1. Information We Collect
Account Information
When you create an ARIA account, we collect your name, email address, and password. During onboarding, you may provide additional business details such as your brokerage name, market area, specialties, and communication preferences.
Business Data
ARIA stores information you provide about your real estate business, including:
- Client names, contact details, transaction stages, and notes
- Prospect and lead information
- Transaction details, vendor contacts, and property data
- Marketing content, email drafts, and social media posts you create with ARIA
Integration Data
If you connect third-party services, we access only the data necessary to provide ARIA's features:
- Google Calendar: Calendar event titles, times, and attendees (read-only) to power scheduling awareness and daily briefs
- Gmail: Email metadata (sender, subject, date) for email triage features. ARIA does not read email body content unless you explicitly paste it into a conversation.
- Meta (Facebook/Instagram): Page access tokens for publishing social content you create and approve in ARIA
- LinkedIn: Profile access for publishing social content you create and approve in ARIA
- Dotloop: Transaction data for syncing deal status into your ARIA pipeline
Usage Data
We collect basic usage analytics including feature usage counts, AI credit consumption, session timing, and error logs. We do not use third-party analytics trackers.
2. How We Use Your Information
We use your data exclusively to provide and improve ARIA's services:
- AI Assistance: Your agent profile and business context are sent to the Anthropic Claude API to generate personalized responses, email drafts, social content, and client recommendations
- Integrations: Connected service data is used to surface calendar events, sync transactions, and publish content you've approved
- Daily Briefs: Your client data and calendar are used to generate your personalized morning briefing email
- Account Management: Your email is used for authentication, password resets, and service notifications
We never sell your data. We never use your data to train AI models. We never share your business data with other ARIA users.
3. Data Storage & Security
Your data is stored in Supabase, a SOC 2 Type II compliant platform built on PostgreSQL, with row-level security (RLS) enforced so each user can only access their own data. All data is encrypted at rest and in transit.
Authentication is handled via Supabase Auth with JWT tokens. API endpoints validate tokens on every request and enforce per-endpoint rate limiting.
Files you upload (such as client documents) are stored in Supabase Storage with user-scoped access controls.
4. Third-Party Services
ARIA relies on the following third-party services to operate:
- Anthropic (Claude API): Powers all AI features. Your prompts and context are sent to Anthropic's API. Anthropic does not use API inputs to train models. See Anthropic's privacy policy.
- Supabase: Database, authentication, and file storage. SOC 2 Type II compliant.
- Vercel: Application hosting and serverless functions.
- Resend: Transactional email delivery (daily briefs, notifications).
- Google APIs: Calendar and Gmail integration (user-authorized, read-only by default).
- Meta APIs: Facebook and Instagram publishing (user-authorized).
- LinkedIn API: LinkedIn post publishing (user-authorized).
- Upstash: Redis-based rate limiting.
5. Your Data Rights
You have full control over your data:
- Access: You can view all your stored data through the ARIA dashboard at any time
- Export: You can export your client data, transaction history, and content from within the app
- Delete: You can request complete account deletion by contacting us. We will delete all your data within 30 days.
- Disconnect: You can revoke any integration connection at any time from Settings. Disconnecting immediately stops data syncing; previously imported data remains in your account as standalone ARIA data.
6. Google API Scopes
When you connect Google services, ARIA requests only the minimum permissions needed:
- calendar.readonly: Read your calendar events to include scheduling context in daily briefs and triage recommendations. ARIA never creates, modifies, or deletes calendar events.
- gmail.readonly: Read email metadata (sender, subject, date) for email triage features. ARIA does not access email body content through this scope.
ARIA's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
7. Contact
For privacy-related questions, data requests, or concerns, contact us at: