Privacy Policy

1. Summary

Aravien is an editorial cross-media discovery service. The short version of how we treat your data:

• If you sign in with Google, we store the minimum account profile Google returns (email, name, avatar, stable identifier) so we can recognise you across visits and attach your private shelf to your account.
• Your shelf saves (works, pathways, regions, essays) and any short note you attach to a saved item are stored on our servers and are private to your account.
• Your shelf notes and layout preferences as used in the shelf workspace are kept only in your browser’s local storage and never transmitted to our servers.
• The nearby places feature uses your location only when you explicitly tap the “Find places near you” control and grant browser permission. Your precise coordinates are used to query Google Places for that single lookup; they are not attached to your account and are not kept in any durable record.
• We do not run third-party analytics, advertising trackers, or tag managers on Aravien.

2. Scope

This policy covers information handled by Aravien when you access our websites, APIs, and related surfaces. It does not cover:

• the privacy practices of third-party services you interact with through Aravien, such as Google (for sign-in, Places, and Maps), YouTube (for trailer previews), Wikipedia, or any site you reach by clicking an external link; or
• any separate service, product, or engagement operated by [LEGAL ENTITY NAME] or its affiliates outside Aravien.

When you leave Aravien through an external link or interact with embedded third-party content, the privacy practices of the destination or embedding service apply.

3. Information we collect

3.1 Account profile (if you sign in)

Aravien uses Google sign-in. When you sign in, Google returns the profile fields associated with the openid email profile scopes. In practice we receive and store: your email address, whether that address is verified, your display name, your avatar URL, your locale, your Google Workspace hosted domain (where applicable), and the stable Google subject identifier that uniquely identifies your Google account. We also record the timestamps on which your member record was created, last updated, and last logged in.

3.2 Session data

When you sign in we issue an authenticated session. We set a session cookie (named aravien_session) on your browser and create a matching session record on our servers that stores a one-way SHA-256 hash of the session token, the session identifier, the linked member identifier, the creation and expiration timestamps, and whether the session has been revoked. We do not store the raw session token. Our session cookie is not an advertising or analytics cookie.

3.3 Shelf and member-created content

If you save items to your shelf, we store one record per saved reference: the kind of reference (work, pathway, region, essay, or bridge), the identifier of the referenced item, its title at the time of save, an optional short free-text note you may attach, the domain (film, TV, music, etc.), a structured metadata payload that supports how the item is later rendered, and the timestamp of the save. These records are tied to your member identifier and are private to your account. We do not expose shelves to other members or to anonymous visitors.

3.4 Local-only data in your browser

The shelf workspace keeps some state purely on your device in your browser’s local storage: a set of short personal notes you may write in the notes workspace (aravien.shelf.notes.v1), and your preferred layout mode for the shelf (aravien.shelf.layout-mode.v1). This information lives only in your browser. Aravien’s servers do not receive it. If you clear your browser storage, switch devices, or use a private window, it will not follow you.

3.5 Location (only if you ask for it)

Aravien does not track your location. A specific feature — the “nearby places” module on some pages — can, with your permission, use your browser’s Geolocation API for a single one-off request. See Section 6 for exactly how that works.

3.6 Operational logs

Like most services we operate, Aravien maintains basic request logs so we can keep the service running, debug errors, and measure aggregate performance. For each HTTP request to our API, our logging middleware records the request method, URL path, HTTP status code, request duration, and a timestamp. Operational logs do not include request or response bodies, do not include account identifiers, and do not include payload data from your shelf or notes. Aggregated counters may be exposed to our internal operational dashboards via Prometheus metrics.

3.7 What we do not collect

We do not run third-party advertising trackers, analytics libraries (such as Google Analytics, Mixpanel, Amplitude, Segment, or PostHog), tag managers, session-replay tools, or fingerprinting libraries on Aravien. We do not sell personal data. We do not maintain behavioural profiles for advertising.

4. How we collect it

We collect information in the following ways:

• From you directly. When you choose to sign in, save a work, attach a note to a shelf item, or use the nearby places feature, you are intentionally providing information to Aravien.
• From Google, on your authorisation. When you sign in with Google, Google returns the profile fields described in Section 3.1 based on the scopes Aravien requests and that you approve.
• Automatically, from your device. When your browser makes requests to Aravien, our servers observe the request information described in Section 3.6. Your browser also sends our cookie on authenticated requests.

5. How we use information

We use the information we collect to:

• authenticate you and keep you signed in across visits;
• provide your private shelf, render your saved items accurately, and persist your personal notes attached to saved items;
• respond to your explicit request for real-world place recommendations near your current location;
• operate, debug, secure, and improve the service, including diagnosing errors and measuring aggregate load and latency;
• enforce our Terms of Use, prevent abuse, and address violations of our Copyright & DMCA Policy;
• comply with applicable law and respond to lawful requests from authorities; and
• contact you about material changes to the service or to this policy.

We do not use your data to train third-party AI models. We do not rent, sell, or trade personal data. We do not use your data for personalised advertising, because we do not run advertising.

6. Location data and nearby places

On some Aravien pages a module labelled “Real-world extension · near you” offers to surface a few culturally-aligned places near your current location that extend the work, pathway, or regional thread you are reading. The location flow is strictly opt-in:

1. Your browser never reports your location to Aravien unless you first click the explicit “Find places near you” control on that module.
2. When you click it, your browser prompts you for permission. If you decline or ignore the prompt, Aravien receives no coordinates and the nearby module stays collapsed. Declining does not impair the rest of the service; the in-region curation and every other feature continue to work without any location signal.
3. If you grant permission, your browser returns approximate coordinates to the page. Aravien sends those coordinates to its backend once, so the backend can ask Google Places for a small editorially-scoped set of venues biased to your area.
4. Aravien uses your coordinates to bias the Google Places query and to filter obviously-wrong distance results. Aravien does not write your precise coordinates into your member profile, session record, shelf, or operational logs.
5. To reduce duplicate API calls, Aravien keeps a short-lived in-memory cache keyed on a coarse grid (coordinates rounded to approximately one kilometre). This cache expires on a schedule and is discarded when our server process restarts.

Your interaction with Google Places itself is additionally subject to Google’s own terms and privacy policy. Once Aravien returns a list of places to you and you tap “Open on Maps,” you leave Aravien and are handed off to Google.

7. Cookies and local storage

7.1 Cookies

Aravien uses a small number of first-party cookies. At present these are limited to authentication:

• aravien_session — an authentication cookie issued when you sign in. It is scoped to Aravien and sent with a SameSite policy of Lax. In production it is marked as secure and not accessible to JavaScript. Its server-side counterpart expires after approximately thirty days from issue, or sooner if you sign out.
• aravien_auth_flow — a short-lived cookie used only during the Google sign-in flow to protect the authorisation exchange. It is discarded once sign-in completes or is abandoned.

Aravien does not set third-party cookies directly. Third-party embeds, if you interact with them, may set their own cookies under their own domains and terms (see Section 8).

7.2 Local storage

The shelf workspace uses your browser’s local storage to keep lightweight, local-only state that never leaves your device. Keys currently in use are:

• aravien.shelf.notes.v1 — your shelf-workspace notes.
• aravien.shelf.layout-mode.v1 — your preferred shelf layout density.

You can clear this data any time by clearing site data for Aravien in your browser’s settings.

8. Third-party services

Aravien is deliberately built as a narrow editorial surface on top of a small number of clearly-scoped third-party services. They fall into three groups.

8.1 Services you interact with through Aravien

• Google (sign-in, Places, Maps). Sign-in redirects you to Google and returns the profile fields described in Section 3.1. Place recommendations on some pages are supplied by Google Places from a backend request; when you tap “Open on Maps,” you are handed off to Google Maps. Your interactions with Google in each of these flows are subject to Google’s terms and privacy policy.
• YouTube. Where a work has an embeddable trailer, Aravien displays it via the youtube-nocookie.com domain, which reduces the tracking YouTube performs until you actively press play. Playback is served by YouTube, not Aravien. Interacting with the embed is subject to YouTube’s terms and privacy policy.

8.2 Services we use to enrich metadata

Aravien reads open-licensed catalog data from services such as Wikidata, MusicBrainz, OpenLibrary, TVMaze, Cover Art Archive, Getty, and Wikipedia to populate factual metadata and imagery for works. Those reads are initiated by Aravien as part of background curation and do not carry your account or session data. Some cover art and images are served through direct hotlinks to the upstream host, in which case loading the image reveals your IP address and request headers to that host in the normal course of any web request.

8.3 Services that support the site itself

Fonts and similar static assets may be served from their respective providers. Standard hosting and DNS providers route and serve Aravien’s pages. We may change these operational providers as the service evolves; the basic data flows described in this policy remain authoritative.

9. Sharing and disclosure

We do not sell your personal data. We share information only in the limited ways described below:

• With you. Your own shelf contents, notes (server-side), and profile information are displayed back to you when you sign in.
• With third-party services you explicitly invoke. When you sign in with Google, request nearby places, or click an external link, you send data to those services as described in Sections 6 and 8.
• With service providers acting on our behalf. We may use infrastructure vendors (for example, hosting, database, error-reporting, and email delivery providers) to operate Aravien. Those providers process data only under contract and only to the extent needed to provide their service to us.
• To comply with law or protect rights. We may disclose information if we believe in good faith that it is required by applicable law, regulation, legal process, or government request, or where necessary to investigate or prevent fraud, abuse, violations of our Terms of Use, or threats to the rights, property, or safety of Aravien, our users, or others.
• In connection with a business transfer. If we are acquired, reorganised, or sell substantially all of our assets, personal data may be transferred as part of that transaction. We will notify signed-in members of any such transfer in a manner consistent with applicable law.

10. Retention and deletion

We keep personal information for as long as it is needed to operate the service:

• Account records are retained while your Aravien member record exists.
• Sessions expire on a schedule (currently approximately thirty days from issue) and are removed or marked revoked after that, on sign-out, or when you re-authenticate.
• Shelf items and server-stored notes are retained until you remove them or close your account.
• Local-only notes (Section 3.4) remain on your device until you delete them or clear your browser storage; we have no copy to retain.
• Operational logs and aggregate metrics are retained for a bounded operational window that supports debugging and capacity planning; the specific window may change as the service evolves.
• Records required by law (for example, records related to a legal claim or a tax obligation) may be retained for the period required.

On account closure, we will delete or anonymise your account-bound data within a reasonable period after the closure request, subject to the exceptions above.

11. Your choices

You control the main privacy-relevant decisions on Aravien directly:

• Stay anonymous. Browsing, search, pathways, regions, and editorial content do not require sign-in. If you never sign in, Aravien does not create a member profile or issue a session cookie for you.
• Decline location. The nearby places module is opt-in for every use. You can decline your browser’s permission prompt or revoke permission through your browser settings without losing any other functionality.
• Remove shelf items. You can remove any saved item from your shelf at any time.
• Clear local-only data. You can clear Aravien site data (including local notes and layout preferences) from your browser at any time.
• Sign out. Signing out immediately revokes your active session and discards the authentication cookie from your browser.
• Ask us to close your account. See Section 16 for how to request account closure or data deletion.

Some jurisdictions give you additional rights — for example, access, correction, portability, restriction of processing, objection, or complaint to a supervisory authority. If you believe such rights apply to you, contact us using the details in Section 16 and we will respond in good faith and in accordance with applicable law.

12. Security

We take reasonable technical and organisational measures to protect the information we hold, including transport encryption, hashed session tokens, access controls around administrative surfaces, and a narrow scope of collected data. No system can be perfectly secure; we cannot guarantee the security of information transmitted over the internet or stored on any system. If we become aware of a security incident that materially affects your account data, we will take reasonable steps to notify affected members consistent with applicable law.

13. International users

Aravien is operated from the United States. If you access the service from outside the United States, you understand that information about you may be transferred to, processed, and stored in the United States or in any jurisdiction where Aravien’s infrastructure providers operate. These jurisdictions may have data protection laws that differ from those of your home jurisdiction. By using Aravien you consent to that transfer and processing, to the extent permitted by applicable law.

14. Children

Aravien is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under the age of majority in your jurisdiction, you may use Aravien only with the consent and supervision of a parent or legal guardian, as described in the Terms of Use. If you believe a child has provided personal information to Aravien, please contact us and we will take appropriate steps to delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the service, applicable law, or our practices. When we do, we will revise the “Last updated” date at the top of this page. If a change is material, we will take reasonable steps to notify signed-in members (for example, by email to the address associated with your Google sign-in or by in-product notice). Changes take effect when posted unless we indicate otherwise.

16. Contact

Questions, requests, and complaints about this policy or about your information should be sent to:

We will acknowledge your request and respond in a reasonable timeframe. For copyright concerns, please follow the process in our Copyright & DMCA Policy instead; for questions about the rules that govern your use of the service, see the Terms of Use.