Transparency Report

To date, The Archival Club has not received any government or law enforcement requests for member data. If we ever do, we will:

• Review the request with independent legal counsel.
• Reject any request that is overbroad, vague, or not supported by valid legal process.
• Notify affected members unless legally prohibited from doing so.
• Publish the request (redacted) in a future update to this report.

We have no offices, no data centres of our own, and no backdoors. What little data we hold is encrypted and subject to strict access controls.

The best way to protect data is to not have it in the first place. We deliberately avoid collecting:

• Browsing history, search queries, or clickstream data.
• Third-party advertising identifiers (no Meta Pixel, no Google Analytics cookies).
• Precise geolocation beyond coarse country-level IP geolocation for fraud prevention.
• Social media profiles or contacts.
• Biometric data, government IDs, or passport copies.

Our payment processor (Stripe) handles card data on its own PCI-DSS infrastructure. We never see, store, or log your card number, CVV, or PIN.

The Archival Club has never experienced a confirmed data breach. We operate on a "assume breach" security model: every internal system is designed as if an attacker is already inside the perimeter. This means least-privilege access, encrypted data at rest, and no single point of failure that could expose all member records.

We run quarterly penetration tests and dependency audits. Critical vulnerabilities are patched within 24 hours of disclosure.

• Sold member data to advertisers, brokers, or data marketplaces.
• Shared purchase history or browsing behaviour with third parties for "personalisation".
• Built shadow profiles or cross-referenced member data with external datasets.
• Used dark patterns to trick members into sharing more data than necessary.
• Installed tracking pixels from social media platforms on any page.
• Retained data longer than necessary after an account was deleted.

We believe in using open, inspectable tools wherever possible:

• Our database (PostgreSQL via Supabase) runs on open-source software with published security practices.
• Our frontend is built on open-source frameworks (React, TanStack, Tailwind CSS).
• We publish our cryptographic configurations and do not rely on security through obscurity.

Every member can, at any time:

• Request a full export of their data — we deliver within 30 days.
• Correct inaccurate information through their profile settings.
• Delete their account and all associated data — processed within 30 days, with confirmation.
• Object to any processing based on legitimate interest — we stop unless legally required to continue.

To exercise any of these rights, email privacy@archival.club.

This report will be updated at least annually, and immediately after any material security incident or government request. We will not bury bad news in footnotes. If we mess up, you will hear it from us first.

The Archival Club was built on the belief that discretion and transparency are not opposites. We are discreet about your data — and transparent about how we keep it that way.