What each data-subject-rights feature in the Aries AI platform does, where it lives in the product, and how it is enforced. Every feature described here is implemented in code and running in production, not a policy statement alone.
| Right | Where to exercise it | What happens |
|---|---|---|
| Give or view consent | Recorded automatically at signup | Timestamp, policy version, and signup method stored permanently |
| Export your data | Settings → Privacy and Data → Download My Data | A complete, human-readable file of your account data downloads immediately |
| Delete your account | Settings → Privacy and Data → Delete My Account | AI paused and billing cancelled immediately; data erased after 30 days |
| Cancel a deletion request | Same page, while a deletion is pending | Account and AI assistant reactivate immediately |
| See who accessed your account | Settings → Audit Log | Every team and support action is listed with time and actor |
An account can only be created after the person signing up actively checks a box agreeing to the Terms of Service and Privacy Policy. This replaced a passive footer link that required no action to proceed.
An account owner or administrator can download a complete, readable copy of the data held about their account in a single file, directly from the dashboard, without contacting support.
An account owner can permanently delete their entire account and all associated data directly from the dashboard, with no need to contact support.
WhatsApp message content older than ninety days is automatically and permanently deleted by an automated process that runs daily, enforcing the retention period stated in the platform's Privacy Policy.
Any time Aries AI's internal administrative tools are used to view or modify a specific client's account, whether that is viewing configuration, editing settings, generating a temporary support login, or approving a new signup, the action is recorded automatically and shown on that client's own dashboard, under Settings and then Audit Log.
Entries generated by platform administrative access are visually labeled as support activity and kept separate from actions taken by the client's own team, so a client can independently verify what access has occurred rather than relying on a stated policy.