ARIA is operated by Arkmurus Limited, a company registered in England & Wales. ARIA is a domain-specialised AI assistant for security and defence due-diligence work — see the model card for the capability statement.
Contact for any privacy enquiry, data subject access request (DSAR), or data deletion request: privacy@arkmurus.com (alias of support@arkmurus.com until a dedicated mailbox is provisioned).
This policy covers personal data we process when you:
support@arkmurus.com, privacy@arkmurus.com, aria@arkmurus.com).It does not cover personal data about third parties that you ask ARIA to research (e.g. counterparty due-diligence subjects). That content is processed under your instructions; you are the controller of that data and we act as your processor — see §10.
| Category | Examples | Required? |
|---|---|---|
| Account identifiers | Username, full name, email address, hashed password | Yes |
| Organisation context | Account type (individual / company), company name + country + size, sector, job title | Optional |
| Use-case context | Primary use cases, region focus, languages, volume estimate, compliance needs, free-text purpose statement | Optional |
| Conversation content | The messages you send to ARIA + ARIA's replies | Generated when you use the product |
| Document uploads | PDFs, DOCX, XLSX, images you upload for analysis | Generated when you upload |
| Communication preferences | Notification toggles (digest, flash, push, Telegram), Telegram username | Optional |
| Billing identifiers | Stripe customer ID + subscription ID once you subscribe (no card data — Stripe holds those) | Optional / generated on subscribe |
| Category | Examples |
|---|---|
| Usage telemetry | Daily message counts, daily upload counts, monthly DD-run counts (the per-user quota counters in lib/billing/quotas.mjs and aria_service/intel/user_quota.py) |
| Audit-log entries | Each material claim ARIA produces with timestamp, source citations, confidence tag, source-tier breakdown — hash-chained and HMAC-signed (see model card §7) |
| Cost telemetry | Per-call LLM cost (provider, model, input/output tokens, latency) — used for the monthly cap enforcement |
| Server logs | HTTP request method / path / status / IP address / user-agent for the duration the host (fly.io / seenode) retains them |
We use the following third-party processors. Each receives the minimum data necessary to perform its function:
| Processor | Purpose | What's shared |
|---|---|---|
| Anthropic (Claude) | Primary LLM provider for chat reasoning | Conversation content + system prompt, sent at request time. Subject to Anthropic's terms. |
| DeepSeek, OpenAI, Mistral, Groq, OpenRouter | Fallback LLM providers | Same as Anthropic when a fallback is invoked. |
| OpenSanctions | Sanctions screening | Counterparty entity names submitted via DD orchestrator. |
| Companies House (UK) | Corporate registry lookup | UK company numbers / names submitted during DD. |
| Stripe | Subscription billing (when activated) | Email + name (for the Stripe customer object); Stripe stores card data directly. |
| Fly.io (LHR region) | Hosting the Python brain + persistent volume | All your data at rest. |
| Seenode | Hosting the Node front-end + sweep + WhatsApp listener | All your data at rest. |
| Upstash Redis | Cache + dual-write store for sessions, watchlist, intel ledger | Cached content (conversation summaries, fact records, audit-log entries); content is at rest in Redis. |
| Twilio / Baileys WhatsApp | WhatsApp message transport (when WA channel is active) | Your messages and our replies; subject to Meta's WhatsApp Business terms. |
| Email providers (operator's IMAP/SMTP) | Inbound email ingestion + transactional email | Email content sent to aria@arkmurus.com; outbound notifications. |
We do not sell personal data. We do not use your conversation content to train external LLMs (we have no agreement to send training data to providers — the chat round-trip alone is in scope).
| Data type | Retention |
|---|---|
| Conversation history | Until you delete it (per-conversation delete via DELETE /api/aria/conversations/:id) or you close your account. |
| Account record | Until you close your account; then 30 days for backup before deletion. |
| Document uploads | Bound to the conversation that ingested them; deleted when that conversation is deleted. |
| Audit-log entries | Retained as long as the account exists for evidentiary integrity (these are the hash-chained entries; deleting them would break the chain). On account closure, your audit-log entries are retained in pseudonymised form (user_id only, no email) for 6 years to satisfy potential compliance/legal hold periods. |
| Telemetry counters | Daily counters keyed by UTC date with TTL of 36 hours; monthly counters with 35-day TTL. |
| Server logs | Per host retention (fly.io / seenode default; typically 7–30 days). |
| Backup snapshots | Off-host email backups retained per ARIA_BACKUP_RETENTION_DAYS (default 30 days). |
Under UK GDPR / EU GDPR you have the right to:
/account.html). Others can be corrected via the same email.Our primary infrastructure is in the United Kingdom (fly.io LHR region) and the EU (Upstash, seenode). LLM provider calls may transfer your conversation content to the United States (Anthropic, OpenAI), other EU regions (Mistral, DeepSeek), or Singapore (Groq). All transfers rely on the UK / EU Standard Contractual Clauses (SCCs) where applicable, and on the UK / EU adequacy regulations for the relevant jurisdiction where adequacy applies. We do not transfer data to jurisdictions without an adequacy decision or SCC coverage.
JWT_SECRET env var; the codebase hard-fails at boot if unset).No system is unbreachable. If we discover a breach affecting your data, we will notify you within 72 hours of becoming aware, in line with UK GDPR Art. 33.
When you ask ARIA to investigate a third-party entity (a company, a director, a beneficial owner), ARIA processes that personal data under your instructions. In legal terms, you are the data controller for that processing and we act as your processor.
We will execute a Data Processing Agreement (DPA) with you on request. The DPA aligns with the UK ICO's standard processor terms and includes:
Contact privacy@arkmurus.com to request a DPA.
ARIA is a defence-industry tool intended for professional adults. We do not knowingly collect personal data from anyone under 18. If you believe a minor has registered, contact privacy@arkmurus.com and we will delete the account.
We will publish material changes here and notify registered users by email at least 30 days before they take effect. Non-material changes (clarifications, formatting) take effect on publication.