

  • ArcOS does not share personal information with third parties under any circumstances.

  • Bug report data is only accessible to authorized ArcOS administrators and the user account that triggered the crash or submitted the report.

  • Administrator access is limited via scope-based permissions.

6. User Rights

  • Users may request their personal data by emailing [email protected] or messaging izkuipers on ArcOS.

  • Future implementations may allow automated data exports.

7. Security Measures

  • SSL encryption handled by Cloudflare.

  • Password hashing via Argon2id.

  • Selective administrative access by method of scoping.

  • Optional two-factor authentication (TOTP). TOTP may be disabled by a system administrator if you are unable to access your account, and can prove the account in question is indeed yours. You can additionally disable TOTP yourself on the Account page of System Settings.

8. Age Restrictions

  • Minimum user age is 13 years.

  • Age is not automatically verified. Users are responsible for adhering to this rule.

  • Accounts found in violation may be disapproved or deleted. Account reapproval can be negotiated in coordination with an authorized ArcOS administrator.

9. Contact Information

10. Data Retention

  • Users have 1GB of storage space by default. Future expansions may allow users to expand their quota.

  • ArcOS is not responsible for data loss or file deletions. Your files are yours, including your responsibility to not lose them.

11. Updates

  • Users are responsible for checking the latest Privacy Policy on the ArcOS documentation site.

PreviousTroubleshootingNextTerms of Service

Last updated