Trust
Data processing overview.
This overview explains how Arrow AI thinks about business data in audits, GEO work, forms, and custom AI systems. A project-specific data processing agreement can be added when required.
Roles
For website inquiries, Arrow AI generally acts as the controller of submitted business contact data. For customer implementation work, roles depend on the project scope and written agreement.
Data minimization
Arrow AI aims to collect the smallest amount of data needed to evaluate, design, build, and maintain the relevant system.
Project data
Custom AI systems may involve documents, CRM data, support content, product data, workflows, and operational rules. Project access, retention, and subprocessors should be documented in the project agreement.
Security controls
- Private areas should remain noindex and protected.
- API tokens and service credentials must stay in server environment variables.
- Customer data should not be used in public examples without permission.
- Access should be limited to the people involved in the project.
Contact
For a project-specific DPA or security questionnaire, contact noahmaman@arrow-ai.is.
Last updated: June 29, 2026.