Privacy Policy

Aristotle, Inc. (“Aris,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard Personal Data when you access or use our digital services, including www.aris.ai, our mobile applications, supported web-based interfaces, voice and text-based conversational features, personalized growth programs, and related services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

The Services are intended only for individuals 18 years of age or older. Aris does not knowingly collect Personal Data from anyone under 18. If we become aware that Personal Data from someone under 18 has been collected, we will take steps to delete it promptly. Please contact privacy@aris.ai if you believe this has occurred.

• Personal Data: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) to an individual.
• User Content: Information you submit through the Services, including voice and text conversations, prompts, reflections, uploads, responses, and transcripts.
• De-Identified Data: Data processed so that it cannot reasonably be used to identify an individual, using technical and organizational safeguards.
• Aggregated Data: Data combined across multiple users such that individual identities are not discernible.

A. Personal Data You Provide

• Account Information: name, email address, phone number, login credentials, account settings, preferences.
• Eligibility Verification Information: work or institutional email address and confirmation status (where access is provided through an employer, university, healthcare system, union, or similar institution).
• Billing Information: subscription status and transaction history (payment details are processed by third-party processors or Apple/Google where applicable).
• User Content: voice and text interactions, prompts, reflections, uploads, assessment responses, and other information you choose to share.
• Communications: messages sent to support, feedback, surveys, or inquiries.

B. Personal Data Collected Automatically

• Device & Technical Data: device type, operating system, app/browser version, language, device identifiers, crash logs, diagnostics.
• Usage Data: features used, session duration, interaction patterns, performance metrics.
• Log Data: IP address, timestamps, referral URLs.
• Approximate Location: inferred from IP address (e.g., city/state). Precise location is collected only if you enable it through device permissions.

C. Cookies and Similar Technologies

We use cookies, SDKs, and similar technologies for authentication, security, preferences, analytics, and performance. Where required by law, consent controls are provided.

D. Data from Third Parties

We may receive limited data from:

• app stores and payment processors (subscription status),
• security and fraud-prevention providers,
• institutions only to confirm eligibility, never session content.

We use Personal Data to:

• provide and operate the Services, including conversational interaction and personalized growth programs;
• maintain continuity and relevance within your individual account;
• verify and administer institutional access eligibility;
• process subscriptions and transactions;
• communicate service, security, and support information;
• secure, debug, and maintain platform reliability;
• comply with legal obligations and enforce our Terms of Service.

A. User-Specific History and Personalization

Aris maintains conversation history, recurring themes, and session context within an individual Member’s account solely to benefit that Member. This information:

• is not shared with other users,
• is not pooled to personalize experiences for others,
• is used only to support continuity, relevance, and insight for that individual.

Members may manage or delete their session history through account settings, subject to retention and security requirements

A. Framework, Validity, and Predictive Improvement

Aris may create and use de-identified and aggregated data derived from Member interactions, assessments, usage patterns, and system outputs to improve the quality, accuracy, reliability, and effectiveness of the Services and Aris Intelligence.

This includes, without limitation:

• results and distributions generated through the Periodic Table of the Self^™, including element activation levels and balance patterns;
• high-level demographic or contextual attributes (such as age range, region, country, state, career category, or role) that do not identify individuals;
• correlations, trends, and predictive signals related to balance restoration, outcomes, and system performance;
• internal research, validation, reliability, and bias-detection studies.

Such data:

• does not include names, emails, phone numbers, precise locations, account IDs, or direct identifiers;
• is processed using safeguards designed to reduce the risk of re-identification;
• is not used for targeted advertising or cross-context behavioral advertising.

B. Aggregated Insights, Reports, and Commercial Use

Aris may use, publish, license, or sell aggregated, anonymized, or de-identified insights, analytics, benchmarks, or reports to third parties (including institutions, researchers, or commercial partners), provided that such materials do not identify any individual Member.

This activity:

• does not constitute a sale or sharing of Personal Data under applicable privacy laws;
• is not subject to individual access, correction, or deletion rights where permitted by law.

C. No Training of General AI Models on Personal Session Content

Aris does not use private User Content to train or improve general-purpose AI models that serve other users. De-identified and aggregated analytical data may be used to evaluate and improve Aris Intelligence and its proprietary frameworks.

We do not sell Personal Data.

A. Service Providers

We share Personal Data with vetted service providers who operate infrastructure, analytics, support, payments, security, and fraud prevention. They act under contract and process data only on our instructions.

B. AI Processing Providers (LLM / Speech / Inference)

To deliver features such as voice and text interactions, Aris may share User Content and related technical data with specialized AI processing providers. These providers act as processors and are contractually prohibited from using Personal Data for their own purposes (including training their general models).

C. Relational Features

If you choose to connect with another Member, you may share certain information through affirmative actions (request/accept). You control and may revoke these settings.

D. Legal, Safety, and Compliance

We may disclose Personal Data where reasonably necessary to:

• comply with law, subpoena, court order, or lawful government request;
• protect the rights, safety, and security of Aris, Members, or others;
• investigate fraud, misuse, or security incidents;
• enforce our agreements.

Where legally permitted, we may attempt to provide notice before disclosure.

E. Business Transfers

Personal Data may be transferred as part of a merger, acquisition, restructuring, financing, bankruptcy, or sale of assets, subject to appropriate protections.

Certain information you choose to share may be considered “consumer health data” under laws such as Washington’s My Health My Data Act or similar statutes. Aris:

• does not sell consumer health data;
• does not use it for targeted advertising;
• does not engage in prohibited geofencing practices.

You may secure access to the Services using your device’s biometric authentication features. Biometric templates (e.g., faceprints or fingerprints) are generally stored and processed on your device. Aris typically receives only an authentication result (success/failure) and does not store biometric templates. If biometric identifiers were ever collected by Aris, additional notice and consent would be provided.

We implement administrative, technical, and organizational safeguards to protect Personal Data, including encryption, access controls, monitoring, and vendor security requirements. No system is completely secure, and you are responsible for protecting your credentials.

HIPAA Positioning: Aris is not a HIPAA covered entity or business associate unless explicitly agreed in writing for a specific arrangement.

If a data breach affecting your Personal Data occurs, we will notify affected users and/or regulators as required by applicable law.

We retain Personal Data only as long as reasonably necessary to provide the Services, comply with legal obligations, protect security, and enforce agreements.

Typical Retention Framework

• Account Information: retained while active; deleted upon request or closure, subject to legal/security holds.
• User Content: retained for continuity until deleted by the Member or account closure, subject to holds.
• Deleted Content Hold: up to 30 days for fraud and security review, then deleted or de-identified.
• Closed Accounts: certain data may be retained up to 12 months to support reactivation, then deleted or de-identified unless required by law.
• Billing Records: retained as required for accounting and compliance.

Depending on your location, you may have rights to access, correct, delete, or obtain a copy of your Personal Data, and to object or opt out of certain processing where required by law. Requests may be submitted to privacy@aris.ai. We may verify your identity before responding.

GDPR / UK GDPR

For EEA/UK users, we process Personal Data based on consent, contract necessity, legitimate interests, and legal obligations. International transfers may rely on Standard Contractual Clauses and related safeguards.

If you connect third-party services, those services process data under their own privacy policies. Review third-party terms before enabling integrations.

We may update this Privacy Policy from time to time. Material changes will be communicated as required by law, and the “Last Revised” date will be updated.

For privacy inquiries or requests: privacy@aris.ai.

For EEA/UK DPO matters: dpo@aris.ai.