We collect the smallest amount of data we can to make Artha work, we keep it for as long as you have an account, and we never sell it. The long version follows.
1. What we collect
From you, directly
- Name, email address, and (optionally) phone number.
- The tracks you pick, the tasks you write, your reflections, and the dollar amounts you log as earnings.
- Drafts, outlines, or outreach copy you paste into Critique.
Automatically
- A small set of analytics events (page viewed, task completed, week rolled over). We do not use third-party trackers like Facebook Pixel or Google Analytics.
- Standard server logs (IP, user agent, timestamp) retained for 30 days for security and abuse prevention.
- A session cookie and an authentication cookie set by Supabase Auth.
2. Why we use it
- To generate your daily plan and your weekly letter.
- To send you the magic-link emails you opted in to.
- To improve the quality of the product. Aggregated, anonymized usage patterns may inform new features.
- To prevent abuse and respond to legal requests.
3. What we never do
- Sell, rent, or trade your personal data.
- Train public AI models on your private content. We do call OpenAI and ElevenLabs APIs with your content to power features; both providers contractually prohibit training on API inputs.
- Run ad tracking pixels or third-party retargeting cookies.
4. Sub-processors
The vendors we share data with, and why:
- Supabase: hosting your account, your tasks, your earnings.
- Vercel: serving the web application.
- OpenAI: generating tasks, critique, and the weekly letter. Zero data retention agreement in place.
- Groq, AssemblyAI: transcribing audio you upload to Clipper.
- ElevenLabs: producing optional voice briefings.
- Brevo: delivering transactional emails (magic links, weekly letters).
- YouTube Data API: public tutorial metadata, no personal data sent.
5. Your rights
You have the right to:
- Access a copy of the data we store about you.
- Correct inaccurate data.
- Delete your account and all associated data.
- Export your tasks and earnings as JSON.
- Opt out of any non-essential email. Magic links are essential and cannot be opted out of while you have an account.
You can exercise any of these from privacy@artha.app. We respond within 14 days.
6. Children
Artha is not directed at people under 18 and we do not knowingly collect their data. If you believe a minor has signed up, email us and we will delete the account.
7. International transfers
Our servers are in the United States and the European Union. If you use Artha from outside those regions, your data will be transferred to one of them. Where required, we rely on Standard Contractual Clauses with our processors.
8. Retention
We keep your account data until you ask us to delete it, or 24 months after your account becomes inactive (whichever comes first). Server logs are kept for 30 days.
9. Security
Passwords are not stored (we use magic-link auth). All traffic is served over HTTPS. Data at rest is encrypted by our infrastructure providers. We document our practices in more detail on the security page.
10. Contact
Privacy questions: privacy@artha.app. We read them.