Legal

Data Privacy & Protection Policy

We handle personal data responsibly — with clear purpose, minimal collection, strict safeguards, and respect for individual rights.

July 18, 2025

1. Introduction

1.1 Purpose

This Data Privacy & Protection Policy sets out the principles, controls, and practices Anyset follows to protect personal data. We are committed to transparency, minimizing data collection, securing information, and respecting the rights of individuals whose data we process.

Our Privacy Program is designed to comply with applicable privacy laws and industry best practices, and is regularly reviewed to address changes in regulatory requirements and customer expectations.

1.2 Scope

This policy applies to all personal data processed by Anyset, whether collected directly from individuals or received from customers as part of delivering our services. It covers:

  • Our websites (anyset.ai and subdomains)
  • The Anyset platform and its current products (Specs, Closeout, Docs, Airtasks), as well as any future products or modules we release, all of which are covered under this policy
  • Internal business systems used for customer relationship management, sales, and support

Adherence is mandatory for all employees, contractors, and third-party vendors with access to personal data we control or process.

2. Privacy Governance

2.1 Ownership

The Executive Team is responsible for sponsoring, resourcing, and maintaining the Privacy Program. A designated privacy lead oversees day-to-day compliance and coordination with legal, security, and product teams.

2.2 Policy Management

This policy is reviewed annually or sooner in response to regulatory changes, contractual requirements, or operational updates. Changes are approved through a formal change control process.

2.3 Awareness and Training

All personnel complete privacy and data handling training upon onboarding and annually thereafter. Training covers relevant laws, data classification, handling requirements, and user rights procedures.

3. Privacy Principles and Controls

3.1 Data Minimization & Purpose Limitation

We only collect the personal data necessary for clearly defined business purposes and use it solely for those purposes unless additional consent is obtained.

3.2 Lawful Basis for Processing

Where required by law (e.g., GDPR), we process data only under a valid legal basis: consent, contract performance, legal obligation, or legitimate interests balanced against individual rights.

3.3 Transparency

We maintain a public Privacy Policy explaining the types of data collected, purposes of processing, sharing practices, and how individuals can exercise their rights.

3.4 Security Safeguards

Personal data is protected through administrative, technical, and physical controls, including encryption in transit and at rest, access controls based on least privilege, and activity logging.

Where we use automated tools, including large language models (LLMs), to process customer data, we apply contractual, technical, and organizational safeguards to protect confidentiality. We do not use customer data to train publicly available AI models unless explicit consent is provided.

3.5 Vendor Management

We maintain a current list of subprocessors and require all vendors handling personal data to sign data protection agreements binding them to equivalent privacy and security standards.

3.6 Rights Handling

We maintain documented procedures for verifying and responding to privacy rights requests within statutory timelines, including access, correction, deletion, restriction, portability, and opt-out rights.

3.7 No Sale or Cross-Context Behavioral Advertising

We do not sell personal data or share it for cross-context behavioral advertising.

3.8 Data Retention and Disposal

Personal data is retained only as long as necessary for its purpose or as required by law. Secure disposal methods prevent unauthorized recovery.

4. Incident Response

Any potential privacy incident is investigated in accordance with our Incident Response Plan. Where required, affected individuals and regulators are notified within legal timeframes.

5. Compliance and Continuous Improvement

5.1 Regulatory Alignment

We monitor privacy regulatory developments and update our practices to ensure ongoing compliance with applicable laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020 (CPRA), the EU General Data Protection Regulation (GDPR), and other relevant frameworks.

5.2 Audits and Assessments

Internal reviews are conducted periodically to verify compliance with this policy and contractual obligations.

6. Contact Information

For questions about this policy or to submit a privacy rights request:
Email: privacy@anyset.ai
Phone: +1 (437) 900-2214
Website: www.anyset.ai

Demo

Ready to see it in action?

Explore how Anyset can streamline your next project—from kickoff to closeout—with a quick, hands-on demo.

Get a demo

Continuity—from precon through closeout

Products

SpecsCloseoutDocs

Legal

Privacy Policy
Terms of Service
Information Security Policy
Data Privacy & Protection Policy
AI Governance Policy
Cookie Policy

Contact

contact@anyset.ai+1 (437) 900-2214
Copyright © footer-year Anyset AI (Anyset Inc.)