Legal

Privacy Policy

Effective date: April 17, 2026 · Last updated: April 17, 2026

Ariadne is a marketing tool for therapists in private practice. We take your privacy seriously — and because you work with sensitive populations, we've been deliberate about what we collect, what we don't, and who we share it with. Please read this carefully.

1. Who we are

Ariadne ("Ariadne," "we," "us," or "our") operates the website at ariadnemarketing.com and the Ariadne marketing platform. To contact us about privacy matters: [email protected].

2. What this policy covers

This policy covers information collected when you use Ariadne — our website, onboarding flow, dashboard, and all related features. It does not cover third-party websites or services we link to.

3. What we collect — and why

3.1 Account information

When you sign up, we collect:

  • Email address — for authentication, weekly content notifications, and password resets
  • Password — stored as a bcrypt hash; we never see the plaintext

3.2 Practice information

During onboarding, you provide:

  • Your name, practice name, and location (city/state)
  • Your clinical specialty and ideal client description
  • Your website URL
  • Writing samples (bio copy, social posts, emails you've written)
  • Facebook group memberships and posting preferences
  • Referral contacts (provider names, roles, organizations)

This information is used exclusively to generate marketing content in your voice. It is never sold, shared with advertisers, or used to train AI models outside of your own content generation.

3.3 Website content (Jina.ai scraping)

If you provide a website URL, we fetch the text content of your homepage and About page using Jina.ai's reader service to enrich your voice profile. We store only the extracted text. Jina.ai processes this request on our behalf — see their privacy policy at jina.ai/privacy-policy.

3.4 Generated content

All content we generate for you — Google Business posts, social posts, referral emails, blog drafts — is stored in your account and belongs to you. We retain it to power your dashboard and weekly delivery workflow.

3.5 Google Business Profile data

If you connect your Google Business Profile, we request access via Google OAuth using the business.manage scope. This allows us to read your business name, location details, and GBP insights (search impressions, map views, website clicks). We store an OAuth refresh token to maintain the connection. We do not post to your GBP without your explicit approval on each individual post.

3.6 Usage and technical data

We automatically collect:

  • Session data (encrypted, stored in an httpOnly cookie)
  • API usage logs (model name, operation type, token counts) for billing and cost management — not linked to your content
  • Standard server logs (IP address, request timestamps) retained for up to 30 days

We do not use third-party analytics trackers (no Google Analytics, no Meta Pixel, no tracking scripts).

3.7 Payment information

Payments are processed by Stripe. We never see or store your credit card number, CVV, or full card details. Stripe provides us with a customer ID and subscription status. See stripe.com/privacy.

4. What we never collect

We never collect, store, or process any information about your clients or patients. Ariadne is a marketing tool. You should never enter client names, session notes, diagnoses, or any protected health information (PHI) into Ariadne. If you do so accidentally, contact us immediately at [email protected] and we will delete it.

5. How we use your information

  • To provide the Ariadne service — generating and delivering weekly marketing content
  • To authenticate you and maintain your session
  • To send transactional emails (weekly content notification, password reset, billing receipts)
  • To process your subscription via Stripe
  • To display GBP insights in your dashboard
  • To improve our prompts and content quality (in aggregate, never tied to your identity)
  • To respond to your support requests and feedback

We do not use your data for advertising. We do not sell your data. Ever.

6. AI processing (Anthropic)

Content generation is powered by Anthropic's Claude API. Your writing samples, practice information, and voice profile are sent to Anthropic's API to generate content. Anthropic does not use API inputs to train their models by default. See anthropic.com/privacy for their data handling policy.

7. Email delivery (Resend)

Transactional emails are sent via Resend. Your email address and the content of notification emails are processed by Resend on our behalf. See resend.com/privacy.

8. Data sharing

We share your data only with:

  • Anthropic — to generate your content (writing samples, voice profile, practice info)
  • Stripe — to process payments (email, subscription tier)
  • Resend — to deliver emails (email address, email content)
  • Jina.ai — to scrape your website (your website URL only)
  • Google — OAuth token exchange and GBP data reads (per your authorization)
  • Cloudflare — infrastructure provider hosting the app and database

We do not share your data with any other third parties. We do not have advertising partners.

9. HIPAA

Ariadne is a marketing platform, not a clinical tool. We are not a Covered Entity or Business Associate under HIPAA. Do not enter any Protected Health Information (PHI) into Ariadne. Your use of Ariadne for practice marketing does not create a HIPAA business associate relationship. You remain responsible for ensuring your marketing practices comply with applicable professional and legal requirements.

10. Data retention

  • Active accounts: Data retained as long as your account is active
  • Deleted accounts: Account data deleted within 30 days of account deletion request
  • Generated content: Retained for the life of your account; you can delete individual pieces at any time from the dashboard
  • Server logs: Retained for 30 days, then automatically deleted
  • API usage logs: Retained for 90 days for billing auditing purposes

11. Your rights

You have the right to:

  • Access your data — email us and we'll provide a full export
  • Correct your data — edit your profile and voice settings any time in the dashboard
  • Delete your account and all associated data — email [email protected]
  • Disconnect Google — use the disconnect button on the GBP page; we delete your stored tokens immediately
  • Opt out of emails — use the unsubscribe link in any email; note that password reset and billing emails are transactional and cannot be opted out of

If you are located in California, the EU, or the UK, you may have additional rights under CCPA, GDPR, or UK GDPR respectively. Contact us to exercise them.

12. Cookies and sessions

We use a single first-party httpOnly session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party cookies of any kind.

13. Security

Your data is stored in Cloudflare D1 (SQLite) with encryption at rest. Passwords are hashed with bcrypt. Sessions are encrypted. OAuth tokens are stored encrypted. All connections use TLS. We follow security best practices and review access controls regularly.

14. Children

Ariadne is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

15. Changes to this policy

If we make material changes, we will notify you by email at least 14 days before the change takes effect. The "Last updated" date at the top of this page will always reflect the current version.

16. Contact

Questions about this policy: [email protected]