ariari

Legal

Privacy Policy

Last updated: April 15, 2026

1. Introduction

Plop Cloud LTD, trading as Anthology Reimagined ("we," "us," or "our"), is the data controller for the ari platform (the "Platform"). Our registered address is 66 Paul Street, London, EC2A 4NA.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use ari.

By using the Platform, you acknowledge the data practices described in this policy. If you do not agree, please do not use the Platform.

2. Information We Collect

2a. Information You Provide

  • Account information: email address, username, display name, and profile image — provided during sign-up through Clerk (email or Google OAuth)
  • Profile information: bio, website URL, social links, date of birth, and country — provided when you complete or edit your profile
  • Content you create: anchor cards (name, bio, images, gallery links, social links), notes (title, body, media attachments), and folders (name, description, visibility setting)
  • Images you upload: profile photos, anchor card images (JPEG, PNG, WebP, PDF) — uploaded directly to our cloud storage
  • Links you submit: URLs added to notes, from which we automatically generate previews (see Section 5)
  • Email addresses of friends you invite: when you send an invitation through the in-app invite modal, we store the recipient's email address to link the invitation to your account when they sign up. We do not send marketing emails to invitees. Only the Clerk transactional invitation email is sent.

2b. Information Collected Automatically

  • Usage events: actions you take on the Platform (e.g., saving an anchor card, sharing a profile, starting a session), including timestamps and the type of action
  • Session data: we record session start events for authenticated users, including the referring URL
  • Device and browser information: information your browser automatically provides, such as IP address, browser type, operating system, and language preference — collected through standard web server logs

2c. Information from Third Parties

If you sign up using Google OAuth, we receive your name, email address, and profile picture from Google, as authorised by you during the OAuth consent flow.

3. How We Use Your Information

We use your information for the following purposes:

  • Operating the Platform: creating and maintaining your account, displaying your content, enabling social features (follows, plops, notes)
  • Personalization: showing you relevant content in feeds (e.g., content from users you follow)
  • Communication: sending in-app notifications about activity on your account (new followers, plops on your content). We do not send marketing emails.
  • Content moderation: reviewing flagged content and enforcing our Terms of Service
  • Platform improvement: analyzing aggregated, de-identified usage data to understand how features are used and to improve the Platform
  • Security: detecting and preventing fraud, abuse, and unauthorised access
  • Legal compliance: complying with applicable laws and responding to lawful requests from authorities

4. Legal Bases for Processing (UK GDPR / GDPR)

As a UK-incorporated company, we process personal data in accordance with UK GDPR. For users in the European Economic Area (EEA) or Switzerland, we also comply with EU GDPR. Our legal bases for processing are:

  • Contract performance: processing necessary to provide you with the Platform (account creation, content hosting, notifications)
  • Legitimate interests: platform improvement, security, fraud prevention, and content moderation — where these interests are not overridden by your rights
  • Consent: where you have given specific consent (e.g., Google OAuth data sharing). You may withdraw consent at any time.
  • Legal obligation: where processing is required to comply with applicable law

5. Link Previews and Server-Side Fetching

When you add a link to a note, our servers automatically fetch the linked URL to extract metadata (page title, description, thumbnail image). This means:

  • Our server makes an HTTP request to the external URL on your behalf
  • The external website will see a request from our server's IP address (not yours)
  • We download and cache thumbnail images to our cloud storage for display on the Platform
  • Preview data is cached for up to 90 days to improve performance

We do not use this feature to track your browsing activity. The fetching occurs only when you explicitly submit a link.

6. Data Sharing and Third-Party Processors

We do not sell your personal data. We share data only with the following service providers, who process data on our behalf under appropriate agreements:

ProviderPurposeData Shared
ClerkAuthenticationEmail, username, display name, profile image
Amazon Web Services (AWS)Hosting, database, file storageAll platform data (encrypted at rest and in transit)
GoogleOAuth sign-in (optional)Name, email, profile picture — only when you choose Google sign-in

We may also disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Plop Cloud LTD (trading as Anthology Reimagined), our users, or the public.

7. Data Retention

  • Account data: retained as long as your account is active. Upon account deletion, your data is marked as deleted and permanently purged within 30 days.
  • Content you delete: soft-deleted immediately (hidden from public access) and permanently purged after 30 days.
  • Link preview cache: cached for up to 90 days and automatically expired.
  • Usage events: retained for up to 12 months, then aggregated or deleted.
  • Server logs: retained for up to 90 days for security and debugging purposes.
  • Audit logs: retained for up to 24 months for compliance purposes.
  • Beta period: during the Beta Program (see our Terms of Service), platform content may be reset for operational reasons. This does not affect your rights to request deletion of your personal data.

8. Data Security

We implement reasonable technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest (AWS encryption)
  • Authentication managed by a dedicated identity provider (Clerk)
  • Image upload validation (file type and HTTPS enforcement) to prevent injection attacks
  • Role-based access control for administrative functions
  • Audit logging of all administrative actions

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

The Platform is hosted on Amazon Web Services (AWS) in the United Kingdom (eu-west-2, London). Plop Cloud LTD is incorporated in England and Wales. For UK and EEA users, your data is primarily stored and processed within the UK.

Some third-party processors (such as Clerk for authentication) may process data outside the UK and EEA. Where data is transferred internationally, we rely on the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs) as appropriate to ensure adequate protection.

10. Your Rights

10a. All Users

Regardless of your location, you may:

  • Access and download your data by contacting us
  • Correct inaccurate information through your profile settings
  • Delete your content through the Platform interface
  • Request full account deletion by contacting us

10b. UK, EEA, and Swiss Residents (UK GDPR / GDPR)

You additionally have the right to:

  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EEA, contact your local data protection authority.

10c. California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the sale or sharing of your personal information — we do not sell or share your data for cross-context behavioural advertising
  • Non-discrimination — we will not discriminate against you for exercising your privacy rights

10d. South Korean Residents (PIPA)

If you are a resident of South Korea, you have the right to:

  • Access your personal information held by us
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Request suspension of processing of your personal information
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Lodge a complaint with the Personal Information Protection Commission (PIPC) at pipc.go.kr

To exercise any of these rights, contact us at hello@anthologyreimagined.com. We will respond within 30 days (or the period required by applicable law).

11. Cookies

ari uses only functional cookies necessary for authentication, managed by our authentication provider (Clerk). These cookies keep you signed in and do not track you across other websites.

We do not use advertising cookies, analytics cookies, or third-party tracking pixels. Because we use only strictly necessary cookies, no cookie consent banner is required under GDPR.

12. Children's Privacy

The Platform is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@anthologyreimagined.com and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. If changes are significant, we may also notify you through the Platform (e.g., an in-app notification).

We encourage you to review this page periodically. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

14. Contact Us

For any privacy-related inquiries, data requests, or legal matters, contact us at:

Plop Cloud LTD (trading as Anthology Reimagined)
Email: hello@anthologyreimagined.com
Registered address: 66 Paul Street, London, EC2A 4NA