Last updated: April 6, 2026
AIARCO Inc ("we," "our," or "us"), a Delaware corporation, operates the AIARVA platform at aiarva.com and mobile applications for iOS and Android (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you consent to the practices described in this policy. For data processing on behalf of business customers, see our Data Processing Agreement.
AIARVA's vision and image analysis features process images you upload but do not collect, extract, or store biometric identifiers (e.g., facial geometry, fingerprints). Images are processed transiently by our AI model providers and are not used for biometric identification.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Providing the Service (search, conversations, AI responses) | Contract performance (Art. 6(1)(b)) |
| Account creation and authentication | Contract performance (Art. 6(1)(b)) |
| Payment processing and billing | Contract performance (Art. 6(1)(b)) |
| Health and fitness data processing | Explicit consent (Art. 6(1)(a), Art. 9(2)(a)) |
| Financial data processing (Plaid) | Explicit consent (Art. 6(1)(a)) |
| Smart home device control | Explicit consent (Art. 6(1)(a)) |
| AI model improvement (Free tier, anonymized) | Legitimate interest (Art. 6(1)(f)) |
| Analytics and service improvement | Legitimate interest (Art. 6(1)(f)) |
| Contextual advertising (Free tier) | Legitimate interest (Art. 6(1)(f)) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (tax records, law enforcement) | Legal obligation (Art. 6(1)(c)) |
Data minimization: We collect only the information necessary to provide the features you use. We do not collect data from features you have not activated (e.g., health, finance, smart home data is only collected if you opt in to those features).
We do not sell your personal information. We share data with the following categories of third-party service providers (sub-processors), each bound by data processing agreements:
| Category | Provider(s) | Data Processed |
|---|---|---|
| Cloud Infrastructure | Amazon Web Services (AWS) | All service data (hosting, storage, compute) |
| Frontend Hosting | Vercel | Web traffic, access logs |
| AI Model Providers | OpenRouter (gateway), OpenAI, Anthropic, Google, xAI, Meta, Mistral, DeepSeek, Perplexity | Queries, conversation context (providers are contractually prohibited from using data for training) |
| Image Generation | Stability AI | Image prompts |
| Web Search | Tavily, Brave Search, Serper, Perplexity | Search queries |
| Payments | Stripe | Billing info, subscription status |
| Financial Services | Plaid | Bank account links, transaction data (handled by Plaid; credentials never stored on AIARVA servers) |
| Smart Home | Google Home / Smart Device Management (SDM) | Device states, command history |
| Identity & SSO | WorkOS | SAML/OIDC tokens, directory sync data |
| Analytics | PostHog | Anonymized usage events, feature flags |
| Error Tracking | Sentry | Error logs, stack traces (no PII) |
| Amazon SES | Email addresses, transactional email content | |
| Nutrition | FatSecret | Food search queries |
| Weather | OpenWeather | Location coordinates (when provided) |
| Travel | Amadeus | Flight search queries |
| Delivery Tracking | Ship24 | Tracking numbers |
| Shopping | PricesAPI.io | Product search queries |
| News | NewsData.io | News search queries |
| Integrations | Notion | Page content (with your OAuth authorization) |
| Social Media (Marketing) | Twitter/X, Reddit, LinkedIn, Facebook, Instagram, TikTok, Telegram | Scheduled posts, analytics (with your OAuth authorization) |
We may also disclose your information when required by law, subpoena, court order, or to protect our rights, property, or safety.
If you use AIARVA Life health and fitness features, we collect health-related data (weight, caloric intake, exercise logs, nutrition entries) that you voluntarily provide. This data is classified as special category data under GDPR Article 9 and is processed only with your explicit consent.
If you use AIARVA Life finance features, you may link bank accounts via Plaid. Financial data is subject to the following protections:
If you connect smart home devices via Google Home integration, we collect device names, states, and command history. Due to the sensitivity of smart home data (lifestyle patterns, physical security):
We retain your data for the minimum period necessary. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Search history & conversations | 12 months (auto-deleted) |
| Generated images | 12 months (auto-deleted) |
| Health & fitness data | 36 months or until deleted |
| Financial data | 7 years (regulatory requirement) |
| Smart home command history | 12 months |
| Audit logs (Teams/Enterprise) | 3 years |
| Anonymized analytics | Indefinite |
You may delete your data at any time from your account settings, except where retention is required by law.
We implement industry-standard security measures including:
No method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@aiarva.com.
In the event of a personal data breach that poses a risk to your rights and freedoms:
Depending on your jurisdiction, you may have the right to:
To exercise these rights, contact our Data Protection Officer at privacy@aiarva.com. We will respond to verified requests within 30 days (45 days for complex requests, with notice).
We use automated processing in the following contexts:
You have the right to obtain human intervention, express your point of view, and contest decisions that significantly affect you. Contact privacy@aiarva.com to request a review of any automated decision.
We use the following cookies and similar technologies:
| Cookie / Technology | Type | Purpose | Duration |
|---|---|---|---|
| Session cookie | Essential (1st party) | Authentication and session management | Session / 30 days |
| CSRF token | Essential (1st party) | Cross-site request forgery protection | Session |
| PostHog analytics | Analytics (1st party) | Usage analytics and feature flags | 1 year |
| Theme preference | Functional (1st party) | Light/dark mode preference | 1 year |
You may disable non-essential cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.
Do Not Track: We currently do not respond to Do Not Track (DNT) browser signals, as there is no industry-standard protocol for compliance. However, you can opt out of analytics tracking in your account settings.
Your data is primarily processed in the United States. For transfers from the EEA, UK, or Switzerland to the US, we rely on:
For details, see our Data Processing Agreement.
The Service is not intended for children under 13 (or under 16 in EU/EEA member states where applicable). We do not knowingly collect personal information from children under these ages. If we learn that we have collected such data, we will promptly delete it. If you believe a child has provided us with personal information, contact us at privacy@aiarva.com.
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act provide you with specific rights:
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. Free tier advertising is contextual only (based on the current query, not behavioral profiles).
You may designate an authorized agent to make CCPA requests on your behalf. We may require verification of the agent's authority and your identity before processing such requests.
Our referral program provides account credits for successful referrals. This constitutes a financial incentive under CCPA. You may opt in to the referral program and withdraw at any time without penalty. The value of the incentive is reasonably related to the value of the data provided.
If you are a resident of the following states, you may have additional rights under state privacy laws:
To exercise these rights, contact privacy@aiarva.com. We will respond within the timeframes required by each applicable law.
If you are an Australian resident, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We comply with applicable APPs regarding the collection, use, disclosure, and storage of your personal information. You may request access to and correction of your personal information, and lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Continued use after changes constitutes acceptance. We recommend reviewing this policy periodically.
Our Data Protection Officer can be contacted at:
For questions about this Privacy Policy:
AIARCO Inc
Wilmington, Delaware, United States