Privacy Policy
What Aria collects, why we collect it, who helps us process it, how long we keep it, and the rights you can exercise — written plainly.
This is a template — review with counsel before relying on it. It is provided for illustration and does not constitute legal advice.
What this policy covers and the principles behind it.
Aria is an autonomous AI software company that runs in the cloud. You give it a goal; a company of agents plans, builds, ships, and operates your product — with you as its only human. To do that work, Aria processes a limited amount of information about you and the projects you connect.
This Privacy Policy explains what we collect, why we collect it, who helps us process it, how long we keep it, and the choices and rights you have. We've tried to write it the way we'd want to read it: plainly, and without burying the important parts.
Our operating principle is restraint. We collect the minimum needed to run your company reliably and keep it secure, and we don't sell your personal information.
The categories of information we process, and where it comes from.
We process a small number of well-defined categories of data.
When you create an account we collect your name, email address, and authentication identifiers. If you sign in through a third-party identity provider, we receive the basic profile fields that provider shares with us.
When you connect a code host or grant access to a project, Aria reads and writes the files, history, and metadata you authorize — only for the repositories you explicitly connect. Agents operate inside an isolated sandbox scoped to your work; they do not roam beyond what you've connected.
The instructions you give, the goals you set, and the transcripts of agent sessions are stored so your company has memory and you can audit what was done and why.
Payments are handled by our payment processor. We retain limited billing records — plan, invoices, and the last four digits of a card — but we never store full card numbers on our systems.
We collect standard product telemetry — pages viewed, features used, approximate location derived from IP, browser and device type, and error diagnostics — to keep the service reliable and to improve it.
The purposes for which we process information.
We use the data above to:
We do not use the contents of your private repositories or session transcripts to train foundation models, and we don't sell your personal information to anyone.
The vetted providers that help us deliver the service.
Aria relies on a small set of infrastructure and service providers (“sub-processors”) to operate. Each is bound by contract to protect your data and to process it only on our instructions. Our current categories of sub-processors include:
We maintain a current list of named sub-processors and will give advance notice of material changes so you can object where the law gives you that right. Contact us for the up-to-date list.
How long we keep what we collect, and when it’s deleted.
We keep personal data only as long as we need it for the purposes above, then delete or anonymize it.
You can ask us to delete your data at any time, subject to the legal retention limits noted above.
The control you have over your personal data.
Depending on where you live, you may have some or all of the following rights:
To exercise any of these, reach out using the contact details below. We'll verify your identity and respond within the timeframes the law requires. You also have the right to lodge a complaint with your local data-protection authority.
A summary — see the Security page for the full picture.
Every customer's work runs in a per-agent isolated sandbox. Data is encrypted in transit, access is least-privilege, and agents can only touch the repositories and resources you connect. For the full detail — isolation, access model, GitHub scopes, encryption, and our responsible-disclosure program — see our Security overview.
How we’ll tell you when this document changes.
We may update this policy as the product and the law evolve. When we make material changes, we'll update the “last updated” date at the top and, where appropriate, notify you directly. Continued use of Aria after a change means you accept the revised policy.
How to reach us about your privacy.
For any privacy question, request, or concern, reach our team at privacy@stackbooster.io, or use the contact page. We read every message and aim to respond promptly.
Talk to a human. We're happy to walk through how any of this applies to your company.