Privacy Policy

Last updated: May 6, 2026

1. Introduction

ARIA ("we", "our", "us") is an AI-powered marketing platform that helps developer founders grow their businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at aria.hoversight.agency and related services. By using ARIA, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the platform.

2. Information We Collect

Account Information

  • Name and email address
  • Business name and description
  • Product information and target audience details
  • Brand voice preferences
  • Authentication credentials (managed by Supabase Auth)

Google Account Data (when connected)

  • Basic profile: name, email address, profile picture (via Sign in with Google)
  • Gmail (gmail.send scope only): permission to send email on your behalf when you explicitly approve a draft. We do NOT read your inbox, do NOT access your message contents, and do NOT have any other Gmail access.

Other Connected Services (optional, when authorized)

  • X/Twitter: ability to post tweets on your behalf (only after explicit approval). We access your profile information and posting permissions.
  • LinkedIn: ability to publish posts to your profile or company pages (only after explicit approval). We access your profile and organization admin status.
  • WhatsApp Business API: ability to send and receive business messages. We store the credentials you provide.

Usage Data

  • Agent activity logs (which agents ran, when, and what they produced)
  • Chat conversation history with the CEO agent
  • API usage metrics (requests, tokens consumed)
  • CRM data you create (contacts, companies, deals)
  • Marketing content you create or approve

3. How We Use Your Information

  • Provide, operate, and maintain the ARIA platform
  • Generate personalized marketing content, strategies, and recommendations using AI
  • Send emails, publish social posts, and execute marketing actions you have explicitly approved
  • Communicate with you about your account and platform updates
  • Ensure platform security and prevent abuse
  • Improve the quality of our AI-generated outputs based on aggregated, anonymized usage patterns

4. Google User Data — Limited Use Disclosure

ARIA's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

  • We use Google user data only to provide or improve user-facing features prominent in ARIA (Sign in with Google for authentication, gmail.send for sending approved marketing emails on your behalf).
  • We do not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger / acquisition / sale of assets with continued protections.
  • We do not use Google user data to serve advertising, including retargeting, personalized, or interest-based advertising.
  • We do not allow humans to read your Google user data unless we have your explicit affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), or it is required by law.
  • We do not use Google user data to train, develop, or improve generalized AI / ML models.

5. How We Share Your Information

We do not sell your personal information. We share data only with the following service providers, each acting as a processor under our instructions:

  • Supabase (database, authentication) — hosts your account data, CRM rows, and content library
  • Anthropic (Claude AI) — processes your prompts to generate marketing content; Anthropic does not train on your data per their Commercial Terms
  • Hostinger (cloud infrastructure) — hosts the ARIA platform on a virtual private server
  • Resend (transactional email) — delivers approved emails you send via ARIA
  • Postmark (inbound email parsing) — receives reply emails routed back to your ARIA inbox
  • Pollinations.ai / Google Gemini (image generation) — generates marketing images based on your prompts
  • Qdrant (vector search) — stores embeddings of your content for semantic recall
  • Connected platforms (Gmail / Google, X/Twitter, LinkedIn, WhatsApp) — only when you explicitly authorize an action
  • Legal requirements — when required by law or to protect our rights, your safety, or the rights of others

6. Data Security

We implement industry-standard security measures including:

  • JWT-based authentication on all API endpoints, with per-tenant authorization checks on every request
  • Tenant isolation — users can only access data belonging to their own tenant
  • CORS restrictions to authorized origins only
  • Per-tenant + per-IP rate limiting (Redis-backed) to prevent abuse
  • OAuth 2.0 for all third-party integrations — we never see or store your provider passwords
  • HMAC signature verification on all inbound webhooks (Stripe, Postmark, Resend, etc.)
  • HTTPS / TLS encryption for all data in transit
  • Logging redaction filters to prevent secrets leaking into server logs
  • Container-level privilege separation — backend services run as non-root

While we strive to protect your data, no method of electronic transmission or storage is 100% secure.

7. Third-Party Privacy Policies

ARIA integrates with third-party services that have their own privacy policies. We encourage you to review them:

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time by contacting us at the address below. Upon a verified deletion request, we will remove your personal data and Google user data within 30 days, except where retention is required by applicable law (e.g., financial records, abuse-investigation logs). Aggregated, fully anonymized data may be retained for analytics.

9. Your Rights

Depending on your jurisdiction (including the EU/EEA under GDPR and California under CCPA), you may have the following rights:

  • Access your personal data we hold
  • Correct inaccurate or incomplete data
  • Delete your account and associated data
  • Disconnect any third-party integration at any time from Settings
  • Export your data in a machine-readable format
  • Withdraw consent for data processing where consent is the legal basis
  • Lodge a complaint with your local data protection authority
  • Revoke ARIA's access to your Google account at any time via your Google Account settings: https://myaccount.google.com/permissions

10. Cookies and Local Storage

We use essential cookies and browser local storage for authentication, session management, and remembering your preferences within the dashboard. We do not use tracking cookies, behavioral profiling cookies, or third-party advertising cookies.

11. Children's Privacy

ARIA is not intended for users under the age of 18 and is targeted at business operators / founders. We do not knowingly collect personal information from children. If we learn that we have collected personal data from a person under 18, we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal / regulatory reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date below. For significant changes, we will additionally notify registered users by email.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise any of your rights, or wish to request data deletion, please contact us at:

accounts@zillamedia.co