ArylLabsArylLabs/Policy Center
HomePrivacy Policy

Privacy Policy

Updated February 21, 2026·Official Policy

ArylLabs, operated by GOUTAM BORO (GTM TRADE) ("we", "us", "our"), operates aryllabs.com, aryl.app, and aryl.cloud. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We are committed to protecting your privacy and handling your data transparently.

1. Introduction

This Privacy Policy applies to all services provided by ArylLabs, including website deployment, file sharing, flipbook creation, gallery hosting, and all related features. By using our services, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

  • Account Information: Email address and password when you register. If you sign up via Google OAuth, we receive your email, name, and profile picture from Google.
  • Payment Information: When you upgrade to a paid plan, payment is processed by Razorpay (India) or PayPal (International). We store your payment ID, order ID, plan type, and transaction amount. We do NOT store your credit card numbers, bank details, or UPI IDs — these are handled entirely by the payment processor.
  • Content You Upload: Files, websites, flipbooks, galleries, and shared files you deploy through our service. This content is stored on Cloudflare R2 and/or accessed from your Google Drive.
  • Support Communications: If you contact us for support, we retain those communications to improve our service.

Information Collected Automatically

  • Log Data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps. This is standard web server logging.
  • Analytics Data: We use Google Analytics 4 (GA4) to understand how our service is used. GA4 collects anonymized usage data including page views, session duration, and device information.
  • Cookies: We use essential cookies for authentication and optional cookies for analytics. See Section 6 for details.

Cloud Storage Metadata

When you connect Google Drive, we store an OAuth access token and refresh token to access your files. We also store folder IDs and file names for deployments. We do NOT store the contents of your Drive files — they are fetched on-demand when visitors access your deployed site.

3. How We Use Your Information

We use collected information to:

  • Provide the Service: Authenticate your account, deploy your websites, serve your content to visitors, and process payments.
  • Improve the Service: Analyze usage patterns to improve features, fix bugs, and optimize performance.
  • Communicate with You: Send account-related emails (password resets, plan changes, payment receipts). We do not send marketing emails unless you explicitly opt in.
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access to the service.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. Data Storage & Security

Your data is stored across the following infrastructure:

  • Cloudflare Workers & KV: Application logic and caching (global edge network).
  • Cloudflare R2: Deployed website files and uploaded content (encrypted at rest).
  • Turso (LibSQL): User accounts, project metadata, and payment records (encrypted in transit and at rest).
  • Google Drive: Files accessed via your OAuth token remain in your Google Drive. We do not copy them unless you explicitly use the "Backup to CDN" feature.

We implement industry-standard security measures including HTTPS encryption for all data in transit, HTTP-only cookies for authentication, HMAC signature verification for payments, and access controls for all API endpoints. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Information Sharing

We do NOT sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • Service Providers: We share necessary data with Cloudflare (hosting), Turso (database), Razorpay (payments in India), and PayPal (international payments) to operate the service. These providers are contractually obligated to protect your data.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or government request.
  • Safety: We may share information to protect the rights, property, or safety of ArylLabs, our users, or the public — particularly in cases involving child exploitation material (CSAM), which is reported to NCMEC and law enforcement.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred. You will be notified of any such change.

6. Cookies & Tracking

Essential Cookies

  • aryl_token: HTTP-only authentication cookie. Required for login sessions. Expires after 7 days.
  • Theme preference: Stored in localStorage to remember your dark/light mode choice.

Analytics Cookies

  • Google Analytics 4: We use GA4 to collect anonymized usage statistics. GA4 uses cookies (_ga, _ga_*) to distinguish unique users. You can opt out using the Google Analytics Opt-out Browser Add-on.

No Advertising Cookies

We do not use advertising cookies, retargeting pixels, or any third-party ad tracking.

7. Third-Party Services

Our service integrates with the following third-party providers, each with their own privacy policies:

8. Google API Services Disclosure

ArylLabs' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request the minimum Google Drive scopes necessary to read your selected folders and files for deployment.
  • We do not use Google user data for advertising purposes.
  • We do not share Google user data with third parties except as necessary to provide and improve the service.
  • We store OAuth tokens securely in our encrypted database and use them only to access your Drive files on your behalf.
  • You can revoke ArylLabs' access to your Google account at any time via Google Account Permissions.

9. Data Retention

  • Account data: Retained as long as your account is active. If you delete your account, your personal data is removed within 30 days.
  • Deployed content: Free-tier deployments expire after 24 hours and are automatically deleted. Pro plan content persists until you delete it or your account is terminated.
  • Payment records: Retained for 7 years for tax and legal compliance, as required by Indian financial regulations.
  • Log data: Server logs are retained for up to 90 days for security and debugging purposes.
  • Analytics data: Google Analytics data is retained according to Google's data retention settings (default: 14 months).

10. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Data Portability: Request your data in a machine-readable format.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Object: Object to processing of your data for certain purposes.
  • Right to Withdraw Consent: Withdraw consent for data processing at any time.

To exercise any of these rights, please contact us at privacy@aryllabs.com. We will respond to your request within 30 days.

California Residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, email privacy@aryllabs.com.

11. Children's Privacy

ArylLabs is not directed to children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information. If you believe a child has provided us with personal data, please contact us at privacy@aryllabs.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date at the top. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us:

  • Privacy inquiries: privacy@aryllabs.com
  • General support: support@aryllabs.com
  • Abuse reports: abuse@aryllabs.com