Privacy Policy

Aristotle, Inc. (“Aris,” “we,” “our,” or “us”) is committed to protecting your (“you,” “user,” or “member”) privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit or use our digital services, including www.aris.ai, our mobile applications, AI-powered life coaching services, Aris Dialogues, and other services described herein (collectively, the “Services”).

By using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.

To deliver deeply personalized and emotionally intelligent support, Aris collects certain types of personal data ("Personal Data") from you and about you, always with transparency and care.

Personal Data You Provide

These are details you choose to share with us directly to help Aris understand and support your journey:

• Account Information: Name, contact details, login credentials, date of birth, billing information, and purchase history.
• Self-Shared Insights: Any inputs you provide through the platform—this may include prompts, uploads, transcripts, assessments, reflections, and relationship data shared via Aris Dialogues.
• Coaching and Health Inputs: Information related to your mental, physical, or relational well-being, including connected health or wellness trackers you choose to integrate.
• Communications: Messages or inquiries you send to us through email, support requests, or social media.
• Community and Feedback: Responses to surveys, event participation, identity or age verification, and other forms of feedback that help improve your experience.

Personal Data from Your Use of the Aris Platform

To continuously refine your experience and ensure coaching is timely and responsive, we collect:

• Log Data: Your IP address, browser type, operating system, timestamps, and interactions with our platform.
• Usage Patterns: Content viewed, features accessed, time spent, and behavioral trends.
• Device Details: Device name, type, identifiers, browser version, and settings.
• Location Data: General or specific location, depending on your preferences and permissions.

Cookies and Similar Technologies

We use cookies and similar tracking technologies to personalize content, enhance user experience, and analyze platform usage. For full details—including cookie categories, durations, and how to manage your preferences—please review our Cookie Policy.

Personal Data from Trusted Partners

We may also collect Personal Data from other sources to strengthen safety, personalization, and performance:

• Security and Integrity Providers: To help protect you and others from fraud, misuse, or unauthorized access.
• Marketing and Engagement Partners: To help us reach you in meaningful ways—with your consent.
• Publicly Available Sources: Where legally permissible, to enhance account setup or service personalization.

We use the Personal Data we collect to deliver meaningful, secure, and personalized experiences through Aris. This includes:

• Providing, maintaining, and optimizing our Services so Members can engage with personalized coaching, Dialogues, and related tools.
• Developing and refining our offerings by understanding usage patterns, user needs, and technical performance.
• Communicating with you about your account, session activity, service updates, new features, and promotional content when appropriate.
• Detecting and preventing fraud, abuse, and misuse to help protect Members and maintain a secure environment.
• Fulfilling legal, regulatory, and compliance obligations, including responding to lawful requests and enforcing our terms.
• Generating tailored coaching insights, action plans, and translations using inputs from your sessions and interactions.
• Incorporating connected health data (when enabled) to enhance coaching support and deliver holistic wellness guidance.
• Using aggregated and de-identified data to conduct research, improve our Services, and guide future product development.

When we use de-identified or aggregated data, we apply techniques designed to ensure that such data cannot reasonably be used to re-identify any individual. These techniques comply with applicable legal standards under the CCPA, CPRA, and GDPR. De-identified data is not subject to individual rights under these laws unless it is re-identified.

Additionally, Aris may use Content you voluntarily provide—such as inputs, session feedback, or assessments—to enhance the performance of our AI tools and improve the personalization of your coaching experience, where legally permitted.

At Aris, your data isn’t a product—it’s a responsibility. We only share your Personal Data when it’s essential to delivering your experience, ensuring safety, or fulfilling legal obligations. Here's how and when that happens:

• Trusted Service Providers: We work with carefully vetted partners who help us deliver core infrastructure, analytics, and customer support. These providers operate strictly under our instructions and are contractually bound to uphold Aris’s data protection standards.
• Other Members: When you use features like Aris Dialogues or connect through our Relationships feature, you may choose to share certain Personal Data with another Member. To enable a connection, you must send a request, and the receiving Member must accept it. Once connected, your shared Aris Elements and relevant session data may be visible to that Member during coaching interactions or Dialogues.
• Aris Facilitators: Whether AI-powered or human, our facilitators help guide sessions, translate content, and support action planning. They may access limited session-specific data solely to improve your experience in real time.
• Legal or Regulatory Authorities: We may disclose data when legally required—for example, to comply with a subpoena or protect the rights, safety, or integrity of our Members or platform.
• Corporate Successors: If Aris undergoes a merger, acquisition, or similar change in control, your data may be transferred in accordance with strict confidentiality and privacy commitments.

We Never Sell or Monetize Your Data

Aris does not sell, rent, or share your Personal Data for profit—ever. We do not use your data for ad targeting, cross-context behavioral advertising, or AI model training.

We use your past session data only to personalize your experience in real time—for example, by adjusting tone, remembering key themes, or tracking well-being trends. This personalization is confined to your account and is not used to train or improve the AI models that serve other users.

At Aris, safeguarding your Personal Data is central to how we design and operate our services. We implement a range of technical, administrative, and organizational safeguards—including encryption, access controls, and secure system architecture—to help prevent unauthorized access, data loss, or misuse.

While Aris is not a “covered entity” or “business associate” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we voluntarily align our practices with HIPAA guidelines when handling health-related information. We also require all third-party technology platform partners and infrastructure vendors to meet or exceed applicable security standards, including HIPAA, SOC 2, and ISO 27001.

Aris may integrate with third-party health platforms (e.g., wearables or connected wellness trackers) at your direction. In such cases, Aris acts solely as a consumer-facing platform and does not assume the role of a business associate unless formally agreed to in writing. Aris does not enter into Business Associate Agreements (BAAs) by default and reserves the right to decline any integration that would require such status.

We currently support integrations with select wellness platforms, including Apple Health, Google Fit, Fitbit, and Oura. You control which services are connected and can revoke access at any time through your device or platform settings. We encourage you to review the privacy policies of any third-party platforms you choose to authorize.

Please note: Some health data you share may fall under HIPAA regulations if it originates from or is shared with a healthcare provider. Aris is not a HIPAA-covered entity unless explicitly contracted as such; however, we apply HIPAA-aligned safeguards wherever relevant.

No method of data transmission or storage is completely secure. We encourage all Members to protect their account credentials and exercise care in sharing sensitive information. Aris is not responsible for breaches resulting from the misuse of your login details or from vulnerabilities in third-party platforms or services.

Breach Notification

In the event of a data breach that compromises your Personal Data, Aris will notify affected users promptly, in accordance with applicable laws such as GDPR Article 33 and the CCPA. Notifications will include the nature of the breach, the data affected, potential consequences, and steps taken to mitigate harm.

Depending on your place of residence, you may have certain rights under data protection laws with respect to your Personal Data. At Aris, we respect and support your ability to exercise these rights, which may include:

• Access: You may request a copy of your Personal Data and information about how we process it.
• Correction: You can ask us to correct inaccurate or incomplete Personal Data.
• Deletion: You can request that we delete your Personal Data, subject to certain exceptions.
• Portability: You may request that we transfer your Personal Data to another service provider in a structured, commonly used, and machine-readable format.
• Restriction or Objection: You may request that we restrict or stop processing your Personal Data under certain conditions.
• Withdrawal of Consent: Where we rely on your consent to process data, you can withdraw that consent at any time without affecting prior processing.
• Lodging Complaints: You have the right to file a complaint with your local data protection authority.

Many of these rights can be managed directly through your Aris account settings. If you're unable to exercise your rights through your account, you may contact us at privacy@aris.ai, and we will respond in accordance with applicable laws.

Note on AI-Generated Output Accuracy

The Aris platform delivers insights using Aris Intelligence—our proprietary framework based on Aris Elements (A framework of 35 psychological traits that guide how coaching is delivered), EUA: Exploration → Understanding → Advice (for short-term clarity), EUD: Exploration → Understanding → Development (for structured growth), and established psychological methodologies. We do not provide general-purpose AI responses. All outputs, including coaching advice, session notes, and action plans, are contextually specific to the Aris coaching environment and its developmental framework.

While our systems are designed to provide meaningful, personalized support, certain AI-generated content may occasionally contain factual inaccuracies or misrepresentations. Members may submit correction or removal requests if an output they received contains inaccurate personal information or misaligned recommendations.

To request a correction:

• Submit a support ticket at support.aris.ai
• Our team will acknowledge your request within 48 hours
• We will either correct the content or provide a resolution timeline within 10 business days

If deletion is technically infeasible, Members may request that Aris restrict further processing of the disputed content. This right is recognized and supported in compliance with GDPR Article 16 and applicable U.S. laws.

Please note that the correction process applies only to outputs directly generated by Aris Intelligence systems (e.g., coaching advice, action plans, summaries). We do not support correction requests for interpretations outside the scope of the Aris methodology.

Where Your Data Is Processed

Aris processes Personal Data on servers located in the United States and other jurisdictions. Regardless of location, we apply the protections outlined in this Privacy Policy and use appropriate legal mechanisms to safeguard data during international transfers.

International Users (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or other regions with data protection laws that grant similar rights, you have additional protections under the General Data Protection Regulation (GDPR) and UK GDPR. These include:

• The right to data portability
• The right to object to certain processing, including profiling
• The right to lodge a complaint with a supervisory authority
• The right to withdraw consent at any time, without affecting prior lawful processing

You may exercise these rights by contacting us at privacy@aris.ai . We apply the principles of this Privacy Policy consistently across jurisdictions.

Legal Bases for Processing Personal Data

Aris processes your Personal Data based on one or more of the following legal grounds:

• Your consent
• The necessity of processing to perform a contract with you
• Our legitimate interests (such as improving the platform and ensuring security)
• Compliance with legal obligations

Data Transfers Outside Your Jurisdiction

When we transfer Personal Data outside of your jurisdiction (e.g., from the European Economic Area (EEA) or United Kingdom), we rely on approved legal safeguards, including the European Commission’s Standard Contractual Clauses (SCCs). Where required under applicable law—such as following the Schrems II decision—Aris conducts Transfer Impact Assessments (TIAs) to evaluate the legal environment of the recipient country and ensure that transferred data is subject to safeguards that are essentially equivalent to those under the GDPR.

For all privacy-related inquiries or to exercise your rights, you may also contact our Data Protection Officer (DPO) at dpo@aris.ai .

Automated Decision-Making and Profiling

Aris uses AI-powered tools, including Aris Intelligence, to generate personalized coaching insights, session summaries, and action plans. While these outputs are algorithmically generated based on the information you provide, they do not involve any legal or similarly significant effects on you within the meaning of Article 22 of the GDPR.

While Aris does not engage in automated decision-making that produces legal or similarly significant effects, we do use behavioral data and session patterns to deliver personalized coaching insights. This may constitute profiling under certain privacy laws.

Because personalized coaching is central to the Aris experience, this type of profiling is necessary to provide our Services and is based on our legitimate interests. If you object, we will review your request on a case-by-case basis. However, please note that objecting to such profiling may limit or disable key functionality of the platform.

You may submit an objection or request human review by contacting privacy@aris.ai.

Limitations of AI-Generated Content

Coaching insights or action plans generated by Aris Intelligence are not medical, psychological, therapeutic, or legal advice. Members are encouraged to apply personal discretion and consult appropriate professionals when making decisions based on AI-generated outputs. Aris does not use these outputs to make decisions that produce legal or similarly significant effects on individuals.

You have the right to request human review of any AI-generated output you believe to be materially inaccurate or consequential. You may also object to automated processing or restrict its use by contacting .

Under global data protection laws such as the GDPR and UK GDPR, entities processing personal data are categorized as either “controllers” or “processors.” Aris, depending on the context, may act in either capacity:

When Aris Is a Data Controller

Aris acts as a data controller when it determines the purpose and means of processing personal data—for example:

• Operating the Aris platform and mobile applications
• Delivering personalized coaching through Aris Intelligence
• Managing Member accounts, analytics, billing, and product development
• Enhancing platform features using aggregated, de-identified data

In these cases, Aris makes independent decisions about how and why data is used to support coaching and user experience.

When Aris May Act as a Data Processor

Aris may act as a data processor when processing personal data solely on behalf of another party and according to their instructions. This may occur in the following contexts:

• Enterprise or institutional contracts (e.g., Aris deployed by an employer, school, or partner organization)
• Facilitated Dialogues or shared sessions hosted by third-party administrators
• API-based integrations where Aris processes user data at the direction of another controller

In these cases, Aris will enter into a Data Processing Agreement (DPA) and comply with applicable controller instructions, including access, retention, and deletion obligations.

Data Protection Impact Assessments (DPIAs)

Where required under applicable laws such as the GDPR or UK GDPR, Aris conducts Data Protection Impact Assessments (DPIAs) for processing activities that may present a high risk to individual rights and freedoms—such as the large-scale use of sensitive health data or behavioral profiling. These assessments evaluate the necessity, proportionality, and risks associated with such processing, and guide the implementation of appropriate safeguards.

If you are uncertain about the role Aris plays in your specific use case, please contact us at dpa@aris.ai for clarification or a copy of our standard DPA.

At Aris, your privacy is a responsibility we take seriously. We only retain your Personal Data for as long as it’s needed—to provide meaningful, secure, and personalized support, fulfill business and operational obligations, or comply with applicable laws and regulations.

The duration of data retention depends on several key factors, including:

• Purpose of Use: Whether the data is essential for delivering core Services such as coaching insights, Aris Dialogues, relationship features, or user personalization.
• Type and Sensitivity: The nature of the information shared, and how sensitive or personal it is.
• Risk Considerations: The potential for harm in the event of unauthorized access or misuse.
• Legal and Regulatory Requirements: Any obligations we are bound to under the law.
• Your Preferences and Settings: In many cases, your settings influence how long we retain data. For example, Aris Chat Coaching Sessions, Aris Dialogues, or Private Sessions may be automatically deleted after a defined period of inactivity.

Members have full control over their data and can manage or delete their session history at any time. The following principles apply to session visibility, deletion options, and retention timelines:

• Privacy Chat Coaching Sessions and Aris Dialogues are confidential spaces. These sessions are not visible in reports, not shared, and not incorporated into Aris’s core coaching systems.
• Members may delete any individual session or a range of sessions (e.g., all sessions between specific dates) at their discretion.
• Once deleted by a Member, data enters a 30-day secure hold period for abuse monitoring or fraud prevention, after which it is permanently deleted.
• Upon account cancellation, Members may elect to have all data and coaching history deleted. If selected, the data is deleted 30 days after account closure.
• If Members do not request deletion at closure, their data is securely encrypted and retained for up to 12 months to enable potential reactivation. After 12 months, it is permanently deleted.

Data Retention Summary Table

We continuously review and refine our data retention and deletion practices to ensure they reflect evolving standards, legal obligations, and our commitment to Member trust. Our goal is to provide clear, user-controlled data lifecycles—so your information is retained only as long as necessary, and always with care, consent, and transparency.

Aris is designed for individuals aged 13 and older. We do not knowingly collect or process Personal Data from children under the age of 13. If we discover that we have inadvertently collected data from a child under 13, we will promptly delete it from our systems.

For users between the ages of 13 and 17, additional safeguards apply:

• You may only use Aris with the verifiable consent and active involvement of a parent or legal guardian.
• Parents or guardians must initiate the invitation through their own Aris account and purchase the Membership on behalf of the child.
• We may require additional verification steps to confirm the identity and consent of the parent or guardian before granting access to the child.

In addition to COPPA, Aris aligns with state-specific youth data protections such as California’s Age-Appropriate Design Code Act (AADC) to ensure that platform design and data practices prioritize the well-being of minors.

This policy is enforced worldwide, regardless of local age of digital consent laws, to ensure a consistent and protective standard for younger Members.

Age of Digital Consent by Jurisdiction

While Aris applies a standard parental consent model globally for users aged 13–17, we recognize that some countries or jurisdictions establish a higher digital age of consent (e.g., 14–16 years under GDPR Article 8). Where applicable, we will request verifiable parental consent in accordance with local laws to ensure lawful access and use by minors.

If you believe a minor has used Aris without proper authorization, please contact us at privacy@aris.ai. We will promptly investigate and take appropriate action. You may also reach our Data Protection Officer regarding any concerns involving minors at dpo@aris.ai.

At Aris, privacy isn’t an afterthought—it’s foundational. From the first line of code to every new feature, we embed privacy protections into the heart of our technology, policies, and culture.

We follow the principles of Privacy by Design, ensuring that data protection is proactive, not reactive. This means:

• You stay in control: The data you share belongs to you. You decide what is shared, for what purpose, and for how long.
• No model training: We do not use your personal inputs, coaching conversations, or health information to train AI models.
• Minimization and necessity: We only collect the information needed to provide meaningful support—and nothing more.
• Secure by default: Our systems are built to meet or exceed industry standards for encryption, access control, and data handling.
• Regulatory alignment: Our privacy practices are designed to comply with global data protection laws, including the GDPR, CCPA, HIPAA (where applicable), and other relevant frameworks.

By honoring both your autonomy and legal protections, we aim to create a safe space where you can engage openly, knowing your data is handled with care, integrity, and transparency.

Sensitive Data and Voice Recognition

Aris may collect and process sensitive Personal Data, such as information related to your mental or physical health, relationship status, or other personal insights you choose to share. We use this data only to support your personalized experience—and only with your explicit consent.

We do not process sensitive data for targeted advertising, profiling, or to infer characteristics beyond what you explicitly disclose.

Consent and Control of Sensitive Data

When you share sensitive Personal Data—such as health insights, relationship history, or psychological inputs—Aris will request your explicit consent before processing that data. Consent may be collected through checkboxes, onboarding flows, or specific feature settings within the platform.

You may withdraw this consent at any time through your account settings or by contacting privacy@aris.ai. Once consent is withdrawn, we will discontinue processing of that sensitive data, except where we are legally required or permitted to retain it.

Use of Voice Recognition

Aris uses voice recognition technology strictly for the benefit of the individual Member and only with the Member’s express consent. Voice data is never shared, accessed, or used by third parties or facilitators. It is used solely in the following cases:

• To enhance security and verify Member identity, if enabled by the Member
• To support Aris Dialogue sessions and improve coaching interactions in real time
• To enable optional personalization features controlled exclusively by the Member

All voice recordings and transcripts are encrypted both in transit and at rest using industry-standard encryption protocols. When not in active use, voice data is stored in an encrypted format inaccessible to any third party. If a Member cancels their account, all voice data is immediately and permanently deleted from our systems, including any encrypted storage.

Aris does not create, collect, or store biometric identifiers or templates (including voiceprints) unless legally required and only with separate, written, and informed consent in accordance with applicable biometric privacy laws such as Illinois BIPA, Texas CUBI, and California CPRA. Aris also complies with other applicable state biometric privacy laws such as Washington’s HB 1493. Consent is explicitly obtained wherever biometric data is processed. Aris does not use biometric data for profiling, targeted advertising, or model training under any circumstances.

In jurisdictions where biometric privacy laws apply, Members will be presented with a biometric-specific consent form before enabling voice recognition features. Members may revoke this consent at any time through their account settings or by contacting privacy@aris.ai.

At Aris, honoring your privacy isn’t just a standard—it’s part of our foundation. Certain U.S. state laws, including the California Consumer Privacy Act (CCPA) and others, require us to share specific details about how we collect, use, and share your Personal Data.

In addition to California's CCPA and CPRA, Aris complies with other U.S. state privacy laws where applicable, including Virginia’s VCDPA, Colorado’s CPA, Connecticut’s CTDPA, and Utah’s UCPA. These laws may provide additional rights such as opt-out from profiling or expanded appeals.

Below is a simplified and transparent overview of how we use different types of data to support your experience with Aris, and with whom it may be shared:

Your Privacy Rights

Depending on where you live, and subject to legal exceptions, you may have the right to:

• Know what Personal Data we collect and how we use it
• Access a copy of your Personal Data in a portable format
• Request correction of inaccurate or outdated information
• Ask for your Personal Data to be deleted
• Be free from discrimination for exercising your privacy rights

Aris does not sell your Personal Data. We do not share it for cross-contextual behavioral advertising, nor do we process it for targeted advertising or inference of sensitive characteristics.

Exercising Your Rights

You can submit a request at privacy.aris.ai (opens support form) or by emailing support@aris.ai. We may request verification to protect against unauthorized access or fraudulent activity. If we can’t verify your identity, we may be unable to fulfill your request.

Authorized Agents

You may designate someone to act on your behalf. To do so, your authorized agent must provide written permission, and you may also be required to verify your identity directly with us.

Appealing a Decision

If you disagree with a decision related to your privacy request, you may have the right to appeal. Appeals can be submitted by emailing privacy.aris.ai with the subject line: “Privacy Rights Appeal.”

Appeals must be submitted within 60 days of the original decision. Aris will acknowledge your appeal within 10 business days and respond with a final decision within 45 days. If unresolved, you may escalate the appeal to our Data Protection Officer at dpo@aris.ai.

Do Not Track Signals

Aris does not currently respond to Do Not Track (DNT) signals from web browsers. However, we respect your privacy choices and offer detailed settings via your account and Cookie Policy.

At Aris, transparency isn’t a formality—it’s a promise. From time to time, we may update this Privacy Policy to reflect new features, evolving standards, or legal requirements.

Whenever we make a meaningful change, you’ll always find the most current version—along with its effective date—right here on this page. If any update significantly impacts your rights or how your data is handled, we’ll make sure to notify you in a clear and timely way, as required by law.

We are committed to making this Privacy Policy accessible to all users. If you need this policy in an alternative format or language, please contact us at privacy@aris.ai, and we will provide a version that meets your accessibility needs.

Privacy Contact Information

For general privacy inquiries: privacy@aris.ai

For DPO-specific matters (e.g., GDPR or EU/UK inquiries): The Aris Data Protection Officer (DPO) operates independently and in accordance with GDPR Article 38. The DPO’s responsibilities include monitoring compliance, advising on data protection obligations, and serving as a point of contact for data protection authorities and affected individuals. You may contact our DPO at dpo@aris.ai