ArylLabs/Policy Center
HomePrivacy Policy

Privacy Policy

Updated February 21, 2026·Official Policy

ArylLabs, operated by GOUTAM BORO (GTM TRADE) ("we", "us", "our"), operates aryllabs.com, aryl.app, and aryl.cloud. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We are committed to protecting your privacy and handling your data transparently.

1. Introduction

This Privacy Policy applies to all services provided by ArylLabs, including website deployment, file sharing, flipbook creation, gallery hosting, and all related features. By using our services, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

  • Account Information: Email address and password when you register. If you sign up via Google OAuth, we receive your email, name, and profile picture from Google.
  • Payment Information: When you upgrade to a paid plan, payment is processed by Paddle (International), Razorpay (India) or PayPal. We store your payment ID, order ID, plan type, and transaction amount. We do NOT store your credit card numbers, bank details, or UPI IDs — these are handled entirely by the payment processors.
  • Content You Upload: Files, websites, flipbooks, galleries, and shared files you deploy through our service. By default, this content is accessed directly from your Google Drive. If you choose to use our native ArylCloud Storage, your files are securely stored on our cloud infrastructure (Cloudflare R2 or Backblaze B2).
  • Support Communications: If you contact us for support, we retain those communications to improve our service.

Information Collected Automatically

  • Log Data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps. This is standard web server logging handled by Cloudflare.
  • Analytics Data: We use Cloudflare Web Analytics, a privacy-first solution that tracks aggregate traffic (like page views and device types) without identifying individual users or storing personal data.
  • Cookies: We only use essential cookies necessary for the service to function properly. We do not use analytics or tracking cookies. See Section 6 for details.

Cloud Storage Metadata

When you connect Google Drive, we store an OAuth access token and refresh token to access files within the dedicated "ArylLabs" folder. We also store folder IDs and file names for deployments. We do NOT store the contents of your Drive files — they are fetched on-demand when visitors access your deployed site.

3. How We Use Your Information

We use collected information to:

  • Provide the Service: Authenticate your account, deploy your websites, serve your content to visitors, and process payments.
  • Improve the Service: Analyze usage patterns to improve features, fix bugs, and optimize performance.
  • Communicate with You: Send account-related emails (password resets, plan changes, payment receipts). We do not send marketing emails unless you explicitly opt in.
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access to the service.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. Data Storage & Security

Your data is stored across the following infrastructure:

  • Cloudflare Workers & KV: Application logic and caching (global edge network).
  • Cloudflare R2 & Backblaze B2: Deployed website files and uploaded content when using ArylCloud Storage (encrypted at rest).
  • Cloudflare D1: User accounts, project metadata, and payment records (encrypted in transit and at rest).
  • Turso (LibSQL): Secure data storage specifically for email collection and newsletters (encrypted in transit and at rest).
  • Google Drive: Files accessed via your OAuth token remain in your Google Drive. We do not copy or permanently store these files on our servers.

We implement industry-standard security measures including HTTPS encryption for all data in transit, HTTP-only cookies for authentication, HMAC signature verification for payments, and access controls for all API endpoints. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Information Sharing

We do NOT sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • Service Providers: We share necessary data with Cloudflare (hosting), Turso (database), Paddle (international payments), Razorpay (payments in India), and PayPal to operate the service. These providers are contractually obligated to protect your data.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or government request.
  • Safety: We may share information to protect the rights, property, or safety of ArylLabs, our users, or the public — particularly in cases involving child exploitation material (CSAM), which is reported to NCMEC and law enforcement.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred. You will be notified of any such change.

6. Cookies & Tracking

Essential Cookies

  • aryl_token: HTTP-only authentication cookie. Required for login sessions. Expires after 7 days.
  • Theme preference: Stored in localStorage to remember your dark/light mode choice.

No Analytics or Tracking Cookies

We use Cloudflare Web Analytics, which operates entirely without cookies. We do not set any analytics trackers, advertising cookies, retargeting pixels, or third-party ad tracking on your device.

7. Third-Party Services

Our service integrates with the following third-party providers, each with their own privacy policies:

8. Google API Services Disclosure

ArylLabs' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use the restricted drive.file scope. This means ArylLabs can only access the specific "ArylLabs" folder it creates in your Google Drive. We cannot access, view, or modify any other files or folders in your account.
  • We do not use Google user data for advertising purposes.
  • We do not share Google user data with third parties except as necessary to provide and improve the service.
  • We store OAuth tokens securely in our encrypted database and use them only to access your Drive files on your behalf.
  • You can revoke ArylLabs' access to your Google account at any time via Google Account Permissions.

9. Data Retention

  • Account data: Retained as long as your account is active. If you choose to delete your account, your personal data is removed immediately.
  • Deployed content: Content deployed under our Free, Plus, and Pro plans persists securely until you choose to delete it or your account is terminated. "Guest" deployments (made without an account) are automatically deleted within 24 hours.
  • Payment records: We do not store detailed payment histories or credit card information on our servers. All transactions are securely processed and retained by our payment providers (Paddle, Razorpay, and PayPal) in accordance with financial regulations.
  • Log data: We do not permanently store server logs. Basic access and error logs are processed by Cloudflare solely for security and performance monitoring, and are purged according to their standard retention policies.
  • Analytics data: We use privacy-first Cloudflare Web Analytics, which aggregates general traffic metrics without tracking individual users or storing personal data.

10. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Data Portability: Request your data in a machine-readable format.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Object: Object to processing of your data for certain purposes.
  • Right to Withdraw Consent: Withdraw consent for data processing at any time.

To exercise any of these rights, please contact us at privacy@aryllabs.com. We will respond to your request within 30 days.

California Residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, email privacy@aryllabs.com.

11. Children's Privacy

ArylLabs is not directed to children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information. If you believe a child has provided us with personal data, please contact us at privacy@aryllabs.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date at the top. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us:

  • Privacy inquiries: privacy@aryllabs.com
  • General support: support@aryllabs.com
  • Abuse reports: abuse@aryllabs.com