Legal

Array Engine — Privacy Policy

Effective Date: June 2026 · Last Updated: June 2026

Array Engine ("Array Engine," "we," "our," or "us") is committed to protecting the privacy, confidentiality, and integrity of personal data processed through our platform and services.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when individuals or organizations use Array Engine, visit our website, or interact with our services.

Array Engine is designed for organizations operating social impact, monitoring & evaluation (M&E), research, development, grant management, and reporting programs that require transparent and traceable data management.

By accessing or using our services, you acknowledge the practices described in this Privacy Policy.

1. Scope of This Policy

This Privacy Policy applies to:

  • The Array Engine platform
  • The Array Engine website
  • Hosted dashboards and reporting environments
  • APIs and integrations
  • Customer support interactions
  • Data ingestion and reporting workflows
  • Communications and marketing interactions

This policy applies to both:

  • Organizations using Array Engine ("Customers")
  • Individuals whose information may be processed through the platform ("Data Subjects")

2. Key Privacy Principles

Array Engine is built around the following principles:

a. Transparency

We aim to provide clear visibility into how data is collected, processed, validated, and reported.

b. Traceability

We maintain auditable records of data ingestion, modification, validation, and reporting activities to support accountability.

c. Data Minimization

We seek to collect and process only the information necessary for legitimate operational, reporting, and compliance purposes.

d. Integrity & Accuracy

We implement validation and verification mechanisms to support accurate reporting and reduce reporting inconsistencies.

e. Security

We implement technical and organizational safeguards designed to protect data from unauthorized access, misuse, alteration, or loss.

3. Information We Collect

Depending on how the Services are used, we may collect the following categories of information.

a. Account & Organization Information

  • Name
  • Organization name
  • Email address
  • Phone number
  • Job title
  • Billing information
  • User role and permissions

b. Program & Operational Data

Information uploaded or processed through the platform may include:

  • Monitoring & evaluation data
  • Survey responses
  • Beneficiary records
  • Program participation information
  • Geographic information
  • Attendance records
  • Outcome tracking information
  • Evaluation datasets
  • Uploaded spreadsheets and forms
  • Narrative reporting information

c. System & Usage Information

  • IP addresses
  • Browser type
  • Device information
  • Access timestamps
  • Session activity
  • Log files
  • User interaction records
  • Platform performance metrics

d. Audit & Validation Records

To support traceability and transparency, the platform may generate records relating to:

  • Data uploads
  • File sources
  • Validation activities
  • Data corrections
  • Approval workflows
  • Report generation
  • User actions
  • Change histories

e. Communications Information

  • Support requests
  • Feedback submissions
  • Sales inquiries
  • Marketing communications
  • Event registrations

4. Sensitive & Special Category Data

Some customers may process sensitive or special category data through Array Engine, depending on the nature of their programs. Examples may include:

  • Demographic information
  • Disability-related data
  • Health-related indicators
  • Vulnerability assessments
  • Socioeconomic information
  • Gender-related data
  • Community-level program information

Customers are responsible for:

  • Ensuring lawful collection and processing
  • Obtaining necessary notices and consents
  • Determining the legal basis for processing

Array Engine processes such data only under the instructions of the customer and in accordance with applicable agreements.

5. How We Use Information

We may use information to:

  • Provide and maintain the Services
  • Authenticate users
  • Manage accounts and permissions
  • Process and structure data
  • Generate dashboards and reports
  • Maintain audit trails and traceability
  • Detect errors or inconsistencies
  • Support customer requests
  • Improve platform functionality
  • Monitor security and prevent abuse
  • Comply with legal obligations
  • Communicate service updates
  • Conduct analytics and operational monitoring

6. Legal Bases for Processing

Depending on the jurisdiction and context, we may process personal data based on:

  • Contractual necessity
  • Legitimate interests
  • Legal obligations
  • Consent
  • Public interest activities
  • Customer instructions as a data processor

Customers are responsible for establishing appropriate legal bases for data they upload to the platform.

7. Data Processing Roles

a. Customer as Data Controller

Organizations using Array Engine generally act as the data controller for information uploaded into the platform. The customer determines:

  • Why data is collected
  • What data is processed
  • How long it is retained
  • Who has access
  • Applicable legal bases

b. Array Engine as Data Processor

Array Engine generally acts as a data processor, processing information on behalf of customers in accordance with:

  • Customer instructions
  • Applicable agreements
  • Applicable data protection laws

c. Independent Processing

Array Engine may independently process limited information as a controller for purposes such as:

  • Platform administration
  • Billing
  • Security monitoring
  • Legal compliance
  • Product analytics
  • Customer communications

8. Data Validation & Traceability

Array Engine is designed to support auditable and traceable reporting workflows. The platform may retain metadata relating to:

  • Source files
  • Upload timestamps
  • Validation actions
  • Data modifications
  • User interactions
  • Report lineage
  • Data correction histories

These records help support:

  • Accountability
  • Donor transparency
  • Internal review
  • Compliance monitoring
  • Verification workflows

9. AI-Assisted Features

Some features may incorporate AI-assisted capabilities. Array Engine's platform architecture is designed to avoid generating fabricated or inferred quantitative reporting data. AI-assisted features are intended to:

  • Support analysis
  • Improve usability
  • Assist with narrative drafting
  • Enhance operational workflows

AI-generated outputs should be reviewed by users before external use. We do not intentionally use customer reporting data to train public AI models without explicit authorization.

10. Sharing & Disclosure of Information

We may share information:

a. With Service Providers

Including providers supporting:

  • Hosting
  • Cloud infrastructure
  • Authentication
  • Analytics
  • Customer support
  • Security monitoring
  • Email delivery

These providers are contractually required to protect information appropriately.

b. At Customer Direction

Customers may choose to:

  • Export reports
  • Share dashboards
  • Provide donor access
  • Share reporting outputs with third parties

c. Legal & Regulatory Obligations

We may disclose information where required by:

  • Law
  • Court order
  • Regulatory authority
  • Government request
  • Legal process

d. Business Transactions

Information may be transferred in connection with:

  • Mergers
  • Acquisitions
  • Reorganizations
  • Financing transactions
  • Asset transfers

11. International Data Transfers

Your information may be processed or stored in countries outside your jurisdiction. Where required, we implement appropriate safeguards for cross-border transfers, which may include:

  • Contractual protections
  • Standard contractual clauses
  • Security and organizational controls

12. Data Security

We implement commercially reasonable technical and organizational safeguards designed to protect information against:

  • Unauthorized access
  • Loss
  • Misuse
  • Alteration
  • Disclosure
  • Destruction

Security measures may include:

  • Encryption
  • Access controls
  • Authentication mechanisms
  • Monitoring and logging
  • Role-based permissions
  • Secure backups
  • Infrastructure protections

Users remain responsible for:

  • Protecting account credentials
  • Managing permissions appropriately
  • Securing endpoint devices

13. Data Retention

We retain information only for as long as necessary to:

  • Provide the Services
  • Fulfill contractual obligations
  • Maintain audit records
  • Support legal and compliance requirements
  • Resolve disputes
  • Enforce agreements

Retention periods may vary depending on:

  • Customer configurations
  • Applicable laws
  • Contractual requirements
  • Operational and security needs

Additional details may be provided in our Data Retention Policy or Data Processing Agreement.

14. Your Rights

Depending on applicable law, individuals may have rights relating to their personal data, including:

  • Access
  • Correction
  • Deletion
  • Restriction of processing
  • Data portability
  • Objection to processing
  • Withdrawal of consent
  • Complaint to supervisory authorities

Where Array Engine acts as a processor, requests should generally be directed to the relevant customer organization acting as controller.

We may require verification before fulfilling requests.

15. Cookies & Tracking Technologies

We may use cookies and similar technologies to:

  • Maintain sessions
  • Authenticate users
  • Improve platform performance
  • Analyze usage
  • Enhance security

Additional information is available in our Cookie Policy.

16. Children's Privacy

Array Engine is not intended for direct use by children. Customers are responsible for ensuring lawful processing where program data involves minors or child-related information.

17. Third-Party Services & Integrations

The platform may connect with third-party tools and services including:

  • ODK Central
  • KoBoToolbox
  • Spreadsheet tools
  • APIs
  • Cloud storage providers
  • External analytics systems

Array Engine is not responsible for the privacy practices of third-party platforms. Users should review the privacy policies of those providers separately.

18. Marketing Communications

We may send:

  • Product updates
  • Service notifications
  • Event invitations
  • Operational communications
  • Marketing materials

You may opt out of marketing communications at any time.

Operational and security-related communications may still be sent where necessary.

19. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updated versions become effective upon posting unless otherwise stated. Where appropriate, we may provide additional notice regarding material changes.

20. Contact Information

For questions regarding this Privacy Policy or our data handling practices, contact:

Array Engine
Address: Implement IQ, 125-720 King Street West, Suite 2000, Toronto, ON M5V 3S5