Trust is the Foundation
Built by cybersecurity experts who've defended the world's most critical systems.
Our team previously built one of the most respected cybersecurity platforms in the industry and defended critical banking systems. That same security DNA is in every line of Ari's code. We never use your data to train our models.
Per-User Encryption
Every message encrypted specifically to you. Not shared. Not pooled. Not used to train models.
Zero Trust Architecture
No implicit trust, no shortcuts. Every request is verified, every response is authenticated.
Your Data, Your Control
Delete what you want, keep what you need. Your conversations are never monitored.
SOC 2 Compliance
Third-party audits are part of our cadence, not a marketing checkbox.
Certifications
Independently Verified
SOC 2
Security, Availability, Confidentiality
Type I audited. Type II pending
Google CASA
Cloud Application Security Assessment
Google Workspace Verified
How We Protect You
Security Practices
Encryption & Data Protection
Data at rest & in transit: All data encrypted using industry-leading standards when stored and transmitted.
Per-user encryption: All end-user data encrypted with a user-specific key unique to you.
Per-organization encryption: All company data encrypted with an org-specific encryption key.
Enterprise key management: Encryption keys managed via enterprise-grade HashiCorp Vault.
Infrastructure
Hosting: AWS (US region) with SOC 2 compliance
Transport: TLS 1.2+ on all communications
Storage: AES-256 encryption at rest
Access: Role-based, least privilege
Transparency
How Your Data Flows
Understanding how your data moves through Ari helps you trust the platform.
You
Messages, notes, files
Encrypted
Per-user keys
Ari Platform
Processed in isolation
Encrypted
Per-user keys
Response
Back to Slack / Web
What Data We Process
From You
Chat messages, notes, tasks, file uploads, feedback
From Integrations
Calendar metadata, meeting transcripts, email context
From Admins
User provisioning, org configuration, role assignments
LLM Providers: OpenAI, Anthropic, Google (with DPAs)
Integrations: Slack, Google Workspace, Zoom
Meeting Transcription: Recall.ai (US)
Observability: SigNoz, Langfuse
All subprocessors are bound by Data Processing Agreements (DPAs) with equivalent security and retention obligations.
Your Rights
Retention & Deletion
Active Customer Data
Data is retained for as long as you remain an active customer. You can delete conversations, messages, and personal data at any time.
Account Closure
Upon closure, your encryption key is immediately deleted β rendering all your data cryptographically unreadable. Full deletion completes within 30β90 days.
Debug Logs
Application debug logging is automatically deleted after 90 days.
Backups
After account closure, deletions propagate to backups through normal rotation within the 30β90 day window.
Privacy Mode
Off the Record
Need a completely private conversation? Ask Ari to βtalk off the recordβ to start an incognito session. The conversation is never recorded β neither by Ari nor by Slack. Ari retains full access to tools and context, but the conversation is completely forgotten when it ends.
Common Questions
FAQ
Trust & Security
Subprocessors
Third-party subprocessors engaged to process customer data. All are bound by Data Processing Agreements (DPAs) with equivalent security and retention obligations.
Infrastructure (compute, storage, database)
LLM inference
LLM inference
Infrastructure, LLM inference
Calendar API, Gmail API, OAuth
Messaging platform
Meeting platform
Meeting transcription
Observability
LLM tracing
Email delivery
Last updated: December 2025