Areto Labs Privacy & Data Processing Policy

Last Updated: January 14, 2026

1. Introduction

Thank you for using Areto! Areto Labs Inc. ("we," "our," or "us") provides community moderation and analytics services. This Privacy Policy explains our practices regarding the collection, use, and disclosure of data and personal information. It is developed to ensure data security and to comply with the developer policies of our Supported Platforms, including Meta, TikTok, and YouTube.

Owner and Data Controller: Areto Labs Inc. 4136 Ramsay Road, Edmonton, Alberta T6H 5R2, Canada Contact: hello@aretolabs.com | Data Requests: data@aretolabs.com

2. YouTube API Services & Google Disclosure

Our Application uses YouTube API Services to provide moderation and analytics for YouTube content.

• Agreement to Terms: By using our services, users are agreeing to be bound by the YouTube Terms of Service (available at https://www.youtube.com/t/terms).

• Google Privacy Policy: Our use of YouTube data is governed by the Google Privacy Policy (available at http://www.google.com/policies/privacy).

• Revocation of Access: Users can revoke Areto’s access to their data via the Google Security Settings page at https://myaccount.google.com/connections?filters=3,4&hl=en.

• Limited Use: Our use and transfer of information received from Google APIs adheres to the Google API Service User Data Policy, including the Limited Use requirements.

3. Definitions

• Account Administrator: The individual(s) who authorized the setup, payment, and application of Areto.

• Handle: Account name on a social media platform (e.g., @aretolabs).

• Areto User: Someone with access to the Areto platform and dashboard.

• Supported Platforms: Instagram, Facebook, TikTok, and YouTube.

4. Data Collection and Usage

A. Personal Information (Areto Users & Administrators)

Our primary goals in collecting personal information are to provide, improve, and administer our services.

• Users: We collect names and email addresses for product development and marketing.

• Account Administrators: We collect names, email addresses, and payment information to facilitate business transactions. We do not share this information with third parties.

B. API Data (Social Media Content)

Upon linking social media accounts, we access and process the following API Data from Supported Platforms:

• Raw user-generated comments and timestamps.

• Usernames, platform IDs, and profile pictures.

• Follower/following counts, biographies, and verified status.

• Post details (text, media, and timestamps).

5. Data Governance and Processing

A. Purpose of Processing

Data is processed to provide automated content moderation (filtering, flagging, and reporting), generate audience sentiment analytics, improve moderation algorithms, and comply with legal obligations.

B. Data Processing Environment

All processing is conducted within Google Cloud Platform (GCP). For abuse and sentiment detection, we utilize OpenAI models. Data shared with third-party service providers is under strict confidentiality and is not used by those parties to train their models.

C. Cookies and Device Access

We (and authorized third parties) may store, access, or collect information directly or indirectly on or from users’ devices, including by placing, accessing, or recognizing cookies or similar technology on users' devices or browsers to provide the Service and analyze performance.

6. Data Retention and Deletion

• YouTube API Data: Notwithstanding general retention, all non-aggregated data obtained via YouTube API Services is deleted or refreshed every 30 days.

• Analytics Data (Aggregated): Aggregated and anonymized data (stripped of PII) is stored while the account is actively tracked.

• Actionable Data (Moderation Log): Full data required for moderation is retained for the duration of active service. We archive this data after 90 days.

• Removal Policy: All data is archived or removed within 30 days of removing a handle/hashtag from tracking.

• User Deletion Requests: Users may request the hard deletion of their data at any time by contacting data@aretolabs.com. This process is completed within 14 days.

7. Data Sharing and Disclosure

We do not sell data. We share information only:

• With Customers: To provide insights based on their own social media data.

• With Service Providers: Companies that assist in our operations (GCP, OpenAI) under strict confidentiality.

• Business Transactions: In the event of a merger, acquisition, or asset sale.

• Research/Benchmarking: We may share aggregated, de-identified data for industry research. This data never identifies a User, company, or organization.

8. Data Security

We implement appropriate technical and organizational measures:

• Encryption: All data is encrypted in transit (HTTPS/TLS 1.3) and at rest (Google Cloud).

• Access Controls: Password-protected databases, strong password requirements (8+ characters, mixed case, symbols), and mandatory Multi-Factor Authentication (MFA) for server access.

9. User Rights (GDPR & Global Standards)

Users have the right to:

• Access, verify, and seek rectification of their data.

• Request the erasure (deletion) of their personal data.

• Withdraw consent or object to processing.

• Receive their data in a portable format.

Requests should be directed to data@aretolabs.com. We respond to all requests within 30 days.

10. Policy Updates

We may update this policy periodically. Customers will be notified of significant changes via the application or email.