Built by cybersecurity experts who've defended the world's most critical systems.
Our team previously built one of the most respected cybersecurity platforms in the industry and defended critical banking systems. That same security DNA is in every line of Ari's code. We never use your data to train our models.
Per-User Encryption
Every message encrypted specifically to you. Not shared. Not pooled. Not used to train models.
Zero Trust Architecture
No implicit trust, no shortcuts. Every request is verified, every response is authenticated.
Your Data, Your Control
Delete what you want, keep what you need. Your conversations are never monitored.
SOC 2 Compliance
Third-party audits are part of our cadence, not a marketing checkbox.
Independently Verified

SOC 2
Security, Availability, Confidentiality
Type I audited. Type II pending

Cloud Security Alliance
Responsible AI commitments
AI Trustworthy Pledge

Google CASA
Cloud Application Security Assessment
Google Workspace Verified
Security Practices
Encryption & Data Protection
Data at rest & in transit: All data encrypted using industry-leading standards when stored and transmitted.
Per-user encryption: All end-user data encrypted with a user-specific key unique to you.
Per-organization encryption: All company data encrypted with an org-specific encryption key.
Enterprise key management: Encryption keys managed via enterprise-grade HashiCorp Vault.
Infrastructure
Hosting: AWS (US region) with SOC 2 compliance
Transport: TLS 1.2+ on all communications
Storage: AES-256 encryption at rest
Access: Role-based, least privilege
How Your Data Flows
Understanding how your data moves through Ari helps you trust the platform.
You
Messages, notes, files
Encrypted
Per-user keys
Ari Platform
Processed in isolation
Encrypted
Per-user keys
Response
Back to Slack / Web
What Data We Process
From You
Chat messages, notes, tasks, file uploads, feedback
From Integrations
Calendar metadata, meeting transcripts, email context
From Admins
User provisioning, org configuration, role assignments
LLM Providers: OpenAI, Anthropic, Google (with DPAs)
Integrations: Slack, Google Workspace, Zoom
Meeting Transcription: Recall.ai (US)
Observability: SigNoz, Langfuse
All subprocessors are bound by Data Processing Agreements (DPAs) with equivalent security and retention obligations.
Retention & Deletion
Active Customer Data
Data is retained for as long as you remain an active customer. You can delete conversations, messages, and personal data at any time.
Account Closure
Upon closure, your encryption key is immediately deleted β rendering all your data cryptographically unreadable. Full deletion completes within 30β90 days.
Debug Logs
Application debug logging is automatically deleted after 90 days.
Backups
After account closure, deletions propagate to backups through normal rotation within the 30β90 day window.
Privacy Mode
Off the Record
Need a completely private conversation? Ask Ari to βtalk off the recordβ to start an incognito session. The conversation is never recorded β neither by Ari nor by Slack. Ari retains full access to tools and context, but the conversation is completely forgotten when it ends.