Back to Home

Privacy Policy

Effective Date: January 1, 2025 • Last Updated: January 1, 2025

This Privacy Policy describes how Aarda AI ("we," "us," or "our"), a company established in Stockholm, Sweden, collects, uses, and shares your personal information when you use our interactive storytelling platform and services (the "Service").

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Username and email address
  • Password (securely hashed and encrypted using bcrypt)
  • Profile information (language preferences, billing address)
  • Profile images and user-generated content
  • OAuth account information from social media platforms (Google, Apple, Discord)
  • Email verification status and verification tokens

Communication Data:

  • Messages and conversations with AI characters
  • Customer support communications
  • Email correspondence and verification emails sent via SendGrid
  • Feedback and survey responses

Payment Information:

  • Billing addresses and payment method details
  • Usage tracking for billing (tokens, audio minutes, characters, images)
  • Subscription and payment history
  • Billing cycle information and overage tracking
  • Membership tier information (FREE, PRO)

Content You Create:

  • Stories, characters, and narrative content
  • Uploaded documents and images (stored in AWS S3)
  • Project settings and configurations
  • Session data and conversation states
  • Knowledge bricks and world-building elements
  • Player characters, groups, and scenes
  • Audio recordings for voice interaction

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

Usage Data:

  • Pages visited and features used
  • Time spent on the platform and session duration
  • Usage patterns and preferences
  • Device information and browser type
  • Session activity and inactivity tracking (30-minute timeout)
  • Feature interaction and engagement metrics

Technical Data:

  • IP addresses and approximate geolocation
  • Session data and JWT authentication tokens
  • Log files and error reports via Sentry
  • Performance and analytics data
  • File upload metadata and security validation logs
  • Rate limiting and API usage data
  • WebSocket connection data

2. How We Use Your Information

2.1 Service Provision

  • Providing and maintaining our interactive storytelling platform
  • Processing AI-generated content using OpenAI and other LLM providers
  • Managing user accounts and authentication (including social login)
  • Enabling file uploads and document processing with security validation
  • Facilitating payment processing and billing cycle management
  • Generating images using DALL-E and other AI image generation services
  • Processing audio transcription using Google Speech-to-Text API
  • Managing user sessions and conversation states
  • Providing voice synthesis through ElevenLabs API
  • Storing and retrieving user content via AWS S3 and CloudFront CDN

2.2 Communication

  • Sending transactional emails via SendGrid (account verification, password resets)
  • Providing customer support and technical assistance
  • Sending service announcements and important updates
  • Responding to your inquiries and requests
  • Managing alpha release invitations and access
  • Notifications about billing and usage limits

2.3 Improvement and Analytics

  • Analyzing usage patterns to improve our services (with consent)
  • Debugging technical issues and monitoring performance via Sentry
  • Conducting research and development for new features
  • Generating anonymized analytics and insights
  • Session replay analysis for UX improvements (with explicit consent)
  • A/B testing and feature optimization
  • Error tracking and crash reporting

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 Universal Rights

  • Access: Request copies of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a structured format

6.2 For EU Users (GDPR)

  • Objection: Object to processing based on legitimate interests
  • Restriction: Request limitation of processing
  • Withdrawal: Withdraw consent at any time for consent-based processing
  • Complaints: File complaints with your local data protection authority
  • Automated Decision-Making: Right to human review of automated decisions

6.3 For California Users (CCPA/CPRA)

  • Know: Request details about personal information collected and shared
  • Delete: Request deletion of personal information
  • Opt-Out: Opt out of the sale or sharing of personal information
  • Non-Discrimination: Exercise rights without discrimination
  • Limit: Limit use of sensitive personal information
  • Correct: Request correction of inaccurate personal information

Do Not Sell or Share My Personal Information

We do not sell personal information in the traditional commercial sense. However, California law defines "sale" and "sharing" very broadly to include many common business practices.

What we actually do: Share data with service providers (OpenAI, AWS, Sentry, etc.) to operate our platform, use analytics services to improve our platform (with your consent), and store content in cloud services.

California residents can exercise opt-out rights:

  • Use the "Do Not Sell or Share My Personal Information" link in your account settings
  • Email privacy@aarda.ai with your request
  • We detect and honor Global Privacy Control (GPC) signals by automatically applying privacy-focused cookie settings (essential cookies only)

Note: Opting out may limit some platform functionality, as certain data sharing is necessary for core services.

8. Cookies and Tracking

We use cookies and similar technologies with your consent through our cookie consent banner:

8.1 Essential Cookies (Always Active)

  • Authentication and security tokens (JWT)
  • Core platform functionality
  • User preferences and settings
  • Session management and timeout
  • CSRF protection
  • Rate limiting protection

8.2 Optional Cookies (Require Consent)

Analytics Cookies:

  • Usage statistics and performance monitoring via Sentry
  • Error tracking and debugging information
  • Platform performance metrics
  • Feature usage analytics

Session Replay Cookies:

  • Recording user interactions for debugging (with explicit consent)
  • UX improvement analysis
  • Customer support assistance
  • Sensitive data is automatically masked

Functional Cookies:

  • Enhanced features and personalization
  • Language and preference storage
  • UI state management
  • Remember user choices

Note: You can manage your cookie preferences through our cookie consent banner or privacy settings. Disabling essential cookies may affect platform functionality.

14. Contact Information

For privacy-related questions or to exercise your rights:

Privacy Officer

privacy@aarda.ai

Aarda AI, [STOCKHOLM ADDRESS TO BE INSERTED], Sweden

Phone: [PHONE NUMBER TO BE INSERTED]

Data Protection Officer (EU/UK)

dpo@aarda.ai

Response Times:

  • General inquiries: 5 business days
  • Data subject requests: 30 days
  • Urgent security matters: 24 hours

Additional Options

In-App: Use the privacy settings in your account dashboard

Data Subject Request Form: https://aarda.ai/privacy/data-request

Swedish Data Protection Authority

Authority: Swedish Authority for Privacy Protection (IMY)

Website: www.imy.se

Email: imy@imy.se

Address: Box 8114, 104 20 Stockholm, Sweden

Phone: +46 8 657 61 00

This Privacy Policy represents our commitment to protecting your privacy and complying with applicable data protection laws worldwide.

Terms of ServiceBack to Home