what we hold.
EFFECTIVE · 2026-05-09
aria is a voice-first companion that calls you, listens, remembers, and shows up. that requires holding personal things — your voice, your conversations, your memories. this page explains exactly what we hold and what we don't.
we are a solo developer running this as a personal project. no ads, no analytics SDKs, no data brokers, no advertiser pixels. we don't sell anything to anyone.
the short version
- we collect what's needed to run the calls + remember what you said.
- your voice audio is transcribed in real time, then discarded — we don't keep raw audio bytes.
- your text transcripts and the memories aria extracts from them stay in our database so she can recall them next call.
- you can delete any single memory or your entire account at any time. account deletion cascades through everything.
- nothing leaves the platform for advertising.
what we collect
identifiers
| field | source | why |
|---|---|---|
| phone number (E.164) | you, on signup | account identity, SMS OTP, calling |
| display name | you | so aria can use your name |
| user UUID | generated server-side | internal account key, never shown to you |
| apple subscription token (planned) | your device, on subscribe | link your apple subscription to your account — apple handles all card data |
voice + transcripts
during a call, your voice is captured and streamed to google cloud speech-to-text for real-time transcription. we do not retain raw audio bytes. the audio is only buffered through the live transcription stream during the call, then discarded.
text transcripts of your calls are stored in our database so aria can recall them next time. they stay until you delete them.
aria's spoken responses are synthesized by elevenlabs from text. the audio is streamed live to you and not retained server-side.
derived memories
after every call, aria runs a memory-extraction pass on the transcript. she pulls out three kinds of things:
- facts — durable things about you ("you have a dog named mango")
- moments — events with a time anchor ("the funeral was on the 18th")
- todos — things you said you'd do, with optional deadlines and status
plus a short call summary per call, and any tags you applied verbally. all stored in our database with a vector index so aria can find the right memory at the right moment.
web searches
when you ask aria to look something up mid-call, we record the query and the results. each search has a non-enumerable random share token — only resolves to a public page if you explicitly tap "share."
authentication artifacts
on your phone: session tokens stored in the iOS keychain — per-app, not iCloud-backed, only available after first unlock.
on the server: a one-way hash of your refresh token plus its timestamps. we never store the raw token, which means a server breach doesn't leak active sessions.
what we explicitly do not collect
- precise location
- contacts, photos, calendar
- health metrics, fitness data, biometrics
- financial accounts, browsing history outside the app
- social network identifiers
- device IDFA / IDFV for advertising
- government IDs
no third-party analytics SDKs (no firebase analytics, no mixpanel, no amplitude, no segment). no ad SDKs. no marketing pixels.
where data lives
your data lives in two places: on your phone, and on our servers (cloud infrastructure operated by us, hosted in regions chosen for low-latency to the operator).
| data | where |
|---|---|
| session tokens | your phone (iOS keychain) |
| account info, call records, memories, transcripts, summaries | our database (encrypted at rest + in transit) |
| raw voice audio | nowhere — discarded after live transcription |
we use industry-standard cloud providers for storage and compute. all traffic is TLS-encrypted in transit. we don't ship your data to any region or sub-processor not listed below.
retention
- memories: indefinite by default — aria's value comes from long memory. you can delete any single memory in-app.
- conversation transcripts: indefinite. cascade-deleted when you delete your account.
- call summaries: indefinite, same cascade.
- web searches: indefinite, same cascade.
- refresh tokens: 30 days from issue, then expire. revoked on logout.
- raw voice audio: never persisted — discarded after live STT consumes it.
your rights
you control your data. you can:
- see what aria remembers — every memory is visible in the in-app memory timeline
- delete any single memory — tap "forget" on any memory card; the row is removed immediately
- delete your entire account — settings → delete account. cascades through everything — account, calls, transcripts, memories, summaries, searches, tokens. session tokens on your phone are wiped client-side.
- export — email aria@paralleluniverse.ai and we'll send you everything we hold within 30 days
third parties we send data to
all of these operate under their own privacy policies. we minimize what we send to each one to what's needed for that specific function. none of them receive your data for advertising.
| service | what we send | why |
|---|---|---|
| anthropic claude (via google vertex AI) | conversation context, your messages, memory snippets | aria's reasoning + memory extraction |
| google cloud speech-to-text | voice audio frames during live calls | real-time transcription |
| google cloud vertex AI embeddings | memory text snippets | semantic memory search |
| elevenlabs | text aria generated | voice synthesis |
| twilio verify | your phone number, SMS code | OTP signup |
| twilio programmable voice | your phone number, call control | placing calls over the carrier |
| twilio NTS | signaling only — no user content | WebRTC NAT traversal |
| duckduckgo + crawl4ai | your search query | looking things up mid-call |
| apple push notification service (planned) | device push token | delivering scheduled-call rings via PushKit |
security
- identity: phone + SMS one-time code via Twilio Verify. no email, no password to leak.
- session tokens: short-lived, rotated quietly in the background. nothing valuable lives on your phone for long.
- per-request authorization: every endpoint that touches your data verifies who you are and that the resource is yours. there is no "trust the client" path.
- transport: TLS on every connection, in every environment, no exceptions.
- secrets: kept out of source control; stored in environment-isolated, access-controlled secret stores.
children
aria isn't built for users under 13. we don't knowingly collect data from children. if you believe a child has signed up, email aria@paralleluniverse.ai and we'll delete the account.
changes to this policy
if we make material changes (e.g. adding a new third-party service, changing retention defaults), we'll update the effective date at the top of this page and notify active users by SMS or in-app banner.
operator + jurisdiction
aria is operated by an individual developer based in india. data is processed in google cloud regions chosen for low-latency to the operator. we don't currently offer regional data residency choices.
if you want a region-specific arrangement (EU, UK, US), email and we'll talk.
questions? aria@paralleluniverse.ai