Privacy Policy

• Account Information: Name, email address, password, and date of birth (for age verification).
• Onboarding Data: Information you provide during initial setup, such as your communication preferences, what motivated you to use Aria, current mood or emotional state, and topics of interest.
• Conversation Content: The text of all messages you send to Aria and all responses Aria generates.
• Voice Data: If you use voice features, audio may be processed by our text-to-speech provider to generate Aria’s spoken responses. We do not store recordings of your voice.
• Payment Information: If you subscribe to a paid plan, payment details are collected and processed by our payment processor (Stripe). We do not store your full credit card number.
• Support Communications: Information you provide when contacting our support team.

• Memory Data: Key facts, preferences, personal details, and contextual information extracted from your conversations by our memory system. This enables Aria to remember and reference your previous interactions.
• Pattern Data: Behavioral, emotional, temporal, topical, and communication patterns detected across your interactions. These patterns are used to personalize Aria’s responses.
• Usage Data: Session timestamps, session duration, features used, conversation frequency, and interaction metadata.
• Device Information: Device type, operating system, browser type, screen resolution, and app version.
• Log Data: IP address, access times, pages viewed, and error logs.

In your conversations with Aria, you may choose to share information about your health, mental health, emotional state, relationships, religious or political views, sexual orientation, financial situation, or other sensitive personal matters.

We want to be transparent about how this information is handled:

• Sensitive information shared in conversations is processed by our AI systems and memory infrastructure to provide personalized responses and maintain conversational continuity.
• We do not categorize, label, or separately index your sensitive information for any purpose other than enabling Aria’s conversational memory.
• We do not use sensitive information from your conversations for advertising, marketing, profiling for commercial purposes, or any purpose unrelated to providing the Service.
• Our crisis detection systems may process conversation content to identify expressions of self-harm or danger, as described in our Terms of Service.

By sharing sensitive information with Aria, you consent to its processing as described in this Privacy Policy. You are never required to share sensitive information to use the Service.

• Operating Aria and enabling personalized conversations
• Maintaining conversational memory so Aria can reference previous interactions
• Detecting patterns to improve relevance and quality of responses
• Generating proactive messages based on context from previous conversations
• Processing voice features through our text-to-speech provider

• Operating automated crisis detection and safety systems
• Detecting and preventing abuse, fraud, and violations of our Terms of Service
• Protecting the security and integrity of the Service

• Analyzing aggregate, de-identified usage patterns to improve the Service
• Identifying and fixing bugs, errors, and performance issues
• Developing new features and capabilities

• Sending account-related notifications (password resets, billing, Terms updates)
• Responding to your support inquiries

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities

Your data is stored using the following systems:

• Primary Database: Account information, conversation metadata, and subscription data are stored in our PostgreSQL database hosted on [HOSTING PROVIDER].
• Memory System: Conversational memory data (facts, preferences, and contextual details extracted from your conversations) is stored in our memory infrastructure, which uses a combination of graph and vector databases to enable rich, contextual recall.
• Cache: Temporary session data may be cached in Redis for performance purposes and is not retained beyond your active session.
• Payment Data: Payment information is processed and stored by Stripe in accordance with PCI DSS standards. We do not store full payment card details on our systems.

• Active Accounts: Your data is retained for as long as your account is active and you continue to use the Service.
• Deleted Conversations: When you delete a conversation through the app, the conversation content is removed from our active systems within thirty (30) days. Residual data in backups may persist for up to ninety (90) days before being overwritten.
• Deleted Memories: When you delete specific memories through the app, they are removed from our memory system within thirty (30) days.
• Account Deletion: Upon account deletion, we will delete your personal data within thirty (30) days, except where retention is required by law or necessary for legitimate purposes such as resolving disputes. Backup copies may persist for up to ninety (90) days.
• Anonymized Data: We may retain aggregated, de-identified data that cannot reasonably be used to identify you for analytical and improvement purposes indefinitely.

We implement commercially reasonable technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls limiting who can access user data
• Regular security assessments and monitoring
• Secure authentication practices

No system is perfectly secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

We share data with third-party service providers who assist us in operating the Service, including:

• AI Model Providers: Your conversation content is processed by third-party large language model providers to generate Aria’s responses. These providers process your data in accordance with their commercial terms and our data processing agreements.
• Voice Provider: If you use voice features, text is sent to our text-to-speech provider to generate audio responses.
• Payment Processor: Stripe processes your payment information.
• Hosting and Infrastructure: Our hosting providers store and process data on our behalf.

These providers are contractually obligated to use your data only as necessary to provide services to us, to maintain confidentiality, and to comply with applicable data protection laws.

We may disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, or lawful government request
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users or the public
• Protect against legal liability

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

You have the right to request a copy of the personal information we hold about you. Where technically feasible, we will provide this information in a commonly used, machine-readable format.

You have the right to request that we correct inaccurate or incomplete personal information.

You have the right to request deletion of your personal information, subject to certain exceptions (such as data we are required to retain by law). You can delete specific conversations and memories through the app, or request full account deletion by contacting us.

You may have the right to request that we restrict the processing of your data or to object to certain types of processing.

Where we rely on your consent to process personal information, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted before the withdrawal.

To exercise any of these rights, please contact us at [SUPPORT EMAIL]. We may ask you to verify your identity before processing your request. We will respond to your request within thirty (30) days, or as required by applicable law.