Aries AITrust Documentation · Security

Security and Data Protection Documentation

How the Aries AI platform stores client data, isolates it between accounts, controls who can access it, and what technical safeguards apply to the AI assistant itself. Maintained as a standing reference for security review, procurement, and compliance purposes.

01

System Architecture and Hosting

Aries AI is a WhatsApp business automation platform. The application runs on Vercel. The primary database runs on Supabase, which itself runs on Amazon Web Services. AI reply generation is performed by Google Cloud's Vertex AI service. Messages are sent and received through Meta's WhatsApp Business Platform, the only channel through which a WhatsApp Business API integration can operate.

No client data is stored on an individual laptop, personal device, or non-production system at any point in the pipeline.

02

Data We Process

On behalf of each client, the platform processes the following categories of data:

  • Customer contact details provided during a WhatsApp conversation, such as a name, phone number, or email address.
  • The content of WhatsApp messages exchanged between the client's customers and the client's WhatsApp number.
  • Lead, booking, and reservation records generated from those conversations.
  • The client's own business configuration, including knowledge base content, working hours, staff contact details, and WhatsApp credentials.

The platform does not knowingly collect special category or sensitive personal data such as health records, financial account numbers, or government identification numbers, beyond what a customer may choose to type into a chat message of their own accord.

03

Subprocessors and Data Location

The following third parties process data on behalf of Aries AI clients, each limited to what is necessary to provide the service described above.

SubprocessorPurposeData location
Meta Platforms, Inc.Delivery and receipt of WhatsApp messagesMeta infrastructure
Google Cloud Platform (Vertex AI)Generates AI reply content from message text and the client's knowledge baseus-central1, USA
Supabase, hosted on AWSPrimary application databaseap-south-1, Mumbai
VercelApplication hosting and serverless computeGlobal edge
Razorpay Software Pvt. Ltd.Subscription billingIndia
ResendTransactional email deliveryUSA
04

Multi-Tenant Data Isolation

Aries AI serves many client businesses from a single, shared application. Every database table that holds client data includes a tenant identifier, and every query is scoped to that identifier by Postgres Row Level Security, a database-level access control mechanism rather than a rule enforced only in application code. In practice, isolation between clients holds even if a specific application route contained a bug, because the database itself refuses to return another client's rows to a session that isn't authorized for them.

05

Encryption

  • WhatsApp API credentials, including access tokens and app secrets, are encrypted at rest using AES-256-GCM and are never stored or transmitted in plaintext.
  • The encryption key is versioned, so credentials can be re-encrypted under a new key without service interruption if a key ever needs to be rotated.
  • All traffic between a client's browser and the application is encrypted in transit using HTTPS, enforced with an HTTP Strict Transport Security header.
  • Underlying storage is encrypted at rest by the cloud infrastructure providers, Amazon Web Services and Google Cloud.
06

Network and Application Security

  • A Content Security Policy header restricts which origins the application may load scripts, styles, and connections from, including limiting WebSocket connections to the platform's own Supabase project rather than any arbitrary host.
  • Incoming webhooks from Meta are verified using HMAC signature checking before their contents are trusted. Unsigned webhook requests are rejected in production when no signing secret is configured, rather than silently accepted.
  • File uploads are validated by inspecting the file's binary header, not merely its declared file type, to block executable files disguised with an innocuous extension.
  • Session tokens are set as HTTP-only, secure cookies and are never returned in a JSON response body, preventing them from being read by client-side scripts or leaked into logs.
  • Values used in CSV exports are sanitized against formula injection, where a spreadsheet cell beginning with a special character would otherwise execute as a formula when opened.
07

Administrative Access Control

Operating a hosted, multi-tenant platform requires some administrative path that is not subject to the same per-client isolation described above. This is true of any hosted software service and is not unique to Aries AI. What matters is how narrowly that access is held and how visible its use is to the client.

  • The administrative credential capable of bypassing per-client isolation is held only in server-side environment configuration. It is never sent to a browser and cannot be extracted by inspecting the website.
  • Exactly one account is flagged as a platform administrator, gated by a server-side check against a specific, fixed email address, not any value a user can influence.
  • Administrative tools used to configure a client's WhatsApp credentials, approve a new signup, or generate a temporary support login are each independently gated behind that same platform administrator check.
08

Access and Audit Logging

Every time platform administrative access is used against a specific client's account, whether to view or edit that client's configuration, generate a support login on their behalf, or approve their signup, the action is recorded automatically and shown on that client's own dashboard, under Settings and then Audit Log. Entries are labeled distinctly as support activity, separate from actions taken by the client's own team. The log is written by the system at the moment the action occurs, so a client can independently verify what access has taken place rather than relying on a stated policy alone.

09

AI Safety and Content Guardrails

  • Incoming messages are screened for known prompt injection and jailbreak patterns before being passed to the AI model.
  • AI responses are screened for accidental leakage of internal system instructions before being sent to a customer.
  • The AI is explicitly instructed, in every request, never to invent information about a business it has not been given, and to say so and defer to a human team member rather than guess.
  • Permission and policy questions, such as whether something is allowed on a client's premises, are treated as the highest-risk category: the AI will not answer yes or no unless that exact policy is explicitly stated in the business's own information, regardless of how confident the underlying model reports itself to be.
  • Out-of-scope requests, such as questions about investment advice, illegal activity, or self-harm, are intercepted and redirected before reaching the AI model.
10

Rate Limiting and Abuse Prevention

Sensitive and high-volume endpoints are protected by rate limits scoped to the account or IP address making the request, including account signup, verification code requests, full data exports, and bulk contact exports. This prevents a compromised account or automated script from repeatedly pulling an entire client's data or exhausting shared resources.

11

Data Subject Rights

Clients can independently exercise the following rights directly from their own dashboard, without needing to contact support: access and correction of their stored data, export of their full account data, and permanent account deletion. Consent to the platform's Terms of Service and Privacy Policy is recorded at the point of signup with a timestamp and policy version. These features are documented in full in the companion document, Privacy Rights and Compliance Features, linked below.

12

Incident Response

In the event of a confirmed unauthorized access to or disclosure of client data, affected clients are notified without undue delay, describing the nature of the incident, the data affected, and the remedial steps taken. The specific notification timeline and process are set out in the Data Processing Agreement between Aries AI and each client.

13

Compliance Alignment

The controls described in this document are designed with reference to the principles of the General Data Protection Regulation and India's Digital Personal Data Protection Act, 2023, including data minimization, purpose limitation, the right to erasure, and accountability through logging. This document does not constitute a legal certification of compliance with any specific framework.