Aria — Privacy Policy

Last updated: 24 June 2026

Aria is a non-commercial, personal application built and operated by one individual for use by that individual and their immediate family only. It is not a product, not a service offered to the public, and not open for registration. No other users are welcome, and no other users will ever be granted access.

Because Aria has no public users, it collects no data from anyone other than its owner and family members who personally connect their own accounts. There is no sign-up, no marketing, no analytics, and no third-party advertising.

1. Who this applies to

This policy covers the owner and family members who choose to connect their own Google account to Aria. Each person connects their own accounts and only ever sees their own data; Aria keeps each person's data isolated.

2. What Google data Aria accesses

When you connect your Google account, Aria requests only the access it needs to do its job. The exact permissions (OAuth scopes) requested are:

openid and userinfo.email — to identify the connected Google account by its email address.
gmail.readonly — to read your email so it can be classified and summarised.
gmail.modify — to apply a processing label to email Aria has already handled (so it is not processed twice). Aria does not delete your email.
gmail.send — to send a reply only when you explicitly choose to send one from within Aria.
drive.file — to create and organise files that Aria itself files into your Google Drive.
drive.readonly — to read documents for classification.
calendar.readonly — to read calendar entries for deadline and expiry awareness.

3. How Aria handles your data

Your files stay in your own Google Drive. Aria files documents into your Drive; it does not copy file contents into its own database.
The database stores metadata and pointers only — things like a document's title, type, a deadline date, and a link back to the file in your Drive. It does not store the contents of your emails or documents.
Your raw email and document content never leaves your control. It is read to produce summaries and classifications and is not republished elsewhere.
Credentials are encrypted. The access tokens used to reach your Google account are encrypted at rest and are never displayed, exported, or written to logs.

4. What Aria does not do

It does not sell, rent, or share your data with anyone.
It does not use your data for advertising or profiling.
It does not use your Google data to train any machine-learning or AI model.
It does not expose your data to other users — there are none.

5. Notifications

Aria can send you outbound notifications (for example, a summary or an alert) to a messaging channel you connect for yourself. These notifications contain only summaries and metadata — never the full content of your emails or documents.

6. Data retention & removal

You can disconnect your Google account at any time, which stops all further access. Because the underlying files live in your own Google Drive, you remain in full control of them and can delete them directly in Drive. On request, the owner can remove the associated metadata from Aria's database.

7. Google API Services compliance

Aria's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Contact

Questions about this policy can be sent to omi.other@gmail.com.