1. Scope
This policy explains how Anyset Inc. (“Anyset,” “we,” “us”) handles personal information on our websites (anyset.ai and subdomains) and our software and related services (the “Services”).
2. Who we are and how we operate
- Controller vs Processor:
- For our websites, accounts, billing, support and marketing, Anyset acts as a data controller.
- For enterprise use of the Services under a customer agreement, we act as a processor/service provider processing personal data on our customer’s instructions via a Data Processing Addendum (DPA). We flow down appropriate terms to our subprocessors and maintain a current list available on request.
- Contact: privacy@anyset.ai | +1 (437) 900-2214
Address: Anyset Inc., 111 5th Ave SW, Suite 100-248, Calgary, AB, T2P 3Y6, Canada.
3. Information we collect
a) You provide
Account details (name, email, phone), organization and role, content you upload or generate in the Services, support requests, demo and trial sign-ups, billing name/address. We use Stripe for payment processing and do not store card numbers.
b) Collected automatically
Usage logs (pages/actions, timestamps), IP-based location (city/country), device/browser data, and cookies or similar tech for core functionality and analytics.
c) From third parties
If you connect third-party tools or interact with our marketing (events, referrals), we may receive related business contact info consistent with your settings and the provider’s policies.
4. How we use information
- Provide, secure, and troubleshoot the Services
- Account administration and customer support
- Product research, quality and analytics
- Communicate about the Services (including transactional notices and, with consent or where permitted, marketing)
- Detect, prevent or address fraud, abuse, or security incidents
We do not make solely automated decisions that produce legal or similarly significant effects about you. - Use automated tools, including AI and large language models, with contractual and technical safeguards to protect confidentiality.
5. Legal bases for processing (EEA/UK)
Where GDPR/UK GDPR applies, we rely on: consent; performance of a contract; legal obligations; and our legitimate interests (for example, product improvement and security), balanced against your rights.
6. How we share information
We share personal data only with:
- Service providers/subprocessors under contract who perform services for us (infrastructure, analytics, support, communications).
- Legal and safety: where required by law or to protect rights, safety, and security.
- Business transfers: in connection with mergers or asset transactions.
- Aggregated/de-identified data that cannot reasonably identify you.
We do not sell personal data and do not share it for cross-context behavioral advertising.
Subprocessors & DPA: We maintain a current list of subprocessors and enter into appropriate data protection terms with each. Enterprise customers may request our DPA (with SCCs, where applicable) via privacy@anyset.ai.
7. Security
We apply administrative, technical, and physical controls appropriate to the risk, including TLS in transit, access controls, and least-privilege internal access. No system is perfectly secure; if you suspect an issue, contact privacy@anyset.ai.
8. International data transfers
- Default hosting: Customer data is hosted by default in secure facilities in the United States. Some metadata or backups may be processed in other jurisdictions where our vetted subprocessors operate.
- Regional options: Where required by law or contract, we can provision region-specific data hosting (for example, Canada, EU, or UK) for enterprise customers under a written agreement.
- Cross-border transfers: For transfers from the EEA/UK or other regions with data transfer restrictions, we implement approved safeguards such as the European Commission’s Standard Contractual Clauses and the UK Addendum, as applicable. Additional contractual, technical, and organizational measures may also apply.
9. Data retention
We keep personal data only as long as needed for the purposes described above or as required by law. When no longer needed, we delete or de-identify it in line with our retention schedule.
10. Your privacy rights
Subject to applicable law, you can request to access, correct, delete, restrict, or object to processing of your personal data, and to withdraw consent and receive a copy of your data in a portable format. We do not discriminate against you for exercising your rights.
How to submit a request: email privacy@anyset.ai. We’ll verify your identity and respond within the timeframes required by law. Authorized agents may submit requests as permitted. If your request relates to data we process for a customer, we’ll direct you to that customer as the controller.
11. Cookies and similar technologies
We use essential cookies for the site to function and analytics cookies to understand usage. You can manage cookies via browser settings; certain features may not work without essential cookies. If we introduce a cookie preferences tool, it will be available on our sites.
12. Children’s privacy
Our Services are for business users. We do not knowingly collect personal data from children under 16.
13. Changes to this policy
We’ll update this policy when our practices change. Material changes will be posted here and, where appropriate, notified directly.
14. Regional Notices
California (CPRA): Rights to know (categories and specific pieces), delete, correct, non-discrimination, and to limit use/disclosure of sensitive personal information. We do not sell or share personal data for cross-context behavioral advertising. Requests: privacy@anyset.ai.
EEA/UK (GDPR/UK GDPR): Controller/processor roles as described; legal bases in Section 5; transfers safeguarded per Section 8. You may file a complaint with your local supervisory authority.
Other U.S. states (e.g., VA, CO, CT, UT): Similar rights apply. If we deny your request, you may appeal by emailing privacy@anyset.ai with the subject “Appeal.”