ARIA Trust Center
← Trust Center

Data Protection

Last reviewed: 2026-04-20 · v2.2.1-D

GDPR coverage

ArticleCoverage
Art. 5Principles (lawfulness, fairness, purpose limitation, minimisation)
Art. 6Lawful basis (contract + legitimate interest + consent where required)
Art. 13-14Transparency notices — privacy policy + in-product prompts
Art. 15-22Data subject rights — DSAR portal + automated fulfilment < 30 days
Art. 25Privacy by design — default retention 90d, RLS on every table
Art. 28Processor obligations — DPA with every subprocessor on request
Art. 32Security of processing — encryption at rest + in transit, SOC 2 in progress

Other jurisdictions

  • CCPA / CPRA — California consumer rights honoured globally via the same DSAR portal.
  • PIPEDA — Canadian consent + breach notification obligations met.
  • UAE-PDPL — UAE data residency option via Frankfurt→Dubai data corridor (on request).
  • CASL — Anti-spam consent recorded on every marketing touchpoint.

Data residency

  • EU (Frankfurt, default for EU tenants)
  • US-East (N. Virginia)
  • UAE (Dubai) — Enterprise tier

Documents