Privacy Policy

Ariona Online Ltd. ("Ariona", "we", "us"), registered in the United Kingdom, is the Data Controller in respect of personal data collected through the Ariona platform at ariona.online and app.ariona.online. Where Ariona processes personal data on behalf of a business customer, that business is the Data Controller and Ariona acts as Data Processor.

Contact: legal@ariona.online

Business account holders

• Name and email address (provided at registration)
• Business name and contact details
• Billing information (processed by our payment provider)
• Usage data and logs relating to your use of the dashboard
• Google Calendar OAuth tokens (if you connect Google Calendar)

End customers (via WhatsApp)

• Phone number (provided when messaging the business WhatsApp line)
• Name (if provided during conversation)
• Conversation history — messages sent to and received from the AI assistant
• Booking details (service, date, time, staff member)

• Contract (Article 6(1)(b) GDPR) — processing your account data to provide the Ariona service you have subscribed to.
• Legitimate interests (Article 6(1)(f) GDPR) — when an end customer first messages a business, we store their phone number to manage the conversation flow. This is limited to the minimum data necessary before consent is obtained. We also rely on legitimate interests for fraud prevention and platform security. Any service-improvement activity applies only to data you have directly provided to Ariona (e.g. WhatsApp conversation data) and never to data obtained via Google APIs.
• Consent (Article 6(1)(a) GDPR) — before any AI-assisted booking processing begins, end customers are presented with a clear opt-in prompt. Full conversation history and booking data are only processed after the customer confirms they wish to proceed. Customers may withdraw consent at any time by replying DELETE MY DATA, which permanently erases all their personal data.

• To operate the booking and AI receptionist service on your behalf.
• To send appointment reminders to your customers via WhatsApp.
• To sync confirmed bookings to your Google Calendar when connected.
• To send transactional emails (booking confirmations, plan changes).
• To improve the AI model's understanding of booking-related queries. Only WhatsApp conversation data is used for this purpose. Data obtained via Google APIs (including Google Sign-In and Google Calendar) is never used for AI training, model improvement, or any purpose beyond the specific feature for which it was granted.
• To respond to support requests and investigate complaints.
• To comply with legal obligations.

We do not sell your data or use it for advertising.

Google Sign-In: When you sign in with Google, Ariona receives your email address and display name solely to create and authenticate your Ariona account. This data is not shared with third parties, not used for advertising, and not used to train or improve any AI or machine-learning model.

Google Calendar: If you connect Google Calendar, Ariona's use of Google Calendar API data is strictly limited to creating, updating, and deleting calendar events that correspond to bookings made through Ariona. We do not read, store, or process any calendar events unrelated to Ariona bookings. We only access the calendar of the business owner who explicitly authorised the connection.

Ariona's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used solely to provide the specific in-app feature for which it was authorised. It is never used to develop, improve, or train generalised AI or machine-learning models, and never used for advertising or any secondary purpose.

We share data with the following trusted sub-processors:

SCCs = Standard Contractual Clauses under GDPR Article 46(2)(c).

All data is stored on servers located in the EU. Google OAuth refresh tokens are encrypted at rest using AES-256. We use HTTPS for all data in transit. We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or destruction.

If you suspect a security issue, please notify us immediately at legal@ariona.online.

• WhatsApp messages — retained for 365 days by default. Business owners can configure a shorter retention period in their dashboard settings. Messages older than the retention period are automatically deleted nightly.
• Booking records — retained for the duration of the account plus 12 months for legal/accounting purposes.
• Account data — retained for the life of the account and deleted within 30 days of account closure.

Under GDPR you have the following rights:

• Right of access — request a copy of your personal data.
• Right to withdraw consent (Article 7(3) GDPR) — end customers can withdraw consent at any time by replying DELETE MY DATA. This stops all further processing and triggers immediate erasure.
• Right to erasure (Article 17 GDPR) — end customers can text DELETE MY DATA to instantly delete all their personal data and conversation history. Account holders can contact us at legal@ariona.online.
• Right to rectification — correct inaccurate data.
• Right to portability (Article 20 GDPR) — receive your data in a machine-readable format. Business owners can export individual customer records from the dashboard.
• Right to restrict processing — request we limit how we use your data.
• Right to object — object to processing based on legitimate interests.

To exercise any right, contact us at legal@ariona.online. We will respond within 30 days.

The Ariona dashboard uses essential session cookies required for authentication. We do not use tracking or advertising cookies. No third-party analytics cookies are set.

The Ariona service is not directed at children under the age of 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will notify account holders by email at least 14 days before material changes take effect.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

Questions? Email legal@ariona.online.