Aries AITrust Documentation · Privacy Rights

Privacy Rights and Compliance Features

What each data-subject-rights feature in the Aries AI platform does, where it lives in the product, and how it is enforced. Every feature described here is implemented in code and running in production, not a policy statement alone.

RightWhere to exercise itWhat happens
Give or view consentRecorded automatically at signupTimestamp, policy version, and signup method stored permanently
Export your dataSettings → Privacy and Data → Download My DataA complete, human-readable file of your account data downloads immediately
Delete your accountSettings → Privacy and Data → Delete My AccountAI paused and billing cancelled immediately; data erased after 30 days
Cancel a deletion requestSame page, while a deletion is pendingAccount and AI assistant reactivate immediately
See who accessed your accountSettings → Audit LogEvery team and support action is listed with time and actor
01

Consent Capture

What it does

An account can only be created after the person signing up actively checks a box agreeing to the Terms of Service and Privacy Policy. This replaced a passive footer link that required no action to proceed.

How it is enforced

  • Covers every path by which an account can be created: signup by email verification code, signup through Google, and the legacy password-based signup form.
  • Each consent event is permanently recorded with the time it occurred, the policy version agreed to, and the signup method used.
  • Enforced on the server, not only in the browser. If a consent record cannot be written for any reason, the account is not created.
  • The consent record is retained even if the account is later deleted, so proof of what was agreed to and when survives account closure.
02

Full Account Data Export

What it does

An account owner or administrator can download a complete, readable copy of the data held about their account in a single file, directly from the dashboard, without contacting support.

What's included

  • Business profile and configuration
  • Team member records
  • Leads and contacts
  • Conversations and messages
  • Bookings and reservations
  • Knowledge base documents
  • Notes attached to conversations
  • The account's consent history

Safeguards

  • Restricted to the owner and administrator roles.
  • Limited to three exports per account per day.
  • WhatsApp API credentials are never included, even though other configuration fields are.
  • Internal identifiers and system-only fields are filtered out before export, so the file reads as an account summary rather than a raw database dump.
  • If any single data category fails to return, the export still completes with everything else rather than failing entirely.
03

Account Deletion

What it does

An account owner can permanently delete their entire account and all associated data directly from the dashboard, with no need to contact support.

Safeguards

  • Restricted to the account owner. No other team role, including administrator, can trigger deletion of the whole account.
  • Requires typing the exact business name as a confirmation step before the request is accepted.
  • The AI assistant is paused and the subscription cancelled immediately once deletion is requested; the account does not keep running or being billed during the grace period.
  • A thirty-day grace period follows the request, during which it can be cancelled and the account fully restored.
  • After the grace period, an automated daily process permanently deletes all remaining account data.
  • A confirmation email is sent at the time of the request, stating the scheduled deletion date and including a direct cancellation link.
04

Automatic Message Retention

What it does

WhatsApp message content older than ninety days is automatically and permanently deleted by an automated process that runs daily, enforcing the retention period stated in the platform's Privacy Policy.

Scope

  • Applies to the content of WhatsApp messages specifically.
  • Lead and contact records are not affected, since they represent an ongoing customer relationship a business needs to maintain. They are only removed through account deletion or a manual action.
  • Runs in batches so the process never locks the underlying table for an extended period, regardless of how much historical data exists.
05

Access and Audit Logging

What it does

Any time Aries AI's internal administrative tools are used to view or modify a specific client's account, whether that is viewing configuration, editing settings, generating a temporary support login, or approving a new signup, the action is recorded automatically and shown on that client's own dashboard, under Settings and then Audit Log.

Why it matters

Entries generated by platform administrative access are visually labeled as support activity and kept separate from actions taken by the client's own team, so a client can independently verify what access has occurred rather than relying on a stated policy.