Privacy policy
Updated on Aug 7, 2024
At Arrive, we are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, share, and protect your data when you use our accounting platform and related services.
Arrive is an advanced accounting platform designed for firm owners, bookkeepers, and clients. Our platform offers a range of services including client management, automated tasks, goal tracking, advisory services, tax planning, and secure document storage. We also provide integrated communication tools and a virtual assistant named Ayyva to enhance productivity and streamline processes.
This Privacy Policy applies to all aspects of our platform, including our website, web application, and any mobile applications we may offer. By using Arrive, you agree to the practices described in this policy.
Information we collect
We collect various types of personal information to provide and improve our services:
Contact Information: This includes your name, email address, phone number, and mailing address.
Business Information: For firm owners and bookkeepers, we collect information about your business, such as company name, tax identification numbers, and professional certifications.
Financial Information: To provide our accounting services, we collect and process financial data, including bank account information, transaction history, and tax-related documents.
Communication Data: We store the content of messages, emails, phone calls, and other communications that occur within our platform.
Documents and Content
Our platform allows for the storage and processing of various documents:
Financial documents (e.g., bank statements, invoices, receipts)
Legal documents (e.g., contracts, incorporation papers)
Reports generated within the platform
Any other documents uploaded by users for accounting or advisory purposes
Usage Information
We automatically collect certain information about how you use our platform:
Log data, including IP addresses, browser type, pages visited, and time spent on the platform
Device information, such as hardware model, operating system, and unique device identifiers
Information collected through cookies and similar technologies (please see our separate Cookie Policy for more details)
How We Use Your Information
We use the collected information for the following purposes:
Providing and Improving Our Services: To operate the Arrive platform, manage client accounts, perform accounting tasks, and enhance our offerings.
Communication: To facilitate interaction between clients, bookkeepers, and admins within the platform, and to send important notifications about your account or our services.
Task Management and Automation: To assign, track, and automate tasks, including those performed by our virtual assistant, Ayyva.
Analytics and Business Intelligence: To generate insights about platform usage, improve our services, and provide admins with business performance statistics.
Legal Compliance: To comply with applicable laws, regulations, and professional standards in the accounting and financial services industry.
Information Sharing and Disclosure
We share information in the following ways:
Within the Platform: Information is shared between clients, bookkeepers, and admins as necessary for providing our services. Admins have access to all activity within the platform.
Third-Party Service Providers: We may share data with integrated services (e.g., QuickBooks, Ultra Tax) when you choose to use these integrations. These providers have their own privacy policies governing their use of your information.
Legal Requirements: We may disclose information if required by law, regulation, or legal process.
We do not sell your personal information to third parties.
Data Security
Protecting your data is our top priority. We implement robust security measures, including:
Encryption of sensitive data both in transit and at rest
Regular security audits and penetration testing
Strict access controls and authentication procedures for our staff
Employee training on data protection and privacy best practices
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.
Your Rights and Choices
You have certain rights regarding your personal information:
Access and Update: You can access and update much of your information directly within the platform. For information you cannot access directly, please contact us.
Communication Preferences: You can opt out of marketing communications, although we reserve the right to send you important service-related notifications.
Data Portability: Upon request, we will provide you with a copy of your data in a structured, commonly used, and machine-readable format.
Deletion: You may request deletion of your personal information, subject to any legal obligations we may have to retain certain data.
To exercise these rights or for any questions about your data, please contact us using the information provided at the end of this policy.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
Cookie policy
Updated on Aug 7, 2024
Arrive uses cookies and similar technologies to provide, improve, and protect our services. This Cookie Policy explains how and why we use these technologies and the choices you have.
A cookie is a small text file that is placed on your device when you visit a website. Cookies are widely used to make websites work more efficiently and to provide information to the owners of the site. They help us recognize your device and store information about your preferences or past actions.
We use cookies and similar technologies like web beacons, pixel tags, or local storage to deliver, measure, and improve our services in various ways. We use these cookies when you visit our site and services through a browser or mobile app. As we adopt additional technologies, we may also gather additional information through other methods.
Strictly Necessary Cookies
These cookies are essential for you to browse our website and use its features. They enable core functionality such as security, network management, and accessibility. You may not opt-out of these cookies. They do not gather any information about you that could be used for marketing or remembering where you've been on the internet. Examples include:
User authentication cookies
User session cookies
Security cookies
Functional Cookies
These cookies allow us to remember choices you make and provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. Examples include:
Language preference cookies
Country/region preference cookies
Customizable parts of the Arrive platform
Performance Cookies
These cookies collect information about how you use our website, like which pages you visited and which links you clicked on. They help us understand and improve how the website works and allow us to test different design ideas. All information these cookies collect is aggregated and therefore anonymous. Examples include:
Web analytics cookies
Error management cookies
Testing and performance cookies
Targeting/Advertising Cookies
These cookies are used to make advertising messages more relevant to you and your interests. They also perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed, and in some cases selecting advertisements that are based on your interests. These cookies may be placed on our site by our advertising partners. If applicable, they may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
Third-Party Cookies
In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the service, deliver advertisements on and through the service, and so on. These may include:
Cookies from integrated services like QuickBooks or Ultra Tax
Analytics cookies from services like Google Analytics
Advertising cookies (if applicable)
How to Manage Cookies
Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized settings like login information.
To manage your cookie preferences:
Google Chrome:
Click on the menu icon in the browser's toolbar
Select "Settings"
Click on "Show advanced settings"
In the "Privacy" section, click on "Content settings"
To enable cookies, select "Allow local data to be set". To disable cookies, select "Block sites from setting any data"
Microsoft Edge:
Click on the More icon (three dots) in the browser's toolbar
Select "Settings"
Click on "View advanced settings"
Under "Cookies," select your preferred option
Mozilla Firefox:
Click on the menu icon in the browser's toolbar
Select "Options"
Select "Privacy & Security" panel
To enable cookies, mark "Accept cookies from websites". To disable cookies, unmark this option
Safari:
Click on "Safari" in the top menu bar
Select "Preferences"
Click on "Privacy"
To enable cookies, select "Always" or "Only from websites I visit" under "Block cookies". To disable cookies, select "Always" under "Block cookies"
Please note that by disabling certain categories of cookies, you may be prevented from accessing some features of our website or certain content or functionality may not be available.
Changes to This Policy
We may update this Cookie Policy from time to time in order to reflect changes to the cookies we use or for other operational, legal, or regulatory reasons. Please revisit this policy regularly to stay informed about our use of cookies and related technologies.
Security Policy
At Arrive, we take security seriously. This document outlines our comprehensive approach to protecting your sensitive financial data and maintaining the highest standards of security throughout our platform.
Security Architecture
1. Application Layer Security
2. API Security
3. Database Security
4. Infrastructure Security
5. Network Security
6. Data Encryption
7. Access Controls
Registration Requirements
To use our Service, you must create an account. You agree to provide accurate, current, and complete information during the registration process and to update such information to keep it accurate, current, and complete.
Authentication & Authorization
User Authentication
Identity Provider: Secure authentication powered by Clerk
Multi-Factor Authentication (MFA): Required for all user accounts
Session Management: Secure session handling with automatic expiration
Password Security: Industry-standard password policies and secure storage
Role-Based Access Control (RBAC)
Our platform implements granular role-based access control:
Admin Role: Full platform access and management capabilities
Firm Partner: Firm-wide access with administrative privileges
Accountant: Client management and financial data access
Advisor: Limited client interaction capabilities
Bookkeeper: Transaction and basic client data access
Team Member: Role-specific access based on assigned responsibilities
Client Guest: Limited access to own data and documents
API Security
JWT-based Authentication: Secure token-based API access
Request Rate Limiting: Protection against abuse and DDoS attacks
CORS Protection: Strict origin validation and request filtering
Admin Token Authentication: Separate secure authentication for administrative operations
Data Protection
Encryption Standards
Data in Transit: All communications encrypted with TLS 1.3
Data at Rest: AES-256 encryption for all stored data
Database Encryption: Encrypted database storage with secure key management
File Storage: Encrypted file storage in AWS S3 with server-side encryption
Data Handling
Input Validation: Comprehensive validation and sanitization of all user inputs
XSS Protection: HTML sanitization using trusted security libraries
SQL Injection Prevention: Parameterized queries and prepared statements
File Upload Security: Secure file validation, type checking, and malware scanning
Infrastructure Security
Cloud Security (AWS)
VPC Isolation: Dedicated Virtual Private Cloud with private subnets
Security Groups: Granular firewall rules and network access controls
IAM Policies: Least-privilege access principles for all services
SSM Integration: Secure parameter management and configuration
Container Security
Docker Security: Minimal base images and security scanning
ECS Security: Secure container orchestration with isolated tasks
Image Scanning: Automated vulnerability scanning of container images
Network Security
Load Balancer Security: Application Load Balancer with SSL termination
VPN Access: Secure access for development and administrative tasks
Network Monitoring: Real-time monitoring and intrusion detection
Document & File Security
Document Processing
OCR Security: Secure document processing with AWS Textract
File Validation: Comprehensive file type and content validation
Virus Scanning: Automated malware detection for all uploads
Document Encryption: End-to-end encryption for sensitive documents
File Storage
S3 Security: Secure file storage with access controls and encryption
Presigned URLs: Time-limited, secure access to files
Access Logging: Comprehensive logging of all file access
Third-Party Integration Security
Secure Integrations
Stripe: PCI-compliant payment processing
DocuSign: Secure document signing with audit trails
Twilio: Secure communication services
QuickBooks: Encrypted financial data synchronization
API Security
OAuth 2.0: Secure authorization for third-party integrations
API Key Management: Secure storage and rotation of API keys
Webhook Security: Signature verification for all webhooks
Data Backup & Recovery
Backup Security
Encrypted Backups: All backups encrypted with AES-256
Geographic Distribution: Backups stored in multiple geographic regions
Access Controls: Strict access controls for backup systems
Regular Testing: Automated backup integrity testing
Disaster Recovery
RTO/RPO: Recovery Time Objective: 4 hours, Recovery Point Objective: 1 hour
Failover Testing: Regular disaster recovery testing
Business Continuity: Comprehensive business continuity planning
User Security Best Practices
Account Security
Enable multi-factor authentication (MFA)
Use strong, unique passwords
Regularly review account activity
Report suspicious activity immediately
Data Security
Avoid sharing login credentials
Use secure networks for platform access
Keep browsers and devices updated
Log out when finished using the platform
Reporting Security Issues
For questions about our security practices or to report a security concern, please contact our security team at security@arrive.com.