Anima

Privacy Policy

Version 1.1 · Effective May 7, 2026

This Privacy Policy explains how Anima Crescens (“Anima”, “we”) collects, uses, discloses, and protects personal information in connection with the Anima Service. We are committed to handling personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia’s Personal Information Protection Act (PIPA), Canada’s Anti-Spam Legislation (CASL), and, where applicable, the EU/UK General Data Protection Regulation (GDPR).

1. Roles

For account information you give us directly (your email, name, billing details), Anima is the controller. For data that flows through your connected mailbox, calendar, and spreadsheets (tenant correspondence, contractor messages, attachments, scheduling), you are the controller and Anima acts as your processor under the Data Processing Addendum.

2. What We Collect

Account information

  • Email address, password (hashed), display name, timezone, phone (optional).
  • Signer’s legal name and, where applicable, the role/title in which the signer is acting.
  • Workspace and entity metadata: organization display name, legal entity name, entity type (sole proprietorship, partnership, corporation, non-profit), trade name / DBA (if any), business registration or incorporation number (where applicable), business address, country, and optional website.
  • Authentication tokens for connected providers (Google, Microsoft) — stored encrypted at rest.
  • Consent records: a timestamp, the version of each legal document you accepted (Terms of Service, Privacy Policy, Data Processing Addendum), the IP address and user-agent string captured at the moment of acceptance, and an affirmation that you are of age. These are captured server-side as a fraud and audit safeguard.
  • If you opt-in, a separate timestamp recording your consent to receive product and marketing email under CASL.

Service-operational data

  • Email message contents, headers, attachments, and threading metadata from connected mailboxes.
  • Calendar events, spreadsheet rows, contact entries created or read by the Service on your behalf.
  • Property, unit, tenant, lease, and contractor records you upload or that we extract from your correspondence.

Technical data

  • IP address, user agent, log timestamps, and error traces — including, as noted above, IP and user-agent captured at each consent event.
  • AI prompt/completion traces (for diagnostic and quality purposes), retained per the schedule below.
  • Audit logs of dashboard actions.

Cookies

We use essential cookies only — for authentication and security (CSRF, anti-bot). We do not use advertising or analytics cookies. See our Cookie Policy for details.

3. How We Use Personal Information

  • To deliver, operate, maintain, and improve the Service.
  • To generate AI-assisted drafts under your direction and to detect when drafts are sent so we can update tickets and records.
  • To provide customer support and respond to your inquiries.
  • To bill you, prevent fraud, and meet legal obligations.
  • To communicate operational notices (security, downtime, policy changes).
  • To produce de-identified, aggregated metrics that cannot reasonably be used to identify any individual.

We do not sell personal information. We do not use Customer Data or AI traces to train shared, third-party foundation models without your express consent.

Product and marketing email (CASL)

Operational and transactional email (security alerts, billing, connector health, account notices) is sent on the basis of our ongoing business relationship and your acceptance of these terms. Product announcements, tips, and marketing email are sent only if you separately opt-in to receive them at sign-up. You may withdraw that consent at any time by using the unsubscribe link in any such message or by emailing animacrescens@gmail.com. Withdrawal does not affect operational or transactional messages, which are necessary to provide the Service.

4. Sub-Processors

We use trusted third parties to operate the Service. By using the Service you authorize Anima to share personal information with these sub-processors solely to perform their function:

  • Supabase, Inc. — database, authentication, file storage (US, AWS us-west-2 / Oregon)
  • Vercel Inc. — application hosting and edge delivery (multi-region)
  • Anthropic, PBC — large-language-model inference for draft generation (US)
  • OpenAI, L.L.C. — embeddings and supplementary inference (US)
  • Google LLC — Gmail / Google Calendar / Google Sheets APIs (under your OAuth grant)
  • Microsoft Corporation — Outlook / Microsoft 365 Graph API (under your OAuth grant)
  • Resend, Inc. — transactional email delivery for Anima notifications (US/EU)
  • Cloudflare, Inc. — bot mitigation (Turnstile) on signup (global)

We may add or replace sub-processors and will update this list before, or as soon as practicable after, the change. A current list is always available on this page.

5. International Data Transfers

Anima is headquartered in Canada. Customer Data is stored primarily in the United States (AWS us-west-2). By using the Service, you acknowledge that personal information may be transferred to and processed in the United States and other countries that may have data-protection laws different from your own. Where applicable, we rely on Standard Contractual Clauses or equivalent safeguards.

6. Data Retention

  • Account information: retained while your account is active and for up to 30 days after deletion (then permanently deleted, except where law requires longer retention).
  • Email content / Customer Data: retained while your account is active. Deleted within 30 days of account termination, except for data we are legally required to retain.
  • AI prompt/completion traces: retained for up to 90 days for quality and debugging, then deleted.
  • Audit logs: retained for up to 24 months for security and compliance.
  • Backups: encrypted backups may persist up to 35 days beyond active retention.

7. Your Rights

Subject to applicable law, you may:

  • access the personal information we hold about you;
  • request correction of inaccurate information;
  • request deletion (subject to legal-retention exceptions);
  • withdraw consent for non-essential processing;
  • request a portable copy of information you provided;
  • complain to the Office of the Privacy Commissioner of Canada or your local supervisory authority.

To exercise any of these rights, email animacrescens@gmail.com. We will respond within 30 days.

8. Security

We use industry-standard safeguards: TLS in transit, encryption at rest for tokens and backups, role-based access controls, Supabase row-level security on tenant tables, audit logging, principle-of-least-privilege scopes for connected providers, and bot mitigation on signup. No system is perfectly secure; we cannot guarantee absolute security.

9. Breach Notification

If we become aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of personal information, we will notify affected customers without undue delay and, where required, the relevant supervisory authorities, in accordance with applicable law.

10. Age & Children

The Service is not directed to anyone under 18 (or under the age of majority in your jurisdiction, whichever is greater). At sign-up you are required to affirm that you meet this threshold, and the affirmation is stored with a timestamp. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated by email or in-app notice. The version and effective date at the top of this page govern.

12. Contact

Questions or requests: email animacrescens@gmail.com. Anima is based in British Columbia, Canada.