Privacy Policy

1. Introduction

At Anansio, we respect your privacy and are committed to protecting it. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Anansio collects information in two main ways:

• Customer Data: Information you provide when creating an account, such as your email, name, and billing details.
• Publicly Available B2B Data: We index company and professional data that is publicly accessible on the internet for business intelligence purposes.

3. How We Use Your Information

We use the collected data to provide, maintain, and improve our services, process transactions, send administrative information, and provide customer support. We do not sell your personal account information to third parties.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information (e.g., session management). You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

5. Third-Party Service Providers

We may employ third-party companies and individuals to facilitate our service (e.g., payment processing via Strip/CoinPayments, authentication via Amazon Cognito). These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

6. Google API Services and Google User Data

If you choose to connect Gmail to Anansio for outreach sending, we access and process limited Google user data needed to provide that feature. This may include your connected Gmail address, Google OAuth access and refresh tokens, token expiry details, connection timestamps, and Gmail sending quota usage.

Anansio requests only the minimum scopes required for this workflow, including gmail.send and userinfo.email. We use this data only to let you connect your Gmail account, send email that you authorize through Anansio, maintain your sending connection, display connection status and quota usage, and secure or troubleshoot the integration. Anansio does not use Google user data for advertising, profiling, or unrelated product features.

Anansio's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. How We Share, Transfer, or Disclose Google User Data

We do not sell Google user data. We may share, transfer, or disclose Google user data only in the limited situations below:

• Service providers: Hosting, infrastructure, database, security, and monitoring providers that process data strictly on our behalf and under confidentiality obligations.
• At your direction: When you deliberately use Gmail sending through Anansio or request support related to the Gmail integration.
• Legal or safety reasons: If required by law, regulation, court order, or valid legal process, or when necessary to prevent fraud, abuse, or security incidents.
• Corporate transactions: If Anansio is involved in a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality and legal protections.

8. Data Protection Mechanisms for Sensitive Data

We apply technical and organizational safeguards to protect sensitive data, including Google OAuth credentials and related account information.

• Encryption in transit: Data is transmitted over TLS/HTTPS.
• Encryption at rest: Sensitive stored data is protected in our databases and storage systems.
• Encrypted token storage: Stored Gmail OAuth token bundles are encrypted before being persisted.
• Access controls: Access to sensitive data is limited to authorized systems and personnel with a business need to know.
• Security monitoring: We use logging, monitoring, and operational controls to help detect misuse, unauthorized access, and service issues.

9. Retention and Deletion of Google User Data

We retain Google user data only for as long as it is needed to provide the Gmail sending feature and maintain your active connection.

• Connected Gmail account details and encrypted OAuth tokens are retained while your Gmail integration remains connected and your account is active.
• If you disconnect Gmail, Anansio deletes the stored Gmail OAuth configuration and associated tokens from active systems.
• If you delete your account or request deletion, associated Google user data is deleted along with the related account records, except where temporary retention is required for backups, fraud prevention, dispute resolution, or legal compliance.
• Limited backup copies may persist for a short operational period until they are overwritten in the normal backup cycle.

10. Email Sending via AWS SES and CAN-SPAM Compliance

When you use Anansio's outreach features, emails are delivered through Amazon Web Services Simple Email Service (AWS SES) on your behalf. You are the sender of record. Anansio acts solely as the technical delivery infrastructure.

By using the email sending features, you consent to your outreach messages being routed through AWS SES infrastructure. AWS SES processes sender identity, routing metadata, and delivery status data as part of this service. This data is subject to AWS's Privacy Policy.

You are solely responsible for ensuring that every commercial email sent through Anansio complies with the CAN-SPAM Act (15 U.S.C. § 7704), Canada's Anti-Spam Legislation (CASL), and any other applicable anti-spam law in the recipient's jurisdiction. Your responsibilities include:

• Using accurate "From" and "Reply-To" addresses that identify your business
• Including your valid physical postal address in every commercial message
• Including a clear and conspicuous opt-out link or mechanism in every commercial message
• Honoring unsubscribe requests promptly (within 10 business days under CAN-SPAM)
• Not sending to contacts who have previously opted out through the Anansio platform

Anansio automatically suppresses contacts who unsubscribe via platform-tracked links. You are additionally responsible for honoring opt-outs received outside the platform (e.g., direct replies).

11. Your GDPR Rights

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data that we hold:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate or incomplete personal data.
• Right to erasure: You may request deletion of your personal data where we no longer have a lawful basis to retain it.
• Right to restriction: You may ask us to restrict processing of your personal data in certain circumstances.
• Right to data portability: You may request your personal data in a structured, machine-readable format where technically feasible.
• Right to object: You may object to processing based on legitimate interests. We will comply unless we can demonstrate compelling legitimate grounds.
• Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@anansio.com. We will respond within 30 days. If you believe your rights have not been respected, you have the right to lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority in the EEA).

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.