AI coaching, 10,000 hours of executive practice. Ara II.

1. Introduction

At Ara II, we take your privacy seriously. This Privacy Policy explains how JC Consult LLC (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal data when you access or use the Ara II platform, including any associated websites, applications, and services (collectively, the “Service”).

This Privacy Policy should be read together with our Terms of Service. Any terms not defined here have the meanings given to them in the Terms of Service.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

2. Data Controller

For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, the data controller responsible for your personal data is:

JC Consult LLC
447 Broadway, 2nd Floor 1647
New York, NY 10013
United States
Email: [email protected]

3. Personal Data We Collect

We collect personal data in the following categories:

3.1 Information You Provide to Us

Account Data: Your name, email address, and password when you create an Account.
Payment Data: Payment card type, last four digits of your payment card, billing address, and billing email. Full payment card details are collected and processed directly by our payment processor, Stripe, Inc., and are not stored on our servers.
Content: Any data, text, files, images, brand assets, strategy documents, or other materials you upload, create, store, or transmit through the Service.
Voice Data: If you use voice input features, audio recordings of your voice are collected for speech-to-text transcription. We do not generate voiceprints or biometric identifiers from your voice.
Communications: Any information you provide when you contact us for support, send us feedback, or otherwise communicate with us.
Referral Data: If you participate in our Referral Program, we collect information about your referral activity, including the identity and contact information of individuals you refer.

3.2 Information We Collect Automatically

Device and Usage Data: IP address, browser type and version, operating system, device type, unique device identifiers, and general location information derived from your IP address.
Log Data: Pages visited, features used, time and date of access, time spent on pages, clickstream data, and other diagnostic data.
Cookie Data: Information collected through cookies and similar tracking technologies, as described in Section 8.
Advertising Data: When you visit our landing page or website, advertising platforms may collect data about your visit through tracking pixels and similar technologies, including your IP address, browser information, pages visited, and actions taken. This data is used by advertising platforms for conversion measurement and retargeting. See Section 8 for details.

3.3 Information We Receive from Third Parties

We may receive information about you from third-party services you use to authenticate or connect with the Service (for example, if you sign in using a third-party account provider). The information we receive depends on the settings and privacy policies of those third-party services.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 To Provide and Operate the Service

Creating and managing your Account.
Processing your payments and managing your Subscription.
Hosting, storing, and processing your Content.
Processing your voice input and converting it to text.
Generating Output using artificial intelligence and machine learning technologies.
Providing customer support and responding to your communications.
Processing data export requests upon Account termination.

4.2 To Improve and Develop the Service

Analysing usage patterns and trends to understand how the Service is used.
Testing, researching, and developing new features and functionality.
Monitoring and improving the performance, security, and stability of the Service.
Debugging and fixing errors.

4.3 To Communicate with You

Sending transactional communications, including purchase confirmations, billing notifications, security alerts, and service updates.
With your consent, sending marketing communications such as product updates, feature announcements, newsletters, and promotional offers.

4.4 To Ensure Safety and Security

Detecting, preventing, and addressing fraud, abuse, security risks, and technical issues.
Enforcing our Terms of Service and Acceptable Use Policy.
Protecting the rights, property, and safety of our users and the public.

4.5 To Comply with Legal Obligations

Fulfilling our obligations under applicable laws, regulations, and legal processes.
Responding to lawful requests from public authorities, including law enforcement.

5. Legal Bases for Processing (EU/EEA/UK Users)

If you are located in the European Union, European Economic Area, or the United Kingdom, we process your personal data only when we have a valid legal basis to do so. The legal bases we rely on are:

5.1 Contractual Necessity

We process your Account Data, Payment Data, Content, Voice Data, and Communications as necessary to perform our contract with you (the Terms of Service) and to provide the Service to you. Without this data, we cannot provide the Service.

5.2 Legitimate Interests

We process Device and Usage Data, Log Data, and Cookie Data (for essential and functional cookies) based on our legitimate interests in operating, improving, and securing the Service. We balance these interests against your rights and freedoms and do not process your data where our interests are overridden by your rights.

Our legitimate interests include:

Operating, maintaining, and improving the Service;
Understanding how the Service is used;
Ensuring the security and integrity of the Service;
Preventing fraud and abuse.

5.3 Consent

We process certain data based on your explicit consent, including:

Marketing communications — you can withdraw your consent at any time by following the unsubscribe instructions in any marketing email or by contacting us at [email protected];
Non-essential cookies — you can manage your cookie preferences through our cookie consent mechanism;
Voice data — by choosing to use voice input features, you consent to the collection and processing of your voice recordings for the purpose of providing the Service.

Where we rely on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5.4 Legal Obligation

We may process your data where necessary to comply with a legal obligation to which we are subject, such as tax reporting, responding to legal process, or cooperating with regulatory authorities.

6. How We Share Your Personal Data

Your Content is private to your Account. We do not sell your personal data. We share your personal data only in the following circumstances:

6.1 Service Providers

We engage third-party service providers to perform functions on our behalf. These providers only have access to personal data necessary to perform their functions and are contractually obligated to protect your data. Our current service providers include:

Knus — operating entity. Knus performs the day-to-day technical operation, development, and maintenance of the Service on behalf of JC Consult LLC, under a written data-processing agreement. Knus acts as a data processor; JC Consult LLC remains the data controller (see Section 2).
Stripe, Inc. (United States) — payment processing. Stripe collects and processes your payment information directly. See Stripe’s privacy policy at stripe.com/privacy.
Anthropic, PBC (United States) — artificial intelligence services. Your Content and inputs may be processed by Anthropic’s Claude models to generate Output. See Anthropic’s privacy policy at anthropic.com/legal/privacy.
Google LLC (United States) — vector embeddings via the Gemini Embedding API, used to power semantic search across the knowledge base. Inputs sent to the embeddings API are short conceptual snippets, not full Content. See Google’s privacy policy at policies.google.com/privacy.
Supabase Inc. (United States) — database, authentication, and file storage. Your Account Data, Content, and authentication tokens are stored in a Supabase Postgres instance.
Vercel Inc. (United States) — frontend hosting and content delivery for the website and web application.
Railway Corp. (United States) — backend hosting and compute for the API that powers the Service.
LangChain, Inc. — LangSmith, the hosted LLM observability and tracing product. We use the EU regional endpoint (eu.api.smith.langchain.com). Trace payloads may include prompt and response text for the purposes of quality monitoring and evaluation.
Resend Inc., 2261 Market Street #5039, San Francisco, CA 94114, United States — transactional and marketing email delivery. Resend is not currently certified under the EU-US Data Privacy Framework, so transfers rely on Standard Contractual Clauses.

We do not currently use any third-party web analytics, product analytics, or error-tracking service. If we add one, we will update this Privacy Policy and notify users in line with Section 17.

6.2 Advertising Partners

As of the last-updated date of this Privacy Policy, no third-party advertising pixels or tracking technologies are active on our website. When we begin running paid acquisition campaigns, the platforms below may place tracking pixels, cookies, or similar technologies on your device to measure ad performance, build audience profiles, and serve you targeted advertisements on other websites and platforms. We will require your consent before any non-essential cookie is set on your device. Our anticipated advertising partners include:

Google (including Google Ads and YouTube) — see Google’s privacy policy at policies.google.com/privacy and opt out at adssettings.google.com.
Meta (including Facebook and Instagram) — see Meta’s privacy policy at facebook.com/privacy/policy and manage your ad preferences at facebook.com/adpreferences.
LinkedIn — see LinkedIn’s privacy policy at linkedin.com/legal/privacy-policy and opt out at linkedin.com/psettings/guest-controls.

Data collected by advertising partners may include your IP address, device identifiers, browser information, pages visited, and actions taken on our website. This data is subject to the respective advertising partner’s privacy policy. We do not share your Content or Account-level data with advertising partners.

You can opt out of advertising cookies through our cookie consent mechanism (see Section 8) or through the platform-specific controls linked above.

6.3 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests. We may also disclose personal data where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Service.

6.4 Business Transfers

If JC Consult LLC is involved in a merger, acquisition, bankruptcy, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your data.

6.5 With Your Consent

We may share your personal data with third parties when you have given us explicit consent to do so.

6.6 Aggregated and Anonymised Data

We may create aggregated, de-identified, or anonymised data from the personal data we collect. Anonymised data is no longer personal data and may be used and shared for any lawful purpose, including to analyse and improve the Service, without restriction.

7. Artificial Intelligence and Data Processing

The Service uses artificial intelligence and machine learning technologies provided by third-party AI providers (currently Anthropic) to generate Output based on your inputs and Content.

7.1 How Your Data is Processed by AI

When you use features of the Service that generate Output, your inputs (including text and, if applicable, voice transcriptions) are transmitted to our AI provider for processing. The AI provider processes your inputs and returns Output to the Service.

7.2 Data Retention by AI Providers

Our agreements with AI providers include provisions regarding the handling, retention, and deletion of your data. We require that our AI providers do not use your inputs or Content to train their general models without your explicit consent. For details on how our AI providers handle data, please refer to their respective privacy policies.

7.3 AI Output

Output generated through the Service is provided for informational and educational purposes only. We do not guarantee the accuracy, completeness, or reliability of any Output. You are responsible for independently reviewing and verifying Output before relying on it.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate, improve, and secure the Service. A cookie is a small data file placed on your device when you access a website.

8.1 Types of Cookies We Use

Essential Cookies: Required for the operation of the Service, including authentication, session management, and security. These cookies cannot be disabled while using the Service.
Functional Cookies: Used to remember your preferences and settings, such as language and display preferences. Disabling these may affect your experience.
Analytics Cookies: Used to understand how the Service is used, measure performance, and identify areas for improvement. These cookies are only placed with your consent.
Advertising and Retargeting Cookies: Used by our advertising partners (Google, Meta, and LinkedIn) to measure ad performance, build audience profiles, and serve you targeted advertisements on other websites and platforms. These cookies are only placed with your consent. Under certain US state privacy laws, the data collected through these cookies may be considered a “sale” or “sharing” of personal data (see Section 14).

8.2 Your Cookie Choices

As of the last-updated date of this Privacy Policy, the Service uses only essential cookies required for authentication, session management, and security. No analytics, advertising, or other non-essential cookies are set on your device. Under Section 25(2)(2) of the German Telecommunications-Digital-Services Data Protection Act (TTDSG) and equivalent EU rules, consent is not required for cookies strictly necessary to provide a service the user has explicitly requested, so we do not display a cookie consent banner today.

When we introduce any non-essential cookies (for example, when we begin running paid acquisition campaigns), we will switch on a Consent Management Platform at that time. You will then be presented with a consent mechanism that lets you accept or reject each category, and you will be able to change your preferences from the cookie settings link in the website footer.

You can also control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may prevent you from using certain features of the Service.

8.3 Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. There is currently no universally accepted standard for how to respond to DNT signals. We will update this Privacy Policy if and when a standard is established.

9. International Data Transfers

The Service is operated from the United States. If you are located outside the United States, including in the European Union, European Economic Area, or the United Kingdom, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

9.1 Safeguards for EU/EEA/UK Transfers

Where we transfer personal data from the EU, EEA, or UK to the United States or other countries that have not been recognised as providing an adequate level of data protection, we implement appropriate safeguards to protect your data. These may include:

Standard Contractual Clauses (SCCs) approved by the European Commission;
Data processing agreements with our service providers that include equivalent protections;
Any other legally recognised transfer mechanism under applicable law.

Several of our service providers self-certify under the EU-US Data Privacy Framework (DPF) and its UK Extension, which provides an additional legal basis for data transfers from the EU/EEA/UK to the United States. As of the last-updated date of this Privacy Policy, this includes Stripe, Anthropic, Google, and Vercel. For providers not currently certified under the DPF, we rely on Standard Contractual Clauses (SCCs).

You may request a copy of the safeguards we use for international transfers by contacting us at [email protected].

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and secure development practices.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your Account credentials.

11. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, as described in this Privacy Policy, or as required by applicable law.

11.1 Retention Periods

Account Data: Retained for as long as your Account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.
Payment Data: Retained for as long as necessary to process your purchase or Subscription, and as required for tax and accounting purposes.
Content: Retained for as long as your Account is active. Upon Account termination, you may request a data export within thirty (30) days, after which your Content may be permanently deleted.
Voice Data: Retained for no longer than twelve (12) months from the date of recording, or until you request deletion, whichever comes first.
Device and Usage Data: Retained for as long as necessary to ensure the Service is functioning properly and to improve the Service, typically no longer than twenty- four (24) months.
Communications: Retained for as long as necessary to respond to your inquiry and for a reasonable period thereafter.

11.2 Deletion

When personal data is no longer required, we will securely delete or anonymise it. Anonymised data may be retained and used indefinitely.

12. Children's Privacy

The Service is not directed at or intended for use by individuals under the age of 18 (or 16 in the EU/UK). We do not knowingly collect personal data from individuals under these ages. If we become aware that we have collected personal data from an individual under the applicable minimum age, we will take steps to delete that information as quickly as possible.

If you believe that an individual under 18 (or 16 in the EU/UK) has provided personal data to us, please contact us at [email protected].

13. Your Rights: EU, EEA, and UK Residents

If you are located in the European Union, European Economic Area, or the United Kingdom, you have the following rights under the GDPR:

Right of Access: You have the right to request confirmation of whether we process your personal data and to request a copy of that data.
Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
Right to Erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions.
Right to Restriction of Processing: You have the right to request that we restrict processing of your personal data in certain circumstances.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller. Upon request, we will provide your Content in PDF format.
Right to Object: You have the right to object to processing of your personal data based on our legitimate interests, including for direct marketing purposes.
Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw that consent at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu/about-edpb/about-edpb/members_en. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request.

14. Your Rights: US State Privacy Laws

If you are a resident of California, Colorado, Connecticut, Virginia, or another US state with an applicable consumer privacy law, you may have the following rights:

Right to Know / Access: You have the right to request information about the categories and specific pieces of personal data we have collected about you.
Right to Deletion: You have the right to request deletion of your personal data, subject to certain exceptions.
Right to Correction: You have the right to request correction of inaccurate personal data.
Right to Portability: You have the right to receive a copy of your personal data in a portable format.
Right to Opt Out of Sale: We do not sell your personal data. If this changes in the future, we will update this Privacy Policy and provide you with the ability to opt out.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

14.1 California-Specific Disclosures

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents have additional rights. As of the last-updated date of this Privacy Policy, we do not sell personal data for monetary consideration, and we do not share personal data with third parties for cross-context behavioural advertising. No advertising or retargeting pixels are currently active on our website.

When we begin running paid acquisition campaigns (see Section 6.2), the use of advertising partner pixels may constitute “sharing” under the CCPA. We will update this section at that time and provide an opt-out mechanism that meets CCPA requirements. The categories of personal data that may be shared include Device/IP Data, Web Analytics, and Geolocation Data.

You can manage your preferences through our cookie consent mechanism once non-essential cookies are introduced, through the platform-specific ad preference controls described in Section 6.2, or by contacting us at [email protected]. To our knowledge, we do not sell or share the personal data of minors under 16 years of age.

15. Voice Data

Voice input is not currently enabled in the Service. This section describes how voice data will be handled when voice features are introduced, so the policy is in place before any voice processing begins. We will notify users in line with Section 17 before enabling voice input.

15.1 What We Collect

When you use voice features, we collect audio recordings of your voice for the purpose of speech-to-text transcription. We do not generate voiceprints, faceprints, or any other biometric identifiers from your voice.

15.2 How We Use Voice Data

Voice data is used solely to convert your spoken input to text for use within the Service. We may also use aggregated, anonymised voice data for the purpose of improving speech recognition accuracy, but only in a way that does not identify you.

15.3 Third-Party Processing

Voice data may be transmitted to third-party speech-to-text service providers for processing. These providers are contractually obligated to protect your data and to use it solely for the purpose of providing transcription services.

15.4 Retention and Deletion

Voice audio files are retained for no longer than twelve (12) months from the date of recording. You may request deletion of your voice data at any time by contacting us at [email protected]. Upon receiving your request, we will delete your voice data within thirty (30) days.

15.5 State Biometric Privacy Laws

If you are a resident of Illinois, Texas, Washington, or another state with a biometric privacy law, please note that we do not collect biometric identifiers or biometric information as defined by those laws. Our collection of voice audio for speech-to-text transcription does not involve the creation of voiceprints or other biometric templates. If our practices change, we will update this Privacy Policy and obtain any required consent before processing biometric data.

16. Email and Anti-Spam Compliance

We comply with the CAN-SPAM Act (United States), CASL (Canada), and applicable EU regulations regarding electronic communications.

All marketing emails will include a clear and conspicuous unsubscribe mechanism.
We will honour unsubscribe requests within ten (10) business days.
We will not use deceptive subject lines or misleading header information.
Transactional emails (such as purchase confirmations, security alerts, and Account notifications) are not subject to opt-out because they are necessary for the operation of your Account.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. If we make material changes, we will notify you by email or through a prominent notice within the Service at least thirty (30) days before the changes take effect.

We encourage you to review this Privacy Policy periodically. The “Last Updated” date at the top of this policy indicates when it was last revised.

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: