Privacy Policy

Anthology Reimagined LTD ("we," "us," or "our") operates the ari platform (the "Platform"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use ari.

By using the Platform, you consent to the data practices described in this policy. If you do not agree, please do not use the Platform.

We use your information for the following purposes:

• Operating the Platform: creating and maintaining your account, displaying your content, enabling social features (follows, plops, notes)
• Personalization: showing you relevant content in feeds (e.g., content from users you follow)
• Communication: sending in-app notifications about activity on your account (new followers, plops on your content). We do not send marketing emails.
• Content moderation: reviewing flagged content and enforcing our Terms of Service
• Platform improvement: analyzing aggregated, de-identified usage data to understand how features are used and to improve the Platform
• Security: detecting and preventing fraud, abuse, and unauthorized access
• Legal compliance: complying with applicable laws and responding to lawful requests from authorities

As a UK-incorporated company, we process personal data in accordance with UK GDPR. For users in the European Economic Area (EEA) or Switzerland, we also comply with EU GDPR. Our legal bases for processing are:

• Contract performance: processing necessary to provide you with the Platform (account creation, content hosting, notifications)
• Legitimate interests: platform improvement, security, fraud prevention, and content moderation — where these interests are not overridden by your rights
• Consent: where you have given specific consent (e.g., Google OAuth data sharing). You may withdraw consent at any time.
• Legal obligation: where processing is required to comply with applicable law

When you add a link to a note, our servers automatically fetch the linked URL to extract metadata (page title, description, thumbnail image). This means:

• Our server makes an HTTP request to the external URL on your behalf
• The external website will see a request from our server's IP address (not yours)
• We download and cache thumbnail images to our cloud storage for display on the Platform
• Preview data is temporarily cached to improve performance

We do not use this feature to track your browsing activity. The fetching occurs only when you explicitly submit a link.

We do not sell your personal data. We share data only with the following service providers, who process data on our behalf under appropriate agreements:

We may also disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Anthology Reimagined LTD, our users, or the public.

• Account data: retained as long as your account is active. Upon account deletion, your data is marked as deleted and permanently purged within 30 days.
• Content you delete: soft-deleted immediately (hidden from public access) and permanently purged after 30 days.
• Link preview cache: temporarily cached and automatically expired.
• Usage events: retained for a limited period, then aggregated or deleted.
• Server logs: retained for a limited period for security and debugging purposes.
• Audit logs: administrative action logs are retained for compliance purposes.

We implement reasonable technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest (AWS encryption)
• Authentication managed by a dedicated identity provider (Clerk)
• Image upload validation (file type and HTTPS enforcement) to prevent injection attacks
• Role-based access control for administrative functions
• Audit logging of all administrative actions

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

The Platform is hosted on AWS in the United States. Anthology Reimagined LTD is incorporated in England and Wales and subject to UK GDPR. When your data is transferred to and processed in the United States, we rely on the UK International Data Transfer Agreement (IDTA) or other lawful transfer mechanisms recognised under UK law to ensure adequate protection.

For users in the EEA, we rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission. By using the Platform, you consent to these transfers.

To exercise any of these rights, contact us at hello@anthologyreimagined.com. We will respond within 30 days (or the period required by applicable law).

ari uses only functional cookies necessary for authentication, managed by our authentication provider (Clerk). These cookies keep you signed in and do not track you across other websites.

We do not use advertising cookies, analytics cookies, or third-party tracking pixels. Because we use only strictly necessary cookies, no cookie consent banner is required under GDPR.

The Platform is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@anthologyreimagined.com and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. If changes are significant, we may also notify you through the Platform (e.g., an in-app notification).

We encourage you to review this page periodically. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

For any privacy-related inquiries, data requests, or legal matters, contact us at hello@anthologyreimagined.com