Privacy Policy

Effective date: February 22, 2026

1. Introduction

ANAME AI ("ANAME", "we", "us", or "our") operates the document intelligence platform accessible at anameai.com. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

ANAME is a B2B document intelligence platform that reads documents in any language and proposes smart actions. We follow a privacy-by-design approach: we propose actions, never execute them automatically, ensuring you always maintain full control over your data and decisions.

2. Data Controller

The Data Controller for the processing of your personal data is:

ANAME AI
Email: privacy@anameai.com
Website: https://anameai.com

3. Data We Collect

3.1 Account Data

When you register, we collect:

• Full name
• Email address
• Organization name (optional)
• Language preference

3.2 Document Data

When you upload documents, we process them to extract structured information. Documents may contain personal data of third parties (e.g., names, addresses, tax codes). We process this data solely to provide the extraction service and do not use it for any other purpose.

3.3 Usage Data

We collect anonymized usage analytics through PostHog (EU-hosted) to improve our service:

• Page views and navigation patterns
• Feature usage (document uploads, extraction completions, action confirmations)
• Browser type and device information (anonymized)

We do not use cookies for advertising or tracking purposes.

4. How We Use Your Data

We process your data for the following purposes:

• Service delivery: To provide document intelligence, extraction, and action proposal services
• Account management: To manage your account, authentication, and preferences
• Service improvement: To analyze usage patterns and improve platform performance
• Communication: To send service notifications, password resets, and important updates
• Security: To detect and prevent unauthorized access and abuse

5. Legal Basis for Processing

We process your personal data based on:

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide our services
• Legitimate interest (Art. 6(1)(f) GDPR): Analytics and service improvement, security monitoring
• Consent (Art. 6(1)(a) GDPR): Where required, such as for optional communications
• Legal obligation (Art. 6(1)(c) GDPR): Where required by applicable law

6. Data Storage and Security

Your data is stored and processed within the European Union:

• Database: PostgreSQL hosted in Frankfurt, Germany (EU Central)
• Analytics: PostHog EU instance, GDPR-compliant
• Error tracking: Sentry EU instance, for debugging purposes only
• Frontend: Vercel (with EU processing capabilities)

We implement appropriate technical and organizational measures including: encrypted data transmission (TLS), JWT-based authentication, rate limiting, database backups with point-in-time recovery, and access controls.

Pre-AI Anonymization: Before sending text to third-party AI models, all personally identifiable data (names, fiscal codes, IBANs, phone numbers) is replaced with anonymous placeholders. AI models never receive real personal data.

7. Third-Party Data Processors

We use the following sub-processors to deliver our services:

• OpenAI (USA): For intelligent data extraction. Sensitive data (names, fiscal codes, IBANs) is anonymized BEFORE transmission. OpenAI receives only placeholders, never real personal data. Documents are not used for model training. Transfer based on Standard Contractual Clauses (SCCs).
• Render (EU - Frankfurt): Database hosting and backend infrastructure
• Vercel (Global/EU): Frontend hosting and deployment
• PostHog (EU): Product analytics
• Sentry (EU): Error monitoring
• Resend: Transactional email delivery

For transfers to the USA (OpenAI), we rely on Standard Contractual Clauses (SCCs).

8. Data Retention

• Account data: Retained for the duration of your account, plus 30 days after deletion request
• Uploaded documents: Stored as long as your account is active. You can delete individual documents at any time.
• Extracted data: Stored alongside documents for the duration of your account
• Usage analytics: Anonymized data retained for up to 12 months
• Server logs: Retained for up to 30 days

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of your personal data via Settings > Export Data
• Right to rectification (Art. 16): Correct inaccurate data in your account settings
• Right to erasure (Art. 17): Delete your account via Settings > Delete Account (30-day grace period)
• Right to restriction (Art. 18): Request restriction of processing
• Right to data portability (Art. 20): Export your data in a structured format
• Right to object (Art. 21): Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent

To exercise your rights, contact us at privacy@anameai.com. We will respond within 30 days.

10. Account Deletion

You can request account deletion directly from Settings in the application. Upon request, your account enters a 30-day grace period during which you can cancel the deletion. After the grace period, all your personal data, documents, and extracted information are permanently and irreversibly deleted.

11. Children's Privacy

ANAME is a B2B service not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The updated policy will be posted on our website with the new effective date.

13. Contact

For any questions or concerns about this Privacy Policy or our data processing practices:

Email: privacy@anameai.com

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence or place of work.