Ariadne is a marketing content platform for solo practitioners and small businesses. We take your privacy seriously, and because some of you work with sensitive populations, we've been deliberate about what we collect, what we don't, and who we share it with. Please read this carefully.
Ariadne ("Ariadne," "we," "us," or "our") operates the website at ariadnemarketing.com and the Ariadne marketing platform. To contact us about privacy matters: [email protected].
This policy covers information collected when you use Ariadne: our website, onboarding flow, dashboard, and all related features. It does not cover third-party websites or services we link to.
When you sign up, we collect:
During onboarding, you provide:
This information is used exclusively to generate marketing content in your voice. It is never sold, shared with advertisers, or used to train AI models outside of your own content generation.
If you provide a website URL, we fetch the text content of your homepage and About page using Jina.ai's reader service to enrich your voice profile. We store only the extracted text. Jina.ai processes this request on our behalf. See their privacy policy at jina.ai/privacy-policy.
All content we generate for you (Google Business posts, social posts, referral emails, blog drafts) is stored in your account and belongs to you. We retain it to power your dashboard and weekly delivery workflow.
If you connect your Google Business Profile, we request access via Google OAuth using the business.manage scope. This allows us to read your business name, location details, and GBP insights (search impressions, map views, website clicks). We store an OAuth refresh token (encrypted at rest) to maintain the connection. We do not post to your GBP without your explicit approval on each individual post.
Google user data is never used to train AI models. Your business location, GBP insights, and any other data accessed via the business.manage scope is used only to power the dashboard features described in section 3.8 below. It is not sent to Anthropic or any other AI provider for model training, and Anthropic's processing of API inputs we send (your voice profile and content drafts, not GBP data) is governed by their no-train-on-API-inputs default.
You can revoke our access at any time by clicking Disconnect Google on the GBP page in your dashboard. Your stored OAuth tokens are deleted immediately, and Google revokes the credential on their side. See section 11 for the full account-deletion flow.
We automatically collect:
We use Google Analytics 4 to understand site traffic and conversion patterns (which pages people land on, whether they finish signup, which audiences resonate). GA4 sets cookies in your browser; the data sent to Google does not include your name, email, or any content you generate. You can opt out by installing the Google Analytics Opt-out Browser Add-on or by enabling your browser's Do Not Track / Global Privacy Control signal.
We do not use any other third-party trackers (no Meta Pixel, no Hotjar, no advertising tags).
Payments are processed by Stripe. We never see or store your credit card number, CVV, or full card details. Stripe provides us with a customer ID and subscription status. See stripe.com/privacy.
Ariadne's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
Your OAuth refresh token is stored encrypted at rest in our database. The token is used only to call the GBP API on your behalf for the features above and is deleted immediately when you disconnect Google or close your account.
We never collect, store, or process any information about your clients or patients. Ariadne is a marketing tool. You should never enter client names, session notes, diagnoses, or any protected health information (PHI) into Ariadne. If you do so accidentally, contact us immediately at [email protected] and we will delete it.
We do not use your data for advertising. We do not sell your data. Ever.
Content generation is powered by Anthropic's Claude API. Your writing samples, practice information, and voice profile are sent to Anthropic's API to generate content. Anthropic does not use API inputs to train their models by default. See anthropic.com/privacy for their data handling policy.
Transactional emails are sent via Resend. Your email address and the content of notification emails are processed by Resend on our behalf. See resend.com/privacy.
We share your data only with:
We do not share your data with any other third parties. We do not have advertising partners.
Ariadne is a marketing platform, not a clinical tool. The product is designed so Protected Health Information (PHI) never enters the system. We do not ask for, and you should not provide, client names, session content, diagnoses, or any identifying details about the people you work with. The onboarding flow asks only about you: your practice, your specialty, your voice, your location.
We are not a HIPAA Covered Entity or Business Associate, and we do not have a Business Associate Agreement (BAA) in place with our LLM provider. Your use of Ariadne for practice marketing does not create a HIPAA business associate relationship with us. If you input PHI into Ariadne against our design, you are responsible for that disclosure and its consequences. You remain responsible for ensuring your marketing practices comply with applicable professional and legal requirements.
You have the right to:
If you are located in California, the EU, or the UK, you may have additional rights under CCPA, GDPR, or UK GDPR respectively. Contact us to exercise them.
We use a single first-party httpOnly session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party cookies of any kind.
Your data is stored in Cloudflare D1 (SQLite) with encryption at rest. Passwords are hashed with bcrypt. Sessions are encrypted. OAuth tokens are stored encrypted. All connections use TLS. We follow security best practices and review access controls regularly.
Ariadne is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
If we make material changes, we will notify you by email at least 14 days before the change takes effect. The "Last updated" date at the top of this page will always reflect the current version.
Questions about this policy: [email protected]