Privacy Policy

Last updated: April 19, 2026

1. Introduction

Araka Inc. (“Araka,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Araka.ai platform and related services (the “Service”).

By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, company name, and role when you register
  • Business Data: Products, customers, orders, inventory levels, financial data, and other operational information you enter into the Service
  • Email Data: Email messages, attachments, and metadata synced from connected mailboxes (Microsoft Outlook, Gmail) with your explicit authorization
  • Financial Data: Bank account information connected via Plaid, expense records, and accounting data synced with QuickBooks
  • Communications: Support requests, feedback, and other communications with us

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, timestamps, and session duration
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • AI Usage Data: Tokens consumed, model used, and feature context for AI-powered features (no personal content is logged)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your business data (orders, inventory, deductions, etc.) as directed by you
  • Power AI features such as email classification, purchase order extraction, and business intelligence
  • Send service-related communications (account verification, security alerts, product updates)
  • Monitor usage patterns to improve performance and user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. Data Processing by Third Parties

To provide the Service, we share certain data with third-party service providers:

  • OpenAI: Email content, document text, and business queries are sent to OpenAI's API for AI processing (classification, extraction, analysis). OpenAI's data usage policy applies. We do not use OpenAI models that train on customer data.
  • Microsoft Graph API: Email sync requires access to your Outlook/365 mailbox. We only read and store emails from connected mailboxes with your explicit OAuth authorization.
  • Plaid: Bank account connections are facilitated through Plaid. Plaid's privacy policy governs their handling of your financial data.
  • Intuit (QuickBooks): Accounting data is synced via QuickBooks API with your OAuth authorization.
  • Infrastructure Providers: We use DigitalOcean for hosting and PostgreSQL database services. All data is encrypted at rest and in transit.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and sensitive credentials are encrypted at rest (AES-256-GCM)
  • Tenant Isolation: Each customer's data is logically isolated using PostgreSQL row-level security policies. Cross-tenant data access is architecturally prevented.
  • Access Control: Role-based access control (RBAC) limits data access based on user roles (Owner, Admin, Manager, Member, Viewer)
  • Token Security: OAuth tokens, API keys, and integration credentials are encrypted before storage
  • Database Backups: Daily automated backups with 30-day retention

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination:

  • Your data will be retained for 30 days to allow for reactivation
  • After 30 days, your data will be permanently deleted from our systems
  • Backups containing your data will be rotated out within 30 days of deletion
  • Aggregated, anonymized usage data may be retained indefinitely for analytics

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable, machine-readable format
  • Objection: Object to certain processing activities
  • Withdrawal of Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at privacy@araka.ai. We will respond within 30 days.

8. Cookies

The Service uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party analytics tools may set their own cookies subject to their respective privacy policies.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Araka Inc.
Email: privacy@araka.ai
Website: https://araka.ai