AriseAriseAi
Request access

Draft. This document is a placeholder while AriseAi is in closed beta. Final language will be reviewed by counsel before general availability. For questions in the meantime, get in touch.

Legal

Privacy Policy

Last updated: May 3, 2026

What we collect, how we use it, and what we don't do with it. Written in plain language so you can actually read it.

1. Who we are

AriseAi is a product of Arise Technology Company. This policy covers data processed through the AriseAi platform.

2. What we collect

From you, the customer (the company on the contract):

  • Account data: company name, billing contact, billing address, payment method.
  • Configuration data: ICP definition, message library, campaign settings, BYOK API keys (encrypted at rest).
  • Customer data you bring: prospect lists, account targets, CRM-linked records.

From end users on your tenant:

  • Identity data: name, work email, hashed password (managed by Clerk, our auth provider).
  • Activity logs: which features were used, when, by whom — for auditability.

3. How we use it

  • To run the agents you configured.
  • To bill you, support you, and fix things when they break.
  • To improve the platform — but only with aggregated, de-identified data, never with content from your tenant.

4. What we don't do

  • We don't sell your data. Ever.
  • We don't train third-party models on your data. Anthropic (our LLM provider) does not train on API traffic by default, and we use the API in that mode.
  • We don't share your data with another customer. Multi- tenant isolation is enforced at the database layer (RLS) plus application layer.

5. Where data lives

Customer data is stored in Supabase (Postgres) hosted in United States regions. LLM inference runs through Anthropic's US-based API. If you need a different data-residency posture for procurement reasons, talk to us about Dedicated Cloud.

6. Subprocessors

We use the following subprocessors to deliver the service:

  • Clerk — authentication and session management
  • Supabase — Postgres database and Realtime
  • Anthropic — Claude API (LLM inference)
  • Tavily — web search grounding
  • Vercel — frontend hosting
  • Railway — agent runtime hosting
  • Stripe — billing (when billing goes live at GA)

We'll notify customers of material subprocessor changes before they take effect.

7. Your rights

You can export your data, correct inaccurate records, and request deletion at any time. Customer-data deletion happens within 30 days of request (sooner if reasonable). Deletion requests on data legally required to retain (e.g., billing records under tax law) are honored when those holds expire.

8. Security

  • Data in transit: TLS 1.2+ everywhere.
  • Data at rest: encrypted by our database provider.
  • BYOK API keys: encrypted at rest, never logged.
  • 2FA: required for every user.
  • Cross-tenant isolation: verified by an automated test suite that runs against our test environment.

SOC 2 readiness work begins once a paying enterprise prospect requires it. We'll publish progress when underway.

9. Data retention

We keep customer data for as long as your contract is active. On cancellation we freeze the workspace, give you 30 days to export, then delete what's left — except records we're legally required to retain.

10. Cookies

We use the cookies necessary to keep you logged in (set by Clerk). We don't run third-party analytics or marketing trackers on the AriseAi app.

11. Changes

We may update this policy. Material changes are announced in-app or by email at least 30 days in advance.

12. Contact

Privacy questions, data subject requests, or DPA inquiries — get in touch.

← Back to AriseAi