Privacy
Privacy-by-design principles, data processing transparency, and architectural controls that minimize data exposure at every layer.
Privacy Principles
Minimum Exposure
ARIA's three-zone architecture ensures OAuth tokens and credentials never leave the server-side vault. Applications receive data, not secrets. This architectural constraint eliminates entire categories of credential exposure risk.
Delegation-Scoped Access
Every agent action is bound to a specific human principal through first-class Delegation records. Agents can only access data within their delegated scope — no shared bot identities, no ambient authority.
Data Scope Filtering
Policy-driven row filtering and field-level redaction (x-redact annotations) ensure agents only see the data they are authorized to access. Sensitive fields are filtered before they reach the agent context.
Tamper-Evident Audit
Every data access decision is recorded in signed, hash-chained receipts. The audit trail demonstrates exactly what data was accessed, by whom, under what authorization, and when.
Data Processing
What ARIA Processes
Policy evaluation requests and responses — who is requesting what, under which delegation, and the permit/deny outcome.
Agent-to-principal bindings, capability grants, constraints (budget, time window, velocity limits), and revocation state.
Tool name, schema hash, parameters hash, egress target, and pin verification result. ARIA proxies requests but tool responses flow directly to the caller.
Token consumption, cost accumulation, and limit enforcement events. Financial data is aggregated, not stored at the individual transaction level.
What ARIA Does Not Process
ARIA does not train models, store prompt content, retain conversation history, or access customer business data beyond what is necessary for authorization decisions. The platform is an authorization and governance layer — not a data processor in the traditional sense.
Credential Non-Exposure
Traditional secrets vaults (HashiCorp Vault, AWS Secrets Manager, CyberArk) encrypt credentials at rest but return them to the application at retrieval time. The credential then exists in application memory — accessible to logging frameworks, error handlers, debugging tools, and browser JavaScript contexts.
ARIA's OAuth Vault follows a fundamentally different pattern:
App fetches token → Token in app code → App uses token. Credential exposed to application, developers, and potential attackers.
App requests action → Token used internally → App receives data. Credential never accessible to applications, developers, or attackers.
This eliminates five attack surfaces simultaneously: accidental logging, XSS credential extraction, token persistence in browser storage, developer credential misuse, and memory-scraping attacks.
Data Residency & Retention
Receipt Retention
Tamper-evident receipt chains support configurable retention periods, including 6+ year retention via WORM storage (S3 Object Lock) for organizations with long-term regulatory obligations.
Deployment Flexibility
ARIA supports deployment configurations that allow customers to control where authorization decisions, receipts, and delegation data are processed and stored.
Data Subject Rights
We honor data subject rights to access, rectification, and deletion. Delegation records and associated authorization data can be identified and processed per principal.
Regulatory Alignment
Delegation-scoped access, data minimization, data subject rights, and processing transparency support GDPR compliance posture.
Audit trail transparency and data scope controls support California privacy requirements for consumer data access and deletion rights.
ARIA's tamper-evident receipts, human oversight controls, and decision traceability address transparency and record-keeping requirements under Regulation 2024/1689.
Token non-exposure architecture, signed receipt chains, and continuous controls monitoring align with SOC 2 trust service criteria for security, availability, and confidentiality.
Privacy questions?
Request our data processing documentation, subprocessor list, or discuss data residency requirements for your deployment.
Contact Privacy Team