Trust & Security

Built from the Ground Up

At Ariso, security isn't a feature — it's our foundation. We take security seriously and are committed to protecting your data and privacy. From day one, we've architected our platform with security at its core, ensuring your data is protected at every layer.

We believe that true innovation requires unwavering trust. That's why we've built a culture where security and privacy are paramount, empowering you to work confidently with your AI companion.

Led by Cybersecurity Experts

Our team includes seasoned professionals from cybersecurity and healthcare industries with decades of combined experience protecting critical systems and sensitive data. We bring enterprise-grade security practices to every aspect of our platform, from infrastructure to application design.

Our Security Practices

Encryption & Data Protection

All data is encrypted using industry-leading standards when stored and transmitted. We apply application-level encryption with individual keys unique to each user or organization.

Zero Trust Architecture

Every access request is verified, regardless of source. Ariso employees cannot view end user data unless explicitly authorized for support.

Real Security Testing

We conduct frequent internal and third-party security assessments, penetration testing to maintain the highest standards.

Audit and Compliance

Built to meet enterprise compliance requirements including SOC 2, GDPR, and more.

Security, Availability, and Confidentiality

Type I audited. Type II pending

Cloud Application Security Assessment

Google Workspace Verified

Data Protection, Retention & Deletion

Your data is protected with multiple layers of encryption and managed according to strict retention policies.

Encryption

Data at rest & in transit: All data is encrypted using industry-leading standards when stored and transmitted.

Per-user encryption: All end-user data is encrypted with a user-specific encryption key unique to you.

Per-organization encryption: All company/organization data is encrypted with an org-specific encryption key.

Enterprise key management: Encryption keys are managed via enterprise-grade HashiCorp Vault.

Retention & Deletion

Active Customer Data

Data is retained for as long as you remain an active customer. You're always in control — you can delete conversations, messages, and any personal data at any time.

Account Closure & Deletion

You can close your account via in-app Account Settings. Upon closure, your encryption key is immediately deleted — rendering all your data cryptographically unreadable. Full data deletion completes within 30–90 days.

Debug & Observability Logs

Application debug logging is automatically deleted after 90 days.

Backups & Disaster Recovery

After account closure, deletions propagate to backups through normal rotation within the 30–90 day window.

How Your Data Flows

Understanding how your data moves through Ari helps you trust the platform. Here's a simplified view of data flows.

You

Messages, notes, files

→

↓

Ari Platform

Encrypted processing

→

↓

Response

Back to Slack/Web

Infrastructure

• Hosting: AWS (US region) with SOC 2 compliance
• Transport: TLS 1.2+ on all communications
• Storage: AES-256 encryption at rest
• Access: Role-based, least privilege

Subprocessors

• LLM Providers: OpenAI, Anthropic, Google (with DPAs)
• Integrations: Slack, Google Workspace, Zoom
• Meeting Transcription: Recall.ai (US)
• Observability: SigNoz, Langfuse

What Data We Process

From You

Chat messages, notes, tasks, file uploads, feedback

From Integrations

Calendar metadata, meeting transcripts, email context

From Admins

User provisioning, org configuration, role assignments

All subprocessors are bound by Data Processing Agreements (DPAs) with equivalent security and retention obligations. Standard Contractual Clauses (SCCs) are applied for cross-border transfers where required.

Privacy Mode

Need a completely private conversation? Just ask Ari to "talk off the record" to start an incognito chat session outside of Slack.

Off the Record

This ensures your conversation is never recorded — neither by Ari nor by Slack. Ari will have access to the same tools and context, but the conversation will be completely forgotten after the chat ends. You're always in control.

Your Responsibility

Ari will only capture information that belongs to you in your personal profile and data archive. As an employee or member of an organization, you are responsible for reviewing your profile and personal data from time to time to adhere to your company's policy and ensure that company confidential data is not captured in your personal profile, notes, preferences, contacts, etc.

Responsible Disclosure

We value the security research community and welcome reports of potential security vulnerabilities. If you believe you've discovered a security issue, please report it to us responsibly.

How to Report

Send detailed information about the vulnerability to security@ariso.ai. Please include:

A clear description of the vulnerability
Steps to reproduce the issue
Potential impact assessment
Any relevant supporting materials

We commit to reviewing and acknowledging valid reports within 5 business days and will work with you to understand and address the issue promptly.

Frequently Asked Questions

We never share your personal data with your employer. Organization data (like company info) is shared among employees, but your individual conversations, notes and reflections remain private to you. Organizational insights are only shared in anonymous, aggregated form.

About Your User Profile: Your user profile is optionally shared with colleagues to facilitate trust, transparency, and communication within your team. This approach is inspired by leadership principles from thought leaders like Ray Dalio, whose Principles emphasize that radical transparency builds stronger teams. When colleagues understand each other's working styles, communication preferences, and strengths, collaboration becomes more effective and friction decreases.

You're Always in Control: You decide what to share and what to keep private in your profile. You can customize your visibility settings at any time, choosing which aspects of your profile are visible to teammates and which remain private to you alone.

Ariso does not share your conversations with your employer. Your organization may have monitoring through their own HR systems or platforms, but this is outside of Ariso's scope and control. Within Ari, your conversations are yours alone.

Yes! You can ask Ari to "talk off the record" to start a private chat session. This "incognito" mode ensures your conversation is never recorded — neither by Ari nor by Slack. Ari retains full access to tools and context during this session, but the conversation is completely forgotten when it ends.

No. Ariso does not use your data for model training. We may use anonymized data to improve our services, but this data is never sent to third parties.

Ariso uses a combination of AI models optimized for different aspects of the service. We continuously evaluate and switch between models to provide the best experience for various use cases.

Yes, you can bring your own models. We currently support OpenAI GPT models and Anthropic Claude models. You can configure your own API keys and specify three models — default, fast, and smart — for different use cases.

No. Ariso employees, including production sysadmins and database admins, cannot view any end user or organization data unless explicitly authorized by the end user or organization for support purposes.

Feedback you provide about the company or team members is shared anonymously unless you specifically request it to be shared directly. Participating in feedback or surveys is never required to use Ari — you're always in control.

Questions?

Our security team is here to help.

Contact Security Team