Privacy Policy

Data We Collect

When you use Anomalon, we collect:

• Text you submit for analysis
• Generated analysis results (metrics, obstructions, certificates)
• Account information from your OAuth provider (name, email)
• Usage timestamps and review counts
• Payment status (via Stripe, if applicable)
• Security metadata (timestamps, request counts)

How We Use Your Data

Submitted text is used solely to generate the requested structural analysis. Results are stored for your review history. We do not use your text to train models or share it with third parties.

Data Retention

By default, submitted text is processed and retained as part of your account review history until you request deletion.

Safety event preservation: We may temporarily preserve limited submitted content and security metadata when necessary to investigate abuse, protect users or third parties, comply with law, report apparent child exploitation, or respond to credible threats of serious harm. Preserved content may be retained beyond account deletion if subject to legal hold or ongoing investigation.

Deletion requests: You may request account and data deletion by contacting us. Deletion may be delayed or restricted if your data is subject to legal preservation requirements.

Security

Data is transmitted over HTTPS. Database connections use SSL. We implement access controls and audit logging for sensitive data.

What You Should NOT Submit

Do not submit API keys, passwords, access tokens, trade secrets, personal health information, financial account numbers, or any data subject to regulatory compliance (HIPAA, PCI, etc.).

Third-Party Services

We use Google and GitHub for authentication (OAuth), Stripe for payment processing, and Vercel for hosting. Each has its own privacy policy governing data they process.

Cookies

We use essential cookies to maintain your session and authentication state. These cookies are necessary for the service to function. We do not use tracking cookies, analytics cookies, or advertising cookies. Third-party services (OAuth providers, Stripe) may set their own cookies governed by their privacy policies.

Legal Process and Law Enforcement

We may disclose user information in response to valid legal process, including subpoenas, court orders, and search warrants. We may also disclose information in emergency situations where we believe disclosure is necessary to prevent death or serious physical harm.

We will notify affected users of legal requests unless prohibited by law or where notification would compromise an investigation. Data subject to legal preservation requests may be retained beyond normal retention periods.

Your Privacy Rights

Depending on your location, you may have rights including:

• Access: Request a copy of your personal data
• Deletion: Request deletion of your data (subject to legal exceptions)
• Correction: Request correction of inaccurate data
• Portability: Receive your data in a structured format
• Objection: Object to certain processing activities

EU users (GDPR): You have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your local data protection authority.

California users (CCPA): You have rights under the California Consumer Privacy Act to know what personal information we collect, delete your information, and not be discriminated against for exercising your rights. We do not sell your personal information.

To exercise these rights, contact us at the email associated with this domain.

Contact

For privacy questions or data removal requests, contact us at the email associated with this domain.