Array Engine — Privacy Policy
Effective Date: June 2026 · Last Updated: June 2026
Array Engine ("Array Engine," "we," "our," or "us") is committed to protecting the privacy, confidentiality, and integrity of personal data processed through our platform and services.
This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when individuals or organizations use Array Engine, visit our website, or interact with our services.
Array Engine is designed for organizations operating social impact, monitoring & evaluation (M&E), research, development, grant management, and reporting programs that require transparent and traceable data management.
By accessing or using our services, you acknowledge the practices described in this Privacy Policy.
1. Scope of This Policy
This Privacy Policy applies to:
- The Array Engine platform
- The Array Engine website
- Hosted dashboards and reporting environments
- APIs and integrations
- Customer support interactions
- Data ingestion and reporting workflows
- Communications and marketing interactions
This policy applies to both:
- Organizations using Array Engine ("Customers")
- Individuals whose information may be processed through the platform ("Data Subjects")
2. Key Privacy Principles
Array Engine is built around the following principles:
a. Transparency
We aim to provide clear visibility into how data is collected, processed, validated, and reported.
b. Traceability
We maintain auditable records of data ingestion, modification, validation, and reporting activities to support accountability.
c. Data Minimization
We seek to collect and process only the information necessary for legitimate operational, reporting, and compliance purposes.
d. Integrity & Accuracy
We implement validation and verification mechanisms to support accurate reporting and reduce reporting inconsistencies.
e. Security
We implement technical and organizational safeguards designed to protect data from unauthorized access, misuse, alteration, or loss.
3. Information We Collect
Depending on how the Services are used, we may collect the following categories of information.
a. Account & Organization Information
- Name
- Organization name
- Email address
- Phone number
- Job title
- Billing information
- User role and permissions
b. Program & Operational Data
Information uploaded or processed through the platform may include:
- Monitoring & evaluation data
- Survey responses
- Beneficiary records
- Program participation information
- Geographic information
- Attendance records
- Outcome tracking information
- Evaluation datasets
- Uploaded spreadsheets and forms
- Narrative reporting information
c. System & Usage Information
- IP addresses
- Browser type
- Device information
- Access timestamps
- Session activity
- Log files
- User interaction records
- Platform performance metrics
d. Audit & Validation Records
To support traceability and transparency, the platform may generate records relating to:
- Data uploads
- File sources
- Validation activities
- Data corrections
- Approval workflows
- Report generation
- User actions
- Change histories
e. Communications Information
- Support requests
- Feedback submissions
- Sales inquiries
- Marketing communications
- Event registrations
4. Sensitive & Special Category Data
Some customers may process sensitive or special category data through Array Engine, depending on the nature of their programs. Examples may include:
- Demographic information
- Disability-related data
- Health-related indicators
- Vulnerability assessments
- Socioeconomic information
- Gender-related data
- Community-level program information
Customers are responsible for:
- Ensuring lawful collection and processing
- Obtaining necessary notices and consents
- Determining the legal basis for processing
Array Engine processes such data only under the instructions of the customer and in accordance with applicable agreements.
5. How We Use Information
We may use information to:
- Provide and maintain the Services
- Authenticate users
- Manage accounts and permissions
- Process and structure data
- Generate dashboards and reports
- Maintain audit trails and traceability
- Detect errors or inconsistencies
- Support customer requests
- Improve platform functionality
- Monitor security and prevent abuse
- Comply with legal obligations
- Communicate service updates
- Conduct analytics and operational monitoring
6. Legal Bases for Processing
Depending on the jurisdiction and context, we may process personal data based on:
- Contractual necessity
- Legitimate interests
- Legal obligations
- Consent
- Public interest activities
- Customer instructions as a data processor
Customers are responsible for establishing appropriate legal bases for data they upload to the platform.
7. Data Processing Roles
a. Customer as Data Controller
Organizations using Array Engine generally act as the data controller for information uploaded into the platform. The customer determines:
- Why data is collected
- What data is processed
- How long it is retained
- Who has access
- Applicable legal bases
b. Array Engine as Data Processor
Array Engine generally acts as a data processor, processing information on behalf of customers in accordance with:
- Customer instructions
- Applicable agreements
- Applicable data protection laws
c. Independent Processing
Array Engine may independently process limited information as a controller for purposes such as:
- Platform administration
- Billing
- Security monitoring
- Legal compliance
- Product analytics
- Customer communications
8. Data Validation & Traceability
Array Engine is designed to support auditable and traceable reporting workflows. The platform may retain metadata relating to:
- Source files
- Upload timestamps
- Validation actions
- Data modifications
- User interactions
- Report lineage
- Data correction histories
These records help support:
- Accountability
- Donor transparency
- Internal review
- Compliance monitoring
- Verification workflows
9. AI-Assisted Features
Some features may incorporate AI-assisted capabilities. Array Engine's platform architecture is designed to avoid generating fabricated or inferred quantitative reporting data. AI-assisted features are intended to:
- Support analysis
- Improve usability
- Assist with narrative drafting
- Enhance operational workflows
AI-generated outputs should be reviewed by users before external use. We do not intentionally use customer reporting data to train public AI models without explicit authorization.
10. Sharing & Disclosure of Information
We may share information:
a. With Service Providers
Including providers supporting:
- Hosting
- Cloud infrastructure
- Authentication
- Analytics
- Customer support
- Security monitoring
- Email delivery
These providers are contractually required to protect information appropriately.
b. At Customer Direction
Customers may choose to:
- Export reports
- Share dashboards
- Provide donor access
- Share reporting outputs with third parties
c. Legal & Regulatory Obligations
We may disclose information where required by:
- Law
- Court order
- Regulatory authority
- Government request
- Legal process
d. Business Transactions
Information may be transferred in connection with:
- Mergers
- Acquisitions
- Reorganizations
- Financing transactions
- Asset transfers
11. International Data Transfers
Your information may be processed or stored in countries outside your jurisdiction. Where required, we implement appropriate safeguards for cross-border transfers, which may include:
- Contractual protections
- Standard contractual clauses
- Security and organizational controls
12. Data Security
We implement commercially reasonable technical and organizational safeguards designed to protect information against:
- Unauthorized access
- Loss
- Misuse
- Alteration
- Disclosure
- Destruction
Security measures may include:
- Encryption
- Access controls
- Authentication mechanisms
- Monitoring and logging
- Role-based permissions
- Secure backups
- Infrastructure protections
Users remain responsible for:
- Protecting account credentials
- Managing permissions appropriately
- Securing endpoint devices
13. Data Retention
We retain information only for as long as necessary to:
- Provide the Services
- Fulfill contractual obligations
- Maintain audit records
- Support legal and compliance requirements
- Resolve disputes
- Enforce agreements
Retention periods may vary depending on:
- Customer configurations
- Applicable laws
- Contractual requirements
- Operational and security needs
Additional details may be provided in our Data Retention Policy or Data Processing Agreement.
14. Your Rights
Depending on applicable law, individuals may have rights relating to their personal data, including:
- Access
- Correction
- Deletion
- Restriction of processing
- Data portability
- Objection to processing
- Withdrawal of consent
- Complaint to supervisory authorities
Where Array Engine acts as a processor, requests should generally be directed to the relevant customer organization acting as controller.
We may require verification before fulfilling requests.
15. Cookies & Tracking Technologies
We may use cookies and similar technologies to:
- Maintain sessions
- Authenticate users
- Improve platform performance
- Analyze usage
- Enhance security
Additional information is available in our Cookie Policy.
16. Children's Privacy
Array Engine is not intended for direct use by children. Customers are responsible for ensuring lawful processing where program data involves minors or child-related information.
17. Third-Party Services & Integrations
The platform may connect with third-party tools and services including:
- ODK Central
- KoBoToolbox
- Spreadsheet tools
- APIs
- Cloud storage providers
- External analytics systems
Array Engine is not responsible for the privacy practices of third-party platforms. Users should review the privacy policies of those providers separately.
18. Marketing Communications
We may send:
- Product updates
- Service notifications
- Event invitations
- Operational communications
- Marketing materials
You may opt out of marketing communications at any time.
Operational and security-related communications may still be sent where necessary.
19. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Updated versions become effective upon posting unless otherwise stated. Where appropriate, we may provide additional notice regarding material changes.
20. Contact Information
For questions regarding this Privacy Policy or our data handling practices, contact:
