Privacy Policy — Ari: Gentle Support Companion

Privacy & Data Use

Our companion is designed with your privacy at the forefront. You can access the service with minimal data collection—no login or personal identification is required for basic use.

Legal Basis for Processing

We rely on your consent (e.g., when you voluntarily provide your email for a receipt), and our legitimate interest (e.g., to deliver, secure, and improve the service) as the legal bases for processing any personal data under the GDPR and other applicable privacy laws.

Children's Privacy

This service is not intended for children under 13 (or under 16 in the European Union) unless parental consent is obtained. We do not knowingly collect any personal data from children. If you believe a child has provided personal information, please contact us immediately.

Free Trial & Basic Usage

Anonymous trial access: New users receive a 2-minute free trial with no registration required.
Local storage only: Trial usage is tracked locally in your browser to prevent abuse—no server-side tracking.
No conversation storage: All conversations are ephemeral and disappear when you close the page.
No IP or device logging: Technical details like IP addresses or device IDs are not retained for basic usage.

Payment & Paid Sessions

Stripe payment processing: Payments are securely processed by Stripe, Inc. When you make a payment, Stripe collects and processes credit/debit card information (securely tokenized), billing address, transaction amounts, and email (if provided). Stripe does not require or store personal identification documents or social security numbers for regular payments.
Optional payment method saving: You may choose to save payment methods with Stripe for future use. If you do, Stripe securely stores only tokenized payment data, billing information, and transaction history using AES-256 encryption. You maintain full control and can delete saved methods anytime through Stripe Link.
Anonymous payments: Payment processing does not require account creation or extensive personal information. You can make payments anonymously using only the information needed for transaction processing.
Session tokens: Paid sessions use secure tokens stored locally in your browser to manage access without requiring account creation on our service.
No payment data storage: We do not store any credit card information, payment details, or billing information on our servers—all payment data is exclusively handled by Stripe's PCI DSS Level 1 certified systems.

Contact & Communication

Contact form: Messages sent via our contact form are processed by our system and delivered via Gmail's SMTP service.
Email transmission: Contact emails are transmitted through Google's Gmail service according to their privacy policy.
No marketing vendors: Contact submissions are not shared with external marketing or analytics services.
Voluntary communication: All contact and email communication is initiated by you and is entirely voluntary.

Analytics & Service Improvement

Minimal analytics: We collect basic usage statistics (trial starts, paid sessions, conversation counts) for service improvement.
No personal identification: Analytics data is aggregated and anonymous—no individual user tracking or profiling occurs.
No third-party trackers: We do not use external analytics services, cookies, or tracking pixels.

Data Retention & Security

Minimal retention: Only essential data for service operation (session tokens) is retained.
Secure processing: All data transmission is encrypted (HTTPS/WSS) and payment processing meets industry security standards.
No conversation storage: Conversations are processed in real-time and are never stored on our servers or accessible to our hosting provider.
Regular audits: We conduct internal security and privacy audits to maintain service integrity.
Regulatory compliance: While minimal data is collected, we adhere to privacy principles consistent with GDPR, CCPA, and HIPAA standards.

Your Rights & Choices

Depending on your location, you may have the right to:

Access a copy of your personal data
Request correction or deletion of your personal information
Object to or restrict processing of your data
Withdraw consent (where applicable)
Lodge a complaint with your local data protection authority

Important Note: Because most users do not provide personal data, we typically cannot identify individual users unless you voluntarily provide contact information (e.g., via Stripe).

Data Management

Local data deletion: You can clear all local data (trial status, session tokens) by clearing your browser data.
Stripe payment data: Payment information, including optional email addresses for receipts, is collected and stored by Stripe, Inc. We do not control or retain this data and cannot modify or delete it. If you wish to manage or remove your payment information, please use the Stripe customer portal or contact Stripe directly at https://support.stripe.com.
Service discontinuation: You can stop using the service at any time with no data retention concerns.

Third-Party Services

Stripe: Payment processing is handled by Stripe, Inc. Stripe operates independently and does not share payment details with us beyond basic transaction confirmations (amount, status, date). Stripe's privacy policy governs all payment data handling, and customers can manage their payment information directly through Stripe Link.
OpenAI: Conversations are processed in real time via OpenAI's API. We do not store or retain conversation content. OpenAI may temporarily retain API inputs for up to 30 days to monitor for abuse or misuse. Data from the API is not used to train OpenAI's models unless explicitly opted in. OpenAI's privacy policy applies to conversation processing.
Gmail/Google: Contact form emails are sent via Gmail's SMTP service. Google's privacy policy applies to email transmission.
Render: The service is hosted on Render's cloud infrastructure. Render provides hosting services only and does not have access to conversation content, which is encrypted in transit. Render's privacy policy governs standard hosting-related data (server logs, connection metadata).
No other third parties: We do not share data with marketing services, social media platforms, or analytics providers.

Email Retention

If you provide an email address during payment, it is stored by Stripe according to their legal and regulatory obligations. We do not store this email or use it for marketing or analytics. Please refer to Stripe's Privacy Policy for more information.

International Data Transfers

Our service uses third-party providers (Stripe, OpenAI, Render, Gmail), some of which may process data in jurisdictions outside your country. These providers implement appropriate safeguards, including Standard Contractual Clauses (SCCs), where legally required, to ensure your data remains protected.

Cookies and Tracking

We do not use cookies, tracking pixels, or third-party analytics services. Your usage is not tracked or profiled. The only local data stored is essential session information (trial usage, payment tokens) stored in your browser's local storage, which you can clear at any time.

Disclaimer

This service is not a medical device and is not intended to diagnose, treat, or prevent any health conditions.

Conversations are generated by AI and intended for emotional support only.
The service is not a substitute for clinical, therapeutic, or emergency care.
Use of the service is voluntary and entirely at your discretion.
If you are in crisis or require medical support, please contact a licensed professional or emergency service.

Contact and Complaints

If you have questions about this privacy policy or your data, please use our contact form. If you are located in the EU or another jurisdiction with data protection laws, you have the right to lodge a complaint with your local data protection authority.

Effective Date: This privacy policy was last updated on August 17, 2025.

By using this service, you agree to these privacy practices, our Terms & Conditions, and acknowledge the minimal data collection described above.