Legal

Privacy Policy

Last updated: May 2026 · Effective: May 2026

1. Who we are

Aria is a personal AI assistant application operated by meetaria.io ("we", "us", "our"). Our service is available at meetaria.io.

For any privacy-related questions, you can reach us at privacy@meetaria.io.

2. What data we collect

Account information

When you register, we collect your name, email address, and a securely hashed password. We never store your password in plain text.

Usage data

• Chat messages you send to Aria and Aria's responses (stored to provide conversation history)
• Tasks, events, and notes you create within the app
• Your timezone preference
• Your preferred mode (Work or Life)

Connected services (optional)

If you choose to connect Gmail or Google Calendar, we store OAuth tokens that allow Aria to read your emails and calendar events on your behalf. We do not store the content of your emails permanently — we only process them when generating a digest or responding to a query.

Push notifications

If you enable push notifications, we store your browser's push subscription endpoint to deliver reminders. This does not include any personal identifiers beyond your user account.

Telegram

If you connect a Telegram account for notifications, we store your Telegram chat ID linked to your Aria account.

Technical data

• Server logs (IP address, request timestamps) — kept for up to 30 days for security purposes
• JWT authentication tokens stored in your browser's localStorage

3. Why we collect it

• Account data — to authenticate you and personalise your experience
• Chat history — so Aria remembers your conversations and provides continuity
• Tasks & events — to power Aria's reminders and scheduling features
• Gmail & Calendar tokens — to read your emails and events only when you request it
• Push subscriptions — to deliver reminders you've set
• Server logs — to detect abuse, debug errors, and maintain security

Our legal basis under GDPR is contract performance (Art. 6(1)(b)) — the data is necessary to provide the service you signed up for — and legitimate interests (Art. 6(1)(f)) for security logs.

4. Third-party services

Aria integrates with the following third-party services. Each has its own privacy policy:

• Groq / Anthropic — AI language model providers that process your chat messages to generate responses. Messages are sent to their API and are subject to their data processing terms.
• Google (Gmail & Calendar) — accessed only if you explicitly connect your account. We use Google's OAuth 2.0.
• ElevenLabs — used for voice synthesis if you use the voice feature.
• Resend — used to send transactional emails (password reset, email digests).
• Telegram — used to send notifications if you connect your Telegram account.
• Railway — our cloud infrastructure provider where your data is stored.

5. Data storage & security

Your data is stored in a PostgreSQL database hosted on Railway's infrastructure in the European Union. We use the following security measures:

• All passwords are hashed using bcrypt — never stored in plain text
• All connections use HTTPS/TLS encryption in transit
• Authentication uses short-lived JWT tokens
• OAuth tokens for Google are stored encrypted
• Database access is restricted and not publicly exposed

Despite these measures, no system is 100% secure. If you discover a security vulnerability, please contact us immediately at security@meetaria.io.

6. How long we keep your data

• Account data — kept for as long as your account is active
• Chat history — kept indefinitely unless you delete it from the app
• Tasks & events — kept until you delete them
• Server logs — automatically deleted after 30 days
• Deleted accounts — all personal data is permanently deleted within 30 days of account deletion

7. Your rights (GDPR)

If you are in the European Economic Area, you have the following rights:

• Right of access — request a copy of all data we hold about you
• Right to rectification — correct any inaccurate data
• Right to erasure — request deletion of your account and all associated data
• Right to portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to restrict processing — request that we limit how we use your data

To exercise any of these rights, email us at privacy@meetaria.io. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at aepd.es.

8. Cookies

Aria uses only essential cookies and browser storage necessary for the app to function:

• localStorage (aria_token) — stores your authentication token so you stay logged in
• localStorage (aria_user) — stores basic profile info (name, email) to avoid extra server requests
• localStorage (aria_onboarded) — remembers whether you've completed onboarding

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can clear these at any time by logging out or clearing your browser's storage.

9. Children

Aria is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has registered, please contact us and we will delete the account promptly.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by showing a notice in the app before the changes take effect. The "last updated" date at the top of this page will always reflect the most recent version.

11. Contact us