Skip to main content
Aria.

Legal

Privacy Policy

Last updated: January 15, 2025

1. Information We Collect

Account information

When you create an account, we collect your name, email address, and hashed password. If you sign up through a third-party provider (Google, GitHub), we receive your name, email, and profile picture from that provider.

Usage data

We automatically collect information about how you interact with Aria, including prompts sent, models selected, features used, timestamps, and performance metrics. This helps us improve the product and debug issues.

Payment information

Payment processing is handled entirely by Stripe. We never store your full credit card number, CVV, or bank details. We retain only the last four digits of your card and billing address for receipt purposes.

Device & log data

We collect IP addresses, browser type, operating system, referral URLs, and device identifiers. Server logs are retained for 90 days and then permanently deleted.

2. How We Use Your Information

Service delivery

We use your data to provide, maintain, and improve Aria — including processing your AI prompts, managing your account, and delivering support.

Communication

We may send transactional emails (password resets, billing receipts) and, with your consent, product updates and tips. You can unsubscribe from marketing emails at any time.

Analytics & improvement

Aggregated, anonymized usage data helps us understand feature adoption, fix bugs, and prioritize our roadmap. We do not sell individual usage data to third parties.

Legal compliance

We may process your data to comply with applicable laws, respond to legal requests, or protect our rights and safety.

3. AI-Specific Data Practices

Prompt data

Your prompts and AI-generated outputs are processed in real-time and are not used to train third-party models. Enterprise customers can opt out of all data retention for prompts.

Model providers

When you use third-party AI models (OpenAI, Anthropic, Google), your prompt is sent to that provider under their respective data processing terms. We recommend reviewing each provider's privacy policy.

RAG documents

Documents you upload to your RAG knowledge base are stored encrypted (AES-256) and are only accessible to your account. They are permanently deleted within 30 days of account closure.

4. Data Sharing & Third Parties

Service providers

We share data with trusted providers who help us operate (Stripe for payments, Vercel for hosting, Resend for email). Each provider is bound by data processing agreements.

No selling of data

We do not sell, rent, or trade your personal information to advertisers or data brokers. Period.

Business transfers

If Aria is acquired or merged, your information may be transferred. We will notify you via email and provide options before any such transfer.

5. Security & Data Storage

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database backups are encrypted and stored in geographically separate regions.

Infrastructure

Aria runs on SOC 2 Type II-compliant infrastructure. We conduct annual penetration tests and maintain a responsible disclosure program for security researchers.

Data residency

By default, data is stored in US-East. Enterprise customers can choose EU (Frankfurt) or APAC (Singapore) data residency for compliance with local regulations.

6. Your Rights & Choices

Access & portability

You can export all your data (prompts, documents, settings) at any time from Settings > Data Export. We provide your data in JSON format within 24 hours.

Deletion

You can delete your account from Settings > Account. All personal data is purged within 30 days, except where we are legally required to retain it.

GDPR & CCPA

If you are in the EU or California, you have additional rights including the right to object to processing, restrict processing, and lodge a complaint with a supervisory authority. Email privacy@aria.ai to exercise these rights.

Cookies

We use essential cookies for authentication and preferences. Optional analytics cookies are only set with your consent. You can manage cookie preferences at any time.

Questions about your privacy?

Contact our Data Protection Officer at privacy@aria.ai or write to us at 548 Market St, Suite 36000, San Francisco, CA 94104.