Privacy Policy

Introduction

This Privacy Policy explains how Ares collects, uses, shares, and protects personal information when you use our services. It also describes your choices and rights.

Information We Collect

We collect information you provide directly and information generated when you use the services, including:

• •Account details such as name, email address, and organization
• •Profile, settings, and preferences you configure
• •Content and files you upload or generate using the services
• •Usage data such as features used, pages viewed, and actions taken
• •Device and log data such as IP address, browser type, and timestamps
• •Support and communications information when you contact us
• •Data from integrations you connect to the services

Meeting Recordings, Transcription, and the Desktop App

When you or someone in your organization uses our recording and transcription features, including the Ares desktop application, we may collect and process:

• •Audio captured from your device's microphone, including your voice
• •System audio output from your device, which includes the voices and audio of other meeting participants played through your speakers or audio drivers
• •Transcripts, speaker labels, timestamps, and other derivations generated from the captured audio
• •Summaries, action items, coaching signals, and other AI-generated outputs derived from transcripts
• •Meeting metadata such as participant names, email addresses, meeting titles, scheduled start and end times, and the calendar event the recording is linked to
• •Operating-system permission state reported by the desktop application, such as whether microphone and screen recording permissions are granted on macOS, so we can surface setup guidance

Audio is processed by our speech-to-text provider to produce transcripts and speaker diarization. We do not generate voiceprints or other biometric identifiers from the audio. The desktop application records only when you start a recording and stops when you stop it, when the linked meeting ends, or when other documented conditions are met. You and your organization are responsible for obtaining the consents required to record and process every meeting and participant, as described in our Terms of Service.

Information About Non-Users

Ares is a business-to-business sales platform. To provide the services, we necessarily process information about people who are not Ares users and who have not signed up for the services, including prospective customers, contacts at customer organizations, meeting participants, email recipients, and participants in shared collaboration channels. This information may include:

• •Business contact information such as name, work email address, job title, employer, and phone number
• •Public professional information such as LinkedIn profile URLs, public biographies, and publicly available company information
• •Information from our customers' connected CRM, calendar, email, and messaging systems, such as participation in meetings, threads, deals, and shared channels
• •Information obtained from third-party business-data providers used to enrich contact and account records
• •Voice, transcript, and derived content from meetings or communications a customer has recorded with appropriate consent

Our customers determine what to collect, how to use it, and how long to keep it. Where applicable, we rely on our customers' legitimate interests in B2B prospecting, account research, and relationship management, and on their representations that they have the necessary rights and consents, as the lawful basis for processing this information on their behalf.

We do not independently verify information about non-users that we obtain from third-party data providers, public sources, or our customers' connected systems. That information may be incomplete, out of date, attributed to the wrong person, or otherwise inaccurate. If you believe information we hold about you is inaccurate, you can ask us to correct or delete it using the contact path above.

If you are not an Ares user and you would like to know what information we hold about you, request a correction or deletion, object to processing, or withdraw consent, please contact us at the address in the "Contact Us" section below. We will route your request to the relevant Ares customer where they are the controller of your information, and we will respond within the timeframe required by applicable law.

How We Use Your Information

We use the information we collect to:

• •Provide, operate, and maintain the services
• •Deliver requested features, automation, and analytics
• •Process transactions and manage subscriptions
• •Send service, security, and support communications
• •Improve, test, and monitor platform performance
• •Comply with legal obligations and enforce our terms

How We Share Information

We share information only as needed to provide the services, including with:

• •Service providers who help us host, support, and secure the platform
• •Integration partners at your direction
• •Authorities or legal advisors when required by law
• •Successors in the event of a merger, acquisition, or sale of assets

Cookies and Similar Technologies

We use cookies, local storage, session storage, and similar browser technologies to operate the services, remember your preferences, and understand how the services are used. The categories we use are described below. Some are set by us directly ("first-party"), and some are set by providers we use to deliver the services ("third-party").

• •Strictly necessary: authentication and session cookies that keep you signed in, protect against cross-site request forgery, and maintain your security context as you move through the services. These are set by Ares and by our authentication and hosting infrastructure (Supabase and Vercel). The services will not function without them.
• •Functional: storage used to remember UI preferences such as your selected theme, sidebar state, and recently used filters, so the services behave consistently between visits. Disabling these will reset your preferences each session.
• •Product analytics: we use PostHog to understand which features are used and where users encounter friction. PostHog is currently configured to use in-memory storage only and to be off-by-default for individual capture, which means PostHog does not set persistent identifying cookies on your browser in the ordinary course. If we change this configuration in a way that introduces persistent identifiers, we will update this policy.
• •Error monitoring and session replay: we use Sentry to record errors, performance traces, and a sampled subset of session replays so that we can diagnose and fix issues. Sentry uses session storage and similar mechanisms to correlate events within a session. Sentry is configured to mask text content and inputs by default and not to send default personally identifiable information to its servers.
• •No advertising cookies: we do not use third-party advertising, retargeting, or cross-site tracking cookies in the services, and we do not sell or share personal information for cross-context behavioral advertising.

You can control cookies and similar technologies through your browser settings, including clearing or blocking specific cookies, blocking third-party cookies, and using private or incognito browsing. If you disable strictly necessary cookies or block our authentication provider, the services will not work. For requests to opt out of analytics or session replay specific to your account, contact us at the address in the "Contact Us" section below.

Data Retention

We retain personal information for as long as necessary to provide the services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data category:

• •Account, organization, and configuration data: retained while your organization's account is active and for a limited period after termination so that reactivation and exports remain possible
• •Customer content (including CRM records, contacts, meetings, recordings, transcripts, summaries, notes, and other content uploaded or generated in the services): retained until you delete the content in the product or your administrator deletes the underlying organization, and then removed from active systems within a reasonable period
• •Data from connected third-party systems (such as CRM, calendar, email, and messaging integrations): retained for as long as the integration is connected, and removed from active systems after disconnection in the ordinary course
• •Enrichment data obtained from third-party business-data providers: retained on a rolling basis to keep contact and account records reasonably current, and refreshed or removed according to our internal data-hygiene practices
• •Application logs, telemetry, and security event records: retained for a limited operational window sufficient to support debugging, abuse investigation, and security monitoring
• •System backups: retained on a rolling basis for disaster recovery; data deleted from active systems persists in backups until those backups age out
• •Billing, invoicing, and tax records: retained for the period required by applicable tax, accounting, and commercial law
• •Aggregated or de-identified data: may be retained for analytics, benchmarking, and product improvement for as long as it remains aggregated or de-identified

When an organization terminates its account, customer content is deleted from active systems in the ordinary course, subject to backup ageing and any legal hold or retention obligation. Specific retention windows are described in our order forms, data processing agreement, or sub-processor documentation, which take precedence over the descriptions above for enterprise customers.

Data Security

We implement safeguards designed to protect personal information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

International Transfers

Your information may be processed in countries other than your own. We take steps to ensure appropriate safeguards are in place when transferring data internationally.

Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or export your information, and to object or restrict certain processing. You can also opt out of non-essential marketing messages by following the unsubscribe instructions in those messages.

Children's Privacy

The services are not intended for children, and we do not knowingly collect personal information from children under 16.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will post the updated policy and revise the effective date.