Privacy Policy

Data Controller

This service is operated by Digital Creative Academy, Switzerland. For privacy inquiries, please use our contact form.

Privacy & Data Use

Age Requirement: This service is only available to users aged 18 and above.

Our companion is designed with your privacy at the forefront. Accounts now require a verified email, username, and password so that we can manage bundles, entitlements, and billing history securely. We limit optional fields and only collect what is necessary to operate Ari.

Legal Basis for Processing

Under Swiss data protection law (Federal Act on Data Protection), GDPR, and other applicable privacy laws, we process your personal data based on the following legal grounds:

• Consent: When you create an account, you provide explicit consent for us to process your username, email, and password to deliver the service. You confirm your age (18+) during signup. Consent can be withdrawn by deleting your account.
• Contractual Necessity: Processing account data, session usage, and payment references is necessary to fulfill our contract with you—to provide access to the service you've paid for or signed up for.
• Legitimate Interest: We have a legitimate interest in:
  • Preventing fraud, abuse, and unauthorized access to the service
  • Maintaining security and system integrity
  • Collecting anonymous, aggregated analytics to improve the service
  • Complying with legal obligations and responding to legal requests

We balance our legitimate interests against your privacy rights and only process data when necessary and proportionate.

Children's Privacy

This service is intended for adults aged 18 and above only. We do not knowingly collect any personal data from individuals under 18. If you believe someone under 18 has provided personal information, please contact us immediately and we will delete it.

Free Trial & Basic Usage

• Account-backed access: Trials and paid bundles are linked to your authenticated account. We store your username, encrypted email, and securely hashed password so you can log in across devices. Names are also encrypted for privacy.
• Minimal profiling: We capture only the metrics needed to prevent abuse and to track your remaining allowance.
• No conversation storage: All conversations are ephemeral and disappear when you close the page.
• Limited technical logs: We retain high-level security logs (such as IP address and user agent hash) long enough to investigate abuse or fraud, after which they are purged.

Payment & Paid Sessions

• Stripe payment processing: Payments are securely processed by Stripe, Inc. When you make a payment, Stripe collects and processes credit/debit card information (securely tokenized), billing address, transaction amounts, and email (if provided). Stripe does not require or store personal identification documents or social security numbers for regular payments.
• Optional payment method saving: You may choose to save payment methods with Stripe for future use. If you do, Stripe securely stores only tokenized payment data, billing information, and transaction history using AES-256 encryption. You maintain full control and can delete saved methods anytime through Stripe Link.
• Anonymous payments: Payment processing does not require account creation or extensive personal information. You can make payments anonymously using only the information needed for transaction processing.
• Secure session management: Paid sessions use secure HTTPOnly cookies that cannot be accessed by JavaScript, providing protection against cross-site scripting (XSS) attacks while managing session access.
• No payment data storage: We do not store any credit card information, payment details, or billing information on our servers—all payment data is exclusively handled by Stripe's PCI DSS Level 1 certified systems.

Contact & Communication

• Contact form: Messages sent via our contact form are processed by our system and delivered via Gmail's SMTP service.
• Email transmission: Contact emails are transmitted through Google's Gmail service according to their privacy policy.
• No marketing vendors: Contact submissions are not shared with external marketing or analytics services.
• Voluntary communication: All contact and email communication is initiated by you and is entirely voluntary.

Analytics & Service Improvement

• Minimal analytics: We collect basic usage statistics (trial starts, paid sessions, conversation counts) for service improvement.
• No personal identification: Analytics data is aggregated and anonymous—no individual user tracking or profiling occurs.
• No third-party trackers: We do not use external analytics services, cookies, or tracking pixels.

Data Retention & Security

• Minimal retention: We retain account details (username, encrypted email, hashed password) and session usage counters only as long as needed to provide the service. Accounts inactive for 365 days are automatically deleted.
• User-controlled deletion: You can delete your account at any time through account settings, which immediately removes all your stored data.
• Data breach notification: In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by Swiss law.
• Secure storage: Sensitive account data is encrypted at rest using industry-standard encryption methods. All data transmission is encrypted in transit (HTTPS/WSS).
• Payment security: Payment processing meets PCI DSS Level 1 industry security standards through Stripe.
• No conversation storage: Conversations are processed in real-time and are never stored on our servers or accessible to our hosting provider.
• Regular audits: We conduct internal security and privacy audits to maintain service integrity.
• Regulatory compliance: We adhere to privacy principles consistent with Swiss data protection law (FADP), GDPR, CCPA, and HIPAA standards while limiting the personal data we manage.

Your Rights & Choices

Depending on your location, you may have the right to:

• Access a copy of your personal data
• Request correction or deletion of your personal information
• Object to or restrict processing of your data
• Withdraw consent (where applicable)
• Lodge a complaint with your local data protection authority

Important Note: Because most users do not provide personal data, we typically cannot identify individual users unless you voluntarily provide contact information (e.g., via Stripe).

Data Management

• Account data: You can delete your account directly from the in-product settings at any time, or contact us for help. Deletion removes stored credentials, session usage, and associated inactive tokens subject to legal retention requirements.
• Stripe payment data: Payment information, including optional email addresses for receipts, is collected and stored by Stripe, Inc. We do not control or retain this data and cannot modify or delete it. If you wish to manage or remove your payment information, please use the Stripe customer portal or contact Stripe directly at https://support.stripe.com.
• Dormancy purges: Accounts with no activity for 365 consecutive days are automatically deleted along with associated session allowances. This process happens without additional notice beyond these terms.

Third-Party Services

• Stripe: Payment processing is handled by Stripe, Inc. Stripe operates independently and does not share payment details with us beyond basic transaction confirmations (amount, status, date). Stripe's privacy policy governs all payment data handling, and customers can manage their payment information directly through Stripe Link.
• OpenAI: Conversations are processed in real time via OpenAI's API. We do not store or retain conversation content. OpenAI may temporarily retain API inputs for up to 30 days to monitor for abuse or misuse. Data from the API is not used to train OpenAI's models unless explicitly opted in. OpenAI's privacy policy applies to conversation processing.
• Gmail/Google: Contact form emails are sent via Gmail's SMTP service. Google's privacy policy applies to email transmission.
• Render: The service is hosted on Render's cloud infrastructure. Render provides hosting services only and does not have access to conversation content, which is encrypted in transit. Render's privacy policy governs standard hosting-related data (server logs, connection metadata).
• No other third parties: We do not share data with marketing services, social media platforms, or analytics providers.

Email Retention

If you provide an email address during payment, it is stored by Stripe according to their legal and regulatory obligations. We do not store this email or use it for marketing or analytics. Please refer to Stripe's Privacy Policy for more information.

International Data Transfers

Our service uses third-party providers (Stripe, OpenAI, Render, Gmail), some of which may process data in jurisdictions outside your country. These providers implement appropriate safeguards, including Standard Contractual Clauses (SCCs), where legally required, to ensure your data remains protected.

Cookies and Tracking

We use only essential HTTPOnly cookies for secure session management. These cookies cannot be accessed by JavaScript and are used solely for maintaining your session across page visits. We do not use tracking cookies, analytics cookies, advertising cookies, or third-party tracking services. Your usage is not tracked or profiled beyond what is necessary for session security and service functionality.

Disclaimer

This service is not a medical device and is not intended to diagnose, treat, or prevent any health conditions.

• Conversations are generated by AI and intended for emotional support only.
• The service is not a substitute for clinical, therapeutic, or emergency care.
• Use of the service is voluntary and entirely at your discretion.
• If you are in crisis or require medical support, please contact a licensed professional or emergency service.

Contact and Complaints

If you have questions about this privacy policy or your data, please use our contact form. If you are located in the EU or another jurisdiction with data protection laws, you have the right to lodge a complaint with your local data protection authority.

Effective Date: This privacy policy was last updated on January 1, 2026.

By using this service, you agree to these privacy practices, our Terms & Conditions, and acknowledge the minimal data collection described above.