Privacy Policy

ARI is built to give you a calm space for reflection. We only collect data needed to run the app, secure it, and generate responses.

Your inputs may be processed by third-party providers (for example OpenAI for model responses and Firebase for auth/database). We do not promise absolute anonymity, but we do limit storage where possible and explain exactly what happens below.

Depending on how you use ARI, we may process:

• Account data: email address, Firebase user ID, email verification state, and account timestamps.
• Profile and preference data: display name, year of birth, selected language/tone preferences, onboarding notes, and reflection goals you enter.
• Session content: messages, quick-tool inputs/outputs, generated reports, and saved artifacts when saving is enabled.
• Technical and security data: request timestamps, thread/session IDs, model usage metrics (such as token usage and cost records), error events, and anti-abuse/rate limit signals.
• Limited network metadata: IP-based signals may be used for abuse prevention and rate limiting.
• Local browser data: some quick tools store temporary state in local storage on your device so you can continue where you left off.

• To create and secure your account.
• To run chat and quick features and generate responses.
• To generate summaries, insights, and progress/report views.
• To improve reliability, prevent abuse, and monitor system health.
• To support personalization features you explicitly configure.

ARI currently relies on third-party providers to operate key parts of the service, including:

• Firebase (authentication, primary database, app security tooling where enforced).
• OpenAI (generation and embedding-related model processing).
• Pinecone (memory/vector retrieval, when configured).
• Upstash Redis (rate limiting, when configured).

Data handled by these providers is subject to their infrastructure and policies in addition to ours.

No Trace is designed to reduce stored conversation history, not to create absolute invisibility.

• In Quick flows, when No Trace is active, quick artifacts are not saved as normal account artifacts.
• In Deep chat, a No Trace thread is flagged and the end-session cleanup pipeline removes that thread and related subcollections from primary Firestore storage.
• During active requests, your text still has to be processed to produce a response, including model-provider processing.
• Short-lived operational/security logs and local browser state may still exist.

• Account/profile records are kept while your account is active.
• Saved sessions, reports, and artifacts remain until deleted by feature logic or manual cleanup actions.
• Some local quick-tool state expires automatically; some remains on your device until your browser storage is cleared.
• Usage/security records may be retained for fraud prevention, reliability, and accounting.

We use practical safeguards, including authenticated APIs, access checks, and rate limiting.

No online service can guarantee perfect security. If you believe your account is at risk, stop using shared devices and change your authentication credentials immediately.

• Use No Trace mode when you want reduced persistence.
• Delete saved quick artifacts in supported quick flows.
• Edit profile information from app onboarding/profile flows.
• Clear browser local storage to remove locally cached data.

ARI is intended for users age 16 and older. ARI is not a medical service, not crisis support, and not a substitute for professional mental health care.

We may update this policy when product or legal requirements change. If we make material changes, we will update the “Last updated” date on this page.

For privacy questions, use the official support/contact channel associated with your access to ARI.