Ariv Studios Back to Home

Privacy Policy

Last updated: May 5, 2026

The short version

Your content stays on your device. Analytics are optional and anonymous. We only have your email if you purchase or contact support.

This policy covers every product Ariv Studios makes. Each product handles data differently, so the policy is grouped by product below - jump straight to the one you're using:

Ariv

Personal knowledge management (macOS, Windows, Linux)

In one paragraph

Ariv is a local-first note-taking app. Your notes, documents, attachments, tasks, and tags live on your computer as plain Markdown files. Nothing is uploaded to Ariv's servers unless you explicitly opt in to end-to-end encrypted sync. AI features and the Google Calendar integration are off by default and only activate when you turn them on.

What we don't collect

  • Your notes, documents, or file contents - All content stays on your device.
  • Location data - We never track where you are.
  • Device fingerprints - No unique device identification.
  • Personal identifiers beyond what's needed for purchase or support.

Local data

  • Notes are stored as Markdown files in a vault folder you choose.
  • Tasks, tags, backlinks, and search indexes are kept in a local SQLite database in your application data folder.
  • Attachments (images, PDFs) sit in the vault alongside your notes.

Anonymous usage analytics (opt-in)

Ariv can send anonymous product analytics through PostHog so we can understand which features get used and where users get stuck. Off by default; toggle in Settings > Privacy > Help Shape Ariv.

When enabled, we collect:

  • App opens and feature usage events (e.g. "command palette opened", "task created")
  • Setting changes (which key changed - never the value)
  • Anonymous app version, OS platform, theme/accent color

What we never send: note content, note titles, file paths, tag names, task text, attendee names, calendar event content, or anything else identifiable. All events are tied to a random anonymous ID generated locally.

AI features (optional)

Ariv supports AI-powered features (Ask Brain, auto-tagging, note summaries) by talking directly from your device to the AI provider you configure: Google Gemini, OpenAI, Anthropic, or a local Ollama model. Off by default until you provide an API key.

  • Queries leave your device only when you actively use an AI feature.
  • API keys are stored encrypted in your operating system's secure keystore (macOS Keychain, Windows DPAPI, or Linux libsecret).
  • We never see your API key, your prompts, or the AI's responses - traffic flows directly between your device and the provider you chose.
  • The provider's own privacy policy governs how they handle your prompts.

Google user data (Google Calendar integration)

Ariv offers an optional Google Calendar integration that surfaces the user's meetings on a "Today at a Glance" dashboard section and lets them turn any meeting into a pre-filled note in their local vault. This integration is off by default and only activates when the user explicitly clicks Connect in Settings > Integrations.

What Google user data Ariv accesses:

  • Profile basics via the openid and https://www.googleapis.com/auth/userinfo.email scopes - just the user's email address, used solely to display "Connected as <email>" in Settings so the user knows which account is linked.
  • Calendar events via the https://www.googleapis.com/auth/calendar.events.readonly scope - read-only access to events on the user's primary calendar for the current day.

How Ariv uses this data:

  • Display the user's events for the current day in the "Today at a Glance" dashboard section.
  • When the user clicks "Take notes" on an event, create a markdown note in the user's local vault titled with the meeting name, date, and time. The note body is pre-filled with the event's title, start/end time, attendees (names where available), location, and conferencing link.
  • Maintain a local mapping between Google event IDs and the resulting note paths so the dashboard can flip the action from "Take notes" to "Open notes" once a note already exists for that meeting.

How Ariv stores this data:

  • Event content (titles, attendees, descriptions, etc.) is held in memory only for the duration of the user's session. It is not written to disk or any database.
  • Meeting notes the user creates live as ordinary markdown files inside the user's local vault, on the user's device. They are the user's own data and are no different from any other note in Ariv.
  • The OAuth refresh token is stored encrypted at rest using the operating system's secure keystore (macOS Keychain, Windows DPAPI, or Linux libsecret) on the user's device. Access tokens are kept in memory only.

How Ariv shares this data:

  • Ariv does not share Google user data with anyone. Calendar event data is fetched directly from Google to the user's desktop and never transits, transits through, or is stored on Ariv's infrastructure.
  • Ariv does not have a backend that processes user calendar data. There is no server-side cache, no analytics pipeline that touches event content, and no third-party processor.
  • Ariv does not use Google user data to train, develop, or improve any AI/ML models.
  • Ariv does not sell, rent, or transfer Google user data to any third party.

How users can revoke access:

  • From inside Ariv: Settings > Integrations > Google Calendar > Disconnect. This calls Google's token revocation endpoint and wipes the locally-stored refresh token from the OS keystore.
  • From the user's Google Account: Apps with access to your account > remove Ariv.
  • Meeting notes the user has already created are theirs - they remain in the local vault after disconnecting and can be deleted by the user at any time.

Limited Use compliance. Ariv's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

End-to-end encrypted sync (optional)

If you opt in to sync, your vault is encrypted on your device with a key derived from your password before anything leaves your computer. Our sync server stores only opaque ciphertext - no filenames, paths, or content are visible to us. If you lose your password, we cannot recover your data.

Purchases

Ariv Pro is sold through our payment processor, acting as Merchant of Record. They collect your email, payment information, billing address, and any tax-relevant details required by your jurisdiction. We receive only your email and the subscription/purchase confirmation - we never see or store your payment card details. Their processing of your data is governed by their own privacy notice, which is presented at checkout.

Adoro

Focus timer (macOS, iOS, Android)

In one paragraph

Adoro is a local-first focus timer. Your sessions, tags, and stats live on your device. Optional anonymous analytics help us understand how the app is used. Mobile purchases are handled by Apple, Google, and RevenueCat.

What we don't collect

  • Tag names, session notes, or descriptive text you type into the app - these stay on your device.
  • Location data.
  • Device fingerprints.
  • Personal identifiers beyond what your platform's app store needs to deliver the app.

Local data

  • Timer sessions, tag assignments, and statistics are stored locally.
  • Tag names and any session notes you write are never transmitted off-device.

Anonymous usage analytics (opt-in)

Adoro can send anonymous product analytics through PostHog. Off by default; toggle in Settings > Privacy.

When enabled, we collect:

  • App opens, session starts/completions
  • Feature usage (which settings changed - never the values)
  • Pro conversion events

All analytics data is anonymous and aggregated. We use it to understand usage patterns and improve the product.

Purchases

Mobile purchases are processed through the Apple App Store, Google Play Store, and RevenueCat (for subscription management). We receive an anonymous subscriber ID and your subscription status. We do not receive your payment details.

App Store privacy labels

Apple App Store:

  • Data Linked to You: None
  • Data Used to Track You: None
  • Data Not Linked to You: Usage Data, Diagnostics (when analytics are enabled)

Google Play Store:

  • Data shared: None
  • Data collected: App activity, App info (when analytics are enabled)
  • Security: Data encrypted in transit

AuraFi

Soundscape player (macOS)

In one paragraph

AuraFi collects no data. It plays audio locally with no analytics, no telemetry, and no network requests beyond fetching your purchased soundscapes.

What we don't collect

  • Listening history
  • Usage analytics
  • Device fingerprints
  • Personal identifiers beyond what's needed for purchase

Purchases

AuraFi is sold through our payment processor, acting as Merchant of Record. They collect your email, payment information, billing address, and any tax-relevant details required by your jurisdiction. We receive only your email and the purchase confirmation - we never see or store your payment card details. Their processing of your data is governed by their own privacy notice, which is presented at checkout.

Applies to all products

The following terms apply across Ariv, Adoro, AuraFi, and any future Ariv Studios product.

Your rights

  • Access: Your data is on your device.
  • Delete: Delete the app and its data folder.
  • Export: Data is stored in standard formats (Markdown, JSON, SQLite).
  • Opt-out of analytics: Disable in Settings > Privacy.
  • Disconnect integrations: Each product's Settings page lets you disconnect any third-party integration. Disconnecting revokes the relevant tokens with the third-party provider and wipes them locally.

Rights for users in the EU/UK (GDPR) and California (CCPA/CPRA)

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights regarding personal data we hold about you (typically your email and any subscription/billing records):

  • Right to access: request a copy of the personal data we hold.
  • Right to rectification: ask us to correct inaccurate information.
  • Right to erasure ("right to be forgotten"): ask us to delete personal data, subject to legal retention requirements (e.g. tax records).
  • Right to data portability: receive your data in a machine-readable format.
  • Right to object / restrict processing: ask us to stop or limit certain processing.
  • Right to opt out of "sale" or "sharing" of personal data (CCPA/CPRA): we do not sell or share personal data for cross-context behavioral advertising. Nothing to opt out of.
  • Right to lodge a complaint: with your local supervisory authority (e.g. the ICO in the UK, your national DPA in the EU, the California Attorney General).

How to exercise your rights: email hello@ariv.one from the email address associated with your account. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

Lawful basis for processing (GDPR): we process your email and billing details to perform our contract with you (Article 6(1)(b)), to comply with tax and accounting obligations (Article 6(1)(c)), and to protect our legitimate interests in operating and improving the service (Article 6(1)(f)). Optional analytics are processed only with your consent (Article 6(1)(a)) and can be withdrawn at any time in Settings.

Data retention

  • Account email and subscription records: kept for as long as your account is active, plus the period required by Canadian tax law for accounting records (currently six years from the end of the tax year to which they relate).
  • Encrypted sync blobs: retained as long as your sync subscription is active. Deleted vault items go to a 15-day Trash window before permanent removal. Closing your account deletes all encrypted blobs from our infrastructure within 30 days.
  • Optional analytics events: retained for up to 12 months, then aggregated or deleted.
  • Support correspondence: retained for up to 24 months after the last interaction.

Subprocessors

We use a small number of subprocessors to operate Ariv Studios products. None of them ever receive your note content or local file contents.

  • Cloudflare, Inc. - hosts our website (Cloudflare Pages) and the encrypted sync infrastructure (Workers, D1, R2). Encrypted sync blobs are stored at rest in Cloudflare R2; we use the EU/Auto region routing where applicable. Cloudflare also provides our website analytics in cookieless aggregate form.
  • Payment processor (Merchant of Record) - handles payment processing, billing, tax collection and remittance, and subscription management for desktop subscriptions. Receives your email, payment details, and billing address. We will identify the specific provider on request.
  • PostHog Inc. - opt-in product analytics. Only receives anonymous usage events when you have analytics enabled.
  • RevenueCat, Inc. - subscription management for our mobile apps (Adoro, AuraFi). Receives anonymous subscriber IDs only.
  • Resend - transactional email (account, billing, support). Receives your email address and the message content.
  • Apple, Google - mobile app distribution and in-app purchase processing for our mobile apps. Governed by their respective privacy policies.

If you have opted in to AI features with your own API key, your prompts and responses flow directly between your device and the AI provider you chose (Google, OpenAI, Anthropic, or a local model). Those providers are not our subprocessors - you have a direct relationship with them governed by their terms.

International data transfers

Ariv Studios operates from Canada. Some of our subprocessors process data in the United States, the European Union, or other regions. Where personal data of EU/UK users is transferred outside those jurisdictions, we rely on standard contractual clauses (SCCs) and our subprocessors' approved transfer mechanisms. Encrypted sync blobs are end-to-end encrypted before they leave your device, so even when stored or routed across regions, the content is unreadable to us, our subprocessors, or anyone in transit.

Cookies and similar technologies

We do not use tracking cookies on our website. Specifically:

  • Website analytics: Cloudflare Web Analytics is cookieless and aggregates traffic data without identifying individual visitors.
  • Checkout pages: when you proceed to checkout, our payment processor may set cookies necessary for processing the transaction. Their cookie use is governed by their privacy notice, which is presented at checkout.
  • In-app analytics: the desktop and mobile apps use a locally-generated anonymous identifier (no browser cookies) and only when analytics are enabled by you.

Children's privacy

Our products are not intended for children under 13. We do not knowingly collect information from children.

Data security

  • All data stays local on your device by default.
  • Any network requests use HTTPS encryption.
  • Secrets (API keys, OAuth refresh tokens) are stored encrypted in your operating system's secure keystore (macOS Keychain, Windows DPAPI, or Linux libsecret).
  • We recommend encrypting your device.
  • We can't be breached for data we don't have.

Changes to this policy

We may update this policy occasionally. We'll notify users of significant changes via email (if we have your address), an in-app notification, or our website. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

Questions about this policy? Reach us at support@ariv.one.