Via legal

Via Privacy Policy

This policy explains what Via collects, why it is used, where it may be stored or sent, how long it may be kept, and what controls users have.

EffectiveJune 9, 2026
ServiceVia model 3.57
ControllerArriva Corporation

This Via Privacy Policy applies alongside the main Arriva Corporation Privacy Policy. It is specific to Via accounts, messages, plans, usage limits, AI responses, web search, safety logs, and profile images.

1. Who is responsible

Arriva Corporation operates Via and is responsible for decisions about how Via account data is used. For privacy requests, deletion questions, appeals, billing issues, or safety concerns, use Arriva Corporation Support.

If you are in the United Kingdom or European Economic Area, this policy is intended to provide the transparency information required by applicable data protection law, including the categories of data, purposes, lawful bases, recipients, retention, and rights.

2. Data Via may collect

Account dataEmail address, display name, nickname, internal user ID, role, verification status, password hash, created date, login timestamps, suspension status, and deleted-account audit metadata.
Profile dataAvatar URL, uploaded profile image metadata, display identity, UI preferences, accent color, theme preference, sidebar preference, and saved personalization settings.
MessagesPrompts, replies, chat titles, chat IDs, timestamps, source metadata, closed-chat status, and message order data. Free and paid plans store this differently.
Usage dataMessage counters, remaining messages, reset windows, rate-limit entries, burst-control entries, web-search limits, plan limits, and anti-abuse signals.
Billing dataPlan tier, subscription status, Stripe customer ID, Stripe subscription ID, renewal/cancellation metadata, checkout events, and billing support history. Full card details are handled by Stripe, not stored by Via.
Safety dataFlagged messages, moderation categories, direction, severity, staff review status, suspension reason, enforcement timestamps, and account ID/email connected to a safety event.
Technical dataIP-derived request signals, user agent, device/browser behavior needed for security, Cloudflare Turnstile results, cookies/session tokens, server logs, error data, and provider response status.
Support dataSupport messages, appeals, deletion requests, billing questions, attachments you provide, and any contact details included in support requests.

3. Free vs paid message storage

Via intentionally treats chat storage differently by plan.

  • Free plan: chat content is stored locally in the browser for continuity. The database may store chat metadata, but Free message history is not stored as database chat history.
  • Basic and Pro plans: chat history may be stored in the database so chats can sync across sessions and devices.
  • Safety exceptions: messages that trigger safety filters or staff flags may be stored in moderation logs regardless of plan so Arriva Corporation can review abuse, protect users, enforce Terms, and respond to legal/safety issues.

4. Why Via uses data

Via uses data for these purposes:

  • Creating, verifying, authenticating, and securing accounts.
  • Generating and displaying Via replies.
  • Keeping chat continuity, titles, local/free storage, and paid cloud history working.
  • Applying plan limits, message quotas, reset windows, web-search limits, fair-use controls, and abuse prevention.
  • Processing subscriptions, plan changes, billing support, refunds, failed payments, and chargeback risk.
  • Saving nickname, display name, profile image, custom style, theme, accent color, and other account preferences.
  • Detecting, reviewing, logging, and enforcing safety violations, exploitation attempts, spam, evasion, account abuse, and security incidents.
  • Responding to support, privacy requests, legal requests, and appeals.
  • Maintaining, debugging, improving, and securing the service.

5. Lawful bases where applicable

Where UK GDPR or EU GDPR applies, Arriva Corporation may rely on the following lawful bases:

  • Contract: to create accounts, provide Via, manage plans, process subscriptions, deliver paid features, and respond to account requests.
  • Legitimate interests: to prevent abuse, secure the platform, enforce Terms, debug service issues, improve reliability, prevent fraud, and preserve moderation evidence.
  • Consent: where you choose optional settings, upload a profile image, enable optional web search, or provide optional profile/support information.
  • Legal obligation: where records must be kept or disclosed for taxes, billing, law enforcement, court orders, safety obligations, or legal claims.
  • Vital interests or public interest: where necessary to respond to credible immediate threats, exploitation, or serious safety risk.

6. AI processing and providers

To generate replies, Via may send the current message, recent chat context, safety instructions, selected plan profile, nickname, saved Basic/Pro response style, and web-search context where enabled to a model provider. This is necessary for Via to work.

Do not enter secrets, passwords, private keys, highly sensitive personal data, confidential business data, medical emergencies, or information you are not allowed to share. Via is a companion chatbot, not a secure vault.

7. Web search

Web search is disabled for Free accounts. If you are on an eligible paid plan and enable web search, Via may send search-related query data and context to a search provider. Search results and source links may be shown inside Via. Do not use web search for stalking, doxxing, harassment, illegal reconnaissance, or privacy invasion.

8. Profile images

If you upload a profile picture, Via may send the image to ImgBB or another image-hosting provider and store the returned image URL in your account record. The image may be displayed in the sidebar, account menu, profile settings, and staff account views.

Remove your avatar in settings if you do not want it displayed. Removing the avatar from Via removes the stored account URL, but provider-side deletion may depend on the image provider's own systems and retention.

9. Sharing and recipients

Via data may be shared with service providers only as needed to operate, secure, bill, support, and enforce the service. This may include Cloudflare for hosting/security, Firebase for database/auth-like storage, Stripe for billing, email providers for verification and notices, ImgBB for profile images, model providers for AI responses, search providers for optional web search, and support or legal providers where needed.

Arriva Corporation may also disclose information if required to comply with law, enforce Terms, investigate abuse, respond to legal process, protect users, protect the platform, handle fraud/payment disputes, or prevent imminent harm.

10. Retention

Retention depends on the data type and reason it exists:

  • Account records are generally kept while the account exists.
  • Free local chat content remains in the browser until deleted by the user, browser, or device.
  • Basic/Pro cloud chat history remains until deleted by the user, account deletion, or retention cleanup.
  • Usage counters are kept for the active reset window and enough time to prevent abuse.
  • Verification codes expire quickly and are not intended for long-term storage.
  • Billing records may be kept as long as needed for tax, accounting, disputes, fraud prevention, and legal compliance.
  • Moderation, suspension, and abuse records may be kept after account deletion where needed for safety, appeals, repeat-abuse prevention, legal claims, provider reports, or law enforcement requests.
  • Deleted-account audit records may be kept in limited form to document deletion and prevent abuse.

11. Your controls and rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data. You may also have the right to complain to a data protection authority. In the UK, that authority is the ICO.

  • Use Via settings to update display name, nickname, profile image, custom instructions, theme, accent color, and sidebar preference.
  • Use chat controls to delete chats where available.
  • Use account deletion to remove your active user record, login, email index, chat list, and usage counters, subject to retained safety, billing, or legal records.
  • Use support for deletion issues, privacy requests, appeals, billing disputes, or access requests.

12. Cookies, local storage, and sessions

Via uses cookies and browser storage to keep you signed in, store local Free chat content, remember theme and accent preferences, hold UI state, manage Turnstile verification, and keep the dashboard working. Clearing browser storage may remove Free chat history and local preferences.

13. Children and teen users

Via is not directed to children under 13 and does not knowingly allow children under 13 to create accounts. If Arriva Corporation learns that an account belongs to a child under 13, the account may be deleted or restricted. Users under the age of majority must have parent or guardian permission.

If you believe a child under 13 has provided personal data to Via, contact support so the account can be reviewed.

14. Security

Via uses reasonable technical and organizational measures to protect accounts and data, including hashed passwords, TLS, access controls, rate limits, Turnstile bot checks, staff role checks, moderation tooling, and provider security controls. No service can guarantee perfect security. Report suspected vulnerabilities or account compromise through support.

15. International processing

Via and its providers may process data in countries other than your own. Where required, Arriva Corporation relies on appropriate safeguards, provider commitments, contractual terms, and lawful transfer mechanisms to support international processing.