Terms & Conditions
Terms and Conditions
General
You can read our MSA here.
Information about Anecdote
These terms and conditions ("Terms") are applicable to all services provided by Anecdote, Inc ("Anecdote", "us", "our" or "we") to our customers ("you").
When we refer to the "parties" we mean you and us together.
Contact information
You may contact us by sending an email to hello@anec.app ("Contact Information").
Agreeing to the Terms
By creating an Account and using the Services, you agree to the Terms. If you do not agree to the Terms, you may not create an Account or use the Services.
Definitions
"Account" means the account that you register and create on the Site and/or in the App.
"App" means our application accessible via computer and/or mobile device relating to the Services.
"Contact Information" means the information set out above.
"Functions" means the Site, the App, your Account and the Services, jointly.
"Privacy Policy" means our Privacy Policy (https://www.anec.app/privacy-policy) which describes how we process personal data.
"Services" means the services described under section "Description of the Services" below and which we have made available through the Site and the App, together with any such other related services and information made available by us to you.
"Site" means our website (https://www.anec.app) relating to the Services.
The services
Description of the Services
Anecdote provides an application with the objective to simplify the collection and understanding of customers for businesses. By using machine learning, the application automatically tags conversations or parts of conversations and presents them to the user in an easy to understand manner. This enables the user and their business to prioritise product development, take action on customer pain points and get to know their customers in an efficient way. ("Services"). More information about the Services can be found on the Site and in the App. To be able to use the Services, adequate internet access is required.
Setting up an Account
To subscribe to the Services, you must create an Account. You confirm that all information provided to us in the creation of your Account is correct and agree to ensure that the information is accurate at all times. We are entitled to decline or adjust an order from you or shutdown your Account in the event that you provide us with untrue, inaccurate, not current, or incomplete information when creating your Account.
Once an Account has been successfully created, and payment has been made where prepayment is required, the Services will be available and ready to use or order, as detailed on the Site and/or in the App.Credentials for your Account must be kept secure at all times. You may only create one Account. You are not allowed to transfer the Account to another person or to share data relating to your Account with any third parties. Should you suspect that your Account or your credentials have been or are being used by a third party you must contact us immediately by using our Contact Information.
Ordering the Services
The Services shall be ordered in accordance with the instructions on the Site and the App.
Your order has been confirmed when we send you an order confirmation through email and/or the App. When an order confirmation has been sent, you have entered into an agreement with us.
Limitation and risks using AI
The product produces and displays AI generated content and the User should be aware of the limitations and risks associated with an open-ended machine learning algorithm. Anecdote uses third party machine learning technology to summarise, tag and search. More specifically:
- To summarise one or multiple pieces of internal/external user feedback and/or reviews.
- To extract one or multiple insights of internal/external user feedback and/or reviews
- To improve search results by using semantic search to retrieve and display one or multiple pieces of internal/external user feedback and/or reviews.
Known risks with using an open-ended machine learning algorithm includes but are not limited to:
- Machine learning components can only be expected to provide reasonable outputs when given inputs similar to the ones present in the training data. Even if an ML system is considered safe when operated under conditions similar to training data, human operators can provide unfamiliar inputs that put the system into an unsafe state, and it is often not obvious to an operator what inputs will or won’t lead to unsafe behavior
- Machine learning components are biased. ML components reflect the values and biases present in the training data, as well as those of their developers. Systems using ML components—especially systems that interact with people in open-ended ways—can perpetuate or amplify those values.
- Safety is a moving target for ML systems. The safety characteristics of ML systems change every time the ML components are updated, for example if they are retrained with new data, or if new components are trained from scratch with novel architectures.
Anecdote cannot guarantee full safety and/or unbiased results and the User is requested to report any offensive, biased or similarly harmful machine learning generated results directly to the Company. Anecdote will take appropriate action to remove any harmful content and provide feedback to relevant service providers.
Your obligations
Eligible customers
We offer the Services to companies and other legal entities. You warrant that you are authorised to enter into these Terms on the behalf of the legal entity as well as to use all Functions.
These Terms constitute the entire agreement between us in relation to the Services. You warrant that the persons (for example, employees and representatives) you authorise to create an Account and use the Services have read and understand the Terms. You are at all times responsible for the use of the Services under these Terms, including by such persons - as if it was you using the Services.
Use of the Functions
When you use the Functions, you must always comply with all applicable laws, regulations and public orders. You shall not access the Site or the App other than through interfaces provided by us and as otherwise expressly authorized under these Terms. You may not use the Functions in a manner contrary to our, or any third party's, rights and interests. You agree to comply with all instructions and recommendations provided by us from time to time.
You are responsible for all activities that occur under your Account.
You also agree not to:
- defame, abuse, harass, threaten or otherwise violate the legal rights of any third party or us;
- publish, post or - in any other way express - any material or information that is inappropriate, defamatory, infringing, obscene, pornographic, racist, terrorist, politically slanted, indecent or unlawful;
- contribute to destructive activities such as dissemination of viruses, spam or any other activity that might harm us, the Site and/or the App in any way;
- monitor the Services' availability, performance or functionality for any competitive purpose, meaning, for example that you agree not to access the Services for the purpose of developing or operating a competitive product or service or copying the Services' features or user interface; or
- resell or in any way redistribute results generated on the Site and/or in the App or use the Services in order to create a competing service or product.
We may have to suspend the supply of any of the Functions to:
- deal with technical problems or make minor technical changes; or
- update the Functions to reflect changes in applicable laws or satisfy a regulatory requirement.
We will endeavour to contact you in advance in the event we need to suspend the supply of any Services, but may not be able to if the problem is urgent or an emergency.
Your provision of content
The Site and/or the App include functions for uploading and storing files and other information provided or created by you ("Content"). You are responsible for all distribution and other actions taken by you and in your name.
By adding Content to the Site and/or the App, you warrant that you are a) the owner of the uploaded Content, or, b) entitled to manage the Content in such a way and that the Content or your use of the Content in no way violates any applicable legislation. We will not supervise whether any Content is lawfully uploaded or distributed through the Site and/or the App.
By adding Content to the Site and/or the App, you are aware that, depending on the settings of your Account, such Content might be shared with others. We are not liable for any loss of Content, and we advise you to always keep your own backup of your Content. We do not take any responsibility with regards to the validity of Content provided or created by you.
Prices and payment
Price information
Payment for the use of the Services is made in advance on a monthly basis or other regular time interval that we inform you about before the purchase.
You shall pay all applicable fees as described on the Site and/or in the App for the Services you have selected. The prices for the Services exclude value added tax (VAT) or other fees and taxes. The price of the Services provided to you will be indicated on the order pages when you placed your order or as otherwise notified by us to you in writing.
Price changes
We have the right to change the prices for the Services. If we change the prices, we will notify you in advance.
The new prices will take effect no earlier than 30 days after you were notified of the price changes.
By continuing to use the Services after the price change takes effect, you are bound by the new prices. If you oppose the price changes, you must terminate your subscription with us.
Payment methods
You can pay for the Services through any of the payment methods listed on the Site and/or in the App.
For payments made through a third-party supplier, this third-party supplier's terms and conditions apply. Such terms and conditions can be found on the relevant supplier's website.
You agree to pay within the set time for the applicable payment method. We have the right to close down your Account until you have paid for all the charges incurred by you. Payment after the due date can entail late payment fees and interest.
Trial period
You may be offered to register to use the Services for a limited trial period. During the trial period, you will have access to all or parts of the Services (as further described on the Site and/or in the App) free of charge.
Refunds
Unless otherwise expressly set out in these Terms, we do not provide refunds, right to return for a purchased subscription, credits for any partially used subscription, credits for any unused Account or credits by reason of your dissatisfaction with the Services and/or the Functions.
Term and termination
The agreement is valid from the date when you create an Account until further notice.
You may terminate your subscription at any time subject to a notice period of 30 days.
You may terminate your subscription by going to the Site or the App and follow the instructions given there or by contacting us via our Contact Information.
Upon termination, your right to access the Services will be revoked. We will also delete or anonymise any personal information about you, with exception for any personal information that we are required to keep by law.
Obligations arising from any breach of contract during the term of these Terms shall not be affected by termination.
Termination from our side
We reserve the right to terminate or limit the Services if you:
- materially breach or otherwise violate these Terms or any other provisions set up by us;
- use the Site and/or the App in any way that does not comply with the intended purposes or is otherwise harmful for us or any third person;
- in our reasonable opinion, use the Site and/or the App in violation of any applicable law; or
- are late in payment.
Upon occurrence of any of these events, we may contact you and request that you remedy your breach of these Terms before terminating or limiting the Services.
Liability and limitation of liability
Disclaimer of warranties
Except as expressly provided for in these Terms, the Services and all related components and information are provided on an "as is" and "as available" basis without any warranties of any kind, and we expressly disclaim any and all warranties, whether express or implied, including the implied warranties of merchantability, title, fitness for a particular purpose and non-infringement. You acknowledge that we do not warrant the Services will be uninterrupted, timely, secure or error-free.
Limitation of liability
In no event shall Anecdote, its subsidiaries, affiliates or any of their respective employees, officers, directors, agents, partners be liable for:
- loss of contracts;
- loss of reputation and/or goodwill;
- loss of profit, loss of revenue, loss of anticipated savings and/or loss of business; or
- indirect, consequential or special loss, damage or liability even if such loss or damage was reasonably foreseeable, arising out of or in connection with your use of the Functions or the performance of our obligations under these Terms.
Our total liability to you for all other losses arising under or in connection with any contract between us, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall be limited to the total sums paid by you for the Services under the applicable order/contract. We have no liability if you use the Services under a trial period or otherwise free of charge.
We shall not be liable for any loss or damages unless notice in writing summarizing the nature of the damages (in so far as it is known by you) and, as far as is reasonably practicable, the amount of damages claimed, has been provided to us within 3 months of you becoming aware of the loss or, if earlier, within 6 months from when the loss occurring.
Indemnification
You agree to defend, indemnify and hold harmless Anecdote, its subsidiaries and affiliates and their respective directors, officers, employees and agents from and against all claims and expenses, including legal fees, arising out of or related to:
- any Content submitted or posted by you in connection with the Services, on the Site or in the App;
- fraud you commit or your intentional misconduct or gross negligence in connection with the Services; or
- your violation of any applicable law or rights of a third party.
Defects and delays beyond our control (force majeure)
We are not responsible for delays and defects outside our control. If our suppliers are delayed by an event outside our control, then we will contact you as soon as possible to let you know and we will take steps to minimise the effect of the delay. Provided that we do this we will not be liable for defects and delays caused by the event, but if there is a risk of substantial defect or delay you may contact us to end the agreement and receive a refund for any Services you have paid for but not received.
Confidentiality
During the term of these Terms and thereafter, the parties undertake not to disclose to any third party information regarding these Terms, nor any other information that the parties have learned as a result of these Terms, whether written or oral and irrespective of form ("Confidential Information").
The parties agree and acknowledge that the Confidential Information may be used solely for the fulfillment of the obligations under these Terms and not for any other purpose. The receiving party further agrees to use, and cause its directors, officers, employees, sub-contractors or other intermediaries to use, the same degree of care (but not less than reasonable care) to avoid disclosure or use of Confidential Information.The confidentiality undertaking above shall not apply to any Confidential Information that the receiving party can establish is or becomes available to the public (otherwise than by breach of these Terms or any other confidentiality undertaking).
The parties also undertake to ensure that any information disclosed under this section, to the extent possible, shall be treated confidentially by anyone receiving such information. This confidentiality undertaking shall remain in force 3 years after the termination of the Services.
Changes and additions
We may modify these Terms at any time. In the event of changes which are not minor and may affect you, you will be notified via email and/or the App. You are responsible for keeping yourself informed of any changes to the Terms. The latest version of the Terms will be available on the Site and the App. Amendments to the Terms become effective the business day following the day they are posted.
All new functionalities, features and content introduced and added to the Services, the Site or the App will be subject to what is stipulated in the Terms.
Complaints and customer support
If you have any complaints, you may contact our support department by using our Contact Information.
Personal data and privacy
You acknowledge that you are the data controller for any personal data processed by us on your behalf in conjunction with your use of the Services. You also acknowledge that we are considered as your data processor.
When using our services, you may provide us with data about or relating to your customers, including their names and any other relevant identifiers, such as email (“Recipient Data”). You also acknowledge that you are solely responsible for the accuracy and quality of any and all Recipient Data. You represent and warrant (i) that your provision of Recipient Data to us complies with all applicable privacy or data protection laws and agreements, and you will not use our Services to solicit any information from children under the age of 16; (ii) that you will ensure that Anecdote has the right to process Recipient Data via the Services; and (iii) that you will provide adequate notice to, and obtain any necessary consents from, your customers with respect to any Recipient Data shared with Anecdote. You shall indemnify, defend, and hold harmless Anecdote from and against any and all claims or liability of any kind arising out of a breach of the foregoing warranties.
More information about how we process personal data can be found in our Privacy Policy (https://www.anec.app/privacy-policy).
Property and intellectual property rights
Our rights
The Site and the App are owned and operated by Anecdote. All copyrights, trademarks, trade names, logos and other intellectual or industrial property rights held and used by us as well as those presented in the Functions (including titles, graphics, icons, scripts, source codes, etc.) are our property or third party licensors' property and must not be reproduced, distributed, sold, used, modified, copied, limited or used (in whole or in part) without our prior written consent.
License
Anecdote grants you a non-exclusive right and licence to use the Site, the App and the Services for the sole purpose of us providing the Site, the App and the Services to you. Upon expiry or termination of this agreement, this right and licence shall end.
Respect for our property
You must not tamper with, attempt to gain unauthorized access to, modify, hack, repair or otherwise adjust any of our material, hardware, source codes or information for any purposes.
Respect for our intellectual property
The Services and other information, including all associated intellectual property rights, provided and made available by us, remain our exclusive property. You may not use our exclusive property for commercial or any other purposes without our prior written consent.
Assignment
You may not assign any of your rights or obligations under the Terms to any third party without our prior written consent.
We may assign the Terms, and we may assign, transfer or subcontract any of our rights or obligations under the Terms, to any third party without your prior consent
Applicable laws and disputes
Delaware (US) law shall apply to these Terms.
Any dispute, controversy or claim arising out of or in connection with these Terms shall be settled by a general court in Delaware (US).
Company information
Anecdote, Inc is an entity registered in the United States with its address at 651 N Broad St, Suite 206 Middletown Delaware 19709.
Privacy Policy
1. Introduction
Why and who?
Anecdote cares about privacy and protecting the Personal Data handled by us. This means that we care about your personal integrity and actively work to protect it.
In this Policy we overall describe how and the purposes for which we use your Personal Data as well as what lawful basis we use and what measures we take to protect Personal Data. We also provide information on how you exercise the rights you have linked to our Processing of Personal data.Anecdote, Inc, ("Anecdote", "we", "us", "our") is the Controller of all Personal Data listed in this Privacy Policy (the "Policy").
This Policy provides information on how we handle Personal Data when you communicate with us, visit our website www.anec,app and www.anec.cc or use our products or services (together the "Functions").
The intended recipient of the information provided in this Policy is:
- Users of the Services
- Employees of potential customers
- Employees of existing customers
- Visitors of our website
Definitions
"Applicable Law" refers to the legislation applicable to the Processing of Personal Data, including the GDPR, supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or EU supervisory authority.
"Controller" is the company/organization that decides for what purposes and in what way personal data is to be processed and is responsible for the Processing of Personal Data in accordance with Applicable Law.
"Data Subject" is the living, natural person whose Personal Data is being processed."Personal Data" is all information relating, directly or indirectly, to an identifiable natural person.
"Processing" means any operation or set of operations which is performed on Personal data, e.g. storage, modification, reading, handover and similar.
"Processor" is the company/organization that processes Personal Data on behalf of the Controller and can therefore only process the Personal Data according to the instructions of the Controller and the Applicable Law.
The definitions above shall apply in the Policy regardless if they are capitalized or not.
Anecdote's role as a Controller
The information in this Policy covers Personal Data Processing for which Anecdote is the Controller. As a Controller we are responsible for the Processing for which we decide the purpose of ("the why") and the means for the Processing (what methods, what Personal Data and for how long it is stored. The Policy does not describe how we Process Personal Data in the role of a Processor - i.e. when we process Personal Data on behalf of our customers.
2. Source of personal data
We collect information about you and how you interact with us in several ways, including:
- Information you provide to us directly
- Information collected from your employer or co-workers
- Information automatically collected from your interactions with our website, products or servicesInformation from publicly available sources
- Information from other third parties
3. Personal data types processed
- Identifiers, such as name, username, postal address, email addresses, instant messaging IDs, internet protocol (IP) address, phone number, social media identifiers (e.g., Twitter handle, Instagram name, etc.), or other similar identifiers.
- Geolocation information, such as continent, country, region, city from your IP address or mobile device location
- Professional or employment-related information, for example your company or employer, company information (e.g. website), your job title and role or your team
- Commercial Information such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet/Electronic Network Activity or Usage, e.g. browsing history, search history, information about your device, operating system, location, and other information regarding your interactions with our products and services
- Inferences drawn from any of the information we collect to create a customer profile (e.g. company size, usage etc)
4. How we use your data
We may use each category of your information described above in the following ways:
- To provide, administer, maintain, improve and/or analyze our Services
- To communicate with you
- To develop new products and services
- To prevent fraud, criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture, and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties
- To comply with requests related to corporate transactions, e.g sales, mergers, acquisitions, reorganizations, bankruptcy and other corporate events
Aggregated Information. We may use your data in a de-identified, anonymized, or aggregated format, if permitted in the applicable law.
5. How we process your data
Anecdote's Processing of Personal Data
We have a responsibility to describe and demonstrate how we fulfill the requirements that are imposed on us when we Process your Personal Data. This section aims to give you an understanding of what type of Personal Data we Process and for what reasons.
For how long do we store your Personal Data?
We will keep your Personal Data as long as it is necessary for the purpose for which it was collected.
Depending on the lawful basis on which we support the Processing, this may
- be regulated in a contract
- be dependent on valid consent
- be stated in legislation or followed by an internal assessment based on a legitimate interest assessment (LIA).
We never store your Personal Data longer than necessary and delete Personal Data regularly. Anecdote also takes reasonable actions to keep the Personal Data being Processed updated and to delete outdated and otherwise incorrect or redundant Personal Data.
How do we get access to your Personal Data?
We collect your Personal Data in a number of different ways. We mainly get access to your Personal Data by you providing your Personal Data to us.
Lawful basis
In order for us to be able to process your Personal Data, it is required that we have so-called legal basis for each process. In our business, we process your personal data mainly on the following grounds:
Consent - Anecdote may process your personal data after you have given your consent to the Processing. Information regarding the processing is always provided in connection to the request of consent.
6. Disclosure of personal data
In order to run our business, we may need help from others who will process Personal Data on our behalf, so-called Processors.
In cases where our Processors transfer Personal Data outside the EU/EEA, we have ensured that the level of protection is adequate, and in compliance with Applicable Law, by controlling that either of the following requirements are fulfilled:
- the EU Commission has determined that the level of protection is adequate in the third country where the data is processed;
- the Processor has signed up to the EU Commission's standard contract clauses (SCCs) for data transfer to non-EU/EEA countries; or
- the Processor has taken other appropriate safeguards prior to the transfer and that such safeguards comply with Applicable law.
We may also need to disclose your personal information to certain designated authorities in order to fulfill obligations under applicable law or legally binding judgements.
Our processors
Anecdote does not sell your Personal Data to third parties and of course we do not share your Personal Data with just anyone. However, in some cases we may need to share your Personal Data with selected third parties. If so, we make sure that the transfer happens in a secure way that protects your privacy. To follow are categories of recipients with whom we may share your data.
- Service Providers: We may need to share personal data with our service providers to meet our operational needs. Examples of service providers are hosting services, cloud services, and other technology services providers, email communication software and email newsletter services, advertising and marketing services, and web analytics services.
- Corporate transactions: We may need to disclose your personal data if we are involved in corporate transactions such as reorganization, bankruptcy, receivership, or transition of service to another provider (collectively a “Transaction”). Examples of parties to whom we may need to disclose information are counterparties and others assisting the Transaction as well as successors or affiliates that are part of the transaction.
- Legal Requirements: We may need to disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.
- Affiliates: We may share Personal Information with our affiliates, meaning an entity that controls, is controlled by, or is under common control with Anecdote. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.
7. How we keep your data safe
Anecdote has taken technical and organizational measures to ensure that your Personal Data is processed securely and protected from loss, abuse and unauthorized access.
Organizational security measures are measures that are implemented in work methods and routines within the organization, such as Internal governance documents (policies/instructions), training assigning a data protection responsibility and conducting a data protection impact assessment.
Technical security measures are measures implemented throughout all technical solutions including encryption, access control levels, secure networks and zero-trust design in our applications.
8. Your data protection rights
You are the one in control of your Personal Data and we always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
Access - You always have the right to receive information about the Processing of data that concerns you. We only provide information if we have been able to verify that it is you that are requesting the information.
Rectification - If you find that the Personal Data we process about you is incorrect, let us know and we will fix it!
Erasure - Do you want us to completely forget about you? You have the right to be forgotten and request deletion of your Personal Data when the Processing is no longer necessary for the purpose for which it was collected. If we are required to retain your information under applicable law or a contract that we have entered with you, we will ensure that it is processed only for the specific purpose set forth in such applicable law or contract. We will thereafter erase the information as soon as possible.
Objections - Do you disagree with our assessment that a legitimate interest for Processing your Personal Data overrides your interest in protecting your privacy? Don't worry - in such case, we will review our legitimate interest assessment. Of course, we add your objection to the balance and make a new assessment to see if we can still justify our Processing of your Personal Data. If you object to direct marketing, we will immediately delete your personal information without making an assessment.
Restriction - You can also ask us to restrict our Processing of your Personal Data
- Whilst we are Processing a request from you for any of your other rights;
- If, instead of requesting erasure, you want us to limit the Processing of Personal Data for a specific purpose. For example, if you do not want us to send advertising to you in the future, we still need to save your name in order to know that we should not contact you; or
- In cases where we no longer need the information in relation to the purpose for which it was collected, provided that you do not have an interest in retaining it to make a legal claim.
Data portability - We may provide you with the data that you have submitted to us or that we have received from you in connection with a contract that we have entered with you. You will receive your information in a commonly used and machine-readable format that you can transfer to another personal data manager.
Withdraw consent - If you have given consent to one or several specific Processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately. Please note that you can only withdraw your consent for future Processing of Personal Data and not for Processing that has already taken place.
How you use your rights
You may, at any time, request the information we store about you. Please note that it may take up to 30 days to provide the full information. Contact us via legal@anec.app for requests.
If we don't keep our promise
If you think that we are not Processing your Personal Data correctly, even after you have notified us of this, you are always entitled to submit your complaint to the Swedish Authority for Privacy Protection.
More information about our obligations and your rights can be found at https://www.imy.se/
You can contact the authority via e-mail at: imy@imy.se
9. Changes to this policy
We reserve the right to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you about the changes in advance so that you are given the opportunity to take a position on the updated policy.
10. Contact
Please contact us if you have questions about your rights or if you have any other questions about how we process your personal information:
Anecdote, Inc
651 N Broad St, Suite 206, Middletown, Delaware, 19709
legal@anec.app
11. Supplemental terms for California residents
Pursuant to the California Consumer Privacy Act (“CCPA”), this section applies to certain personal data collected about California residents where Anecdote acts as a “business” and supplements the rest of our Notice above.
This section does not apply to the following information:
- Information about individuals who are not California residents;
- Information we collect from individuals with whom we engage in solely a business-to-business relationship, such as employees of our business partners and customers; and
- Information that we process as a “service provider” to our business customers. In such cases, we follow the instructions of our business partner when processing your personal data, and you should contact that business for more information about how your personal data is processed.
Sources of personal data: See Section 2 above.
Uses of personal data: See Section 4 related to the business and commercial purposes for which we collect personal information.
Disclosing personal data:
Our data disclosure practices are described in:
- Section 3 (Collection of Personal data)
- Section 6 (Disclosures of Personal data - also illustrated in below list)
- We do not sell personal data (as such term is defined under the CCPA)
Categories of data collected and their respective third party categories with whom we may disclose personal information for a business purpose:
Identifiers
- Affiliates and subsidiaries
- Service providers
- With third parties at your direction or that are necessary to complete transactions
- Providers of legal, security, and safety assistance and resources
- Entities involved in a corporate transaction
- Entities to which you have consented to the disclosure
Geolocation information
- Affiliates and subsidiaries
- Service providers
- With third parties at your direction or that are necessary to complete transactions
- Providers of legal, security, and safety assistance and resources
- Entities involved in a corporate transaction
- Entities to which you have consented to the disclosure
Demographic Information
- Affiliates and subsidiaries
- Service providers
- With third parties at your direction or that are necessary to complete transactions
- Providers of legal, security, and safety assistance and resources
- Entities involved in a corporate transaction
- Entities to which you have consented to the disclosure
Commercial information
- Affiliates and subsidiaries
- Service providers
- With third parties at your direction or that are necessary to complete transactions
- Providers of legal, security, and safety assistance and resources
- Entities involved in a corporate transactionEntities to which you have consented to the disclosure
Internet or other electronic network activity
- Affiliates and subsidiaries
- Service providers
- With third parties at your direction or that are necessary to complete transactions
- Providers of legal, security, and safety assistance and resources
- Entities involved in a corporate transactionEntities to which you have consented to the disclosure
Inferences
- Affiliates and subsidiaries
- Service providers
- With third parties at your direction or that are necessary to complete transactions
- Providers of legal, security, and safety assistance and resources
- Entities involved in a corporate transaction
- Entities to which you have consented to the disclosure
Your Rights:
Subject to legal limitations, certain California residents may exercise the following rights by submitting a request in this webform or emailing us at legal@anec.app.
- Right to Know. You have the right to be informed about how and why and when data is collected, what data or categories of data is collected, as well as the disclosure of use and sales of PI. You have the right to request information about specific personal data we have collected about you
- Right to Delete. You have the right to request that we delete personal data that we have collected from you.
- Right to Opt Out. We do not sell personal information.
- Right to Non-Discrimination: We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights.
To process your request we will:
- Need to obtain information to in order to be able to verify your identity and locate you in our records
- Respond to requests to Delete and requests to Know within ten days, unless we need more time in which case we will notify you and may take up to thirty days total to respond to your request.
Security
SOC 2 Security
At Anecdote, we prioritize the security and privacy of the data that our valued customers entrust to us. We have meticulously designed our application with a multi-tiered security approach and maintain a steadfast commitment to secure development practices, augmented by comprehensive third-party assessments. While innovating and delivering cutting-edge features, we remain resolute in upholding stringent security standards to ensure your data's safety.
We understand that granting us access to your internal corporate data is a significant decision. To instill confidence, we have taken numerous steps to establish a robust security program that offers you the peace of mind you deserve. We safeguard each customer's data, ensuring its segregation from other customers' data. Furthermore, the same principles of access limitation apply to our own staff. At Anecdote, we uphold a strict policy: we never access your data without your awareness, and we strictly refrain from creating any form of meta-reporting that could be potentially resold. Our primary focus centers on delivering the value we promise, without compromise.
The services
As global regulations evolve, we remain dedicated to updating this section as needed to ensure ongoing compliance.
GDPR
The General Data Protection Regulation (GDPR), a comprehensive EU data privacy law in effect since May 25, 2018, has our unwavering attention. Anecdote operates as a data processor, supporting data controllers in fulfilling their GDPR obligations. We route direct inquiries from consumers and end-users to the respective data controllers for handling.
To align with GDPR, we establish Data Protection Agreements with relevant customers and third parties, ensuring robust processing and safeguards for EU personal data. Our standardized processes and technical capabilities aid our customers in responding to data subject requests. We meticulously select and monitor third-party vendor relationships with a risk-based approach.
For a detailed list of our subprocessors and to know more about GDPR, contact us at hello@anec.app
We address information security and data privacy through a holistic integration of people, processes, and technology. To validate the effectiveness of our internal security controls, we have engaged an independent auditor to assess our compliance with a specialized framework tailored for software-as-a-service (SaaS) providers.
Anecdote proudly holds a SOC 2 Type 2 report, confirming our alignment with the SOC 2 SSAE 18 standard. This report encapsulates our approach to information security management, risk assessment, board oversight, and third-party risks, among other guiding principles.
Our commitment to compliance is further fortified by hosting our services on Amazon Web Services (AWS). AWS is a state-of-the-art data center equipped with innovative architectural and modern engineering approaches. These data centers have received validation for compliance against rigorous standards, regulations, and diverse frameworks. To delve deeper into AWS's compliance, you can explore here: https://aws.amazon.com/compliance.
Privacy
Governance
CCPA
The California Consumer Privacy Act (CCPA), effective from January 1, 2020, sets new privacy rights for California consumers and obligations for covered businesses like ours.We have established processes to address consumer requests under CCPA, which encompass rights such as knowing collected information, obtaining copies of personal data, deletion of personal information, opting out of data sale, and equal service and pricing despite privacy choices. To learn more or request a Data Protection Agreement, reach out to abed@anec.app.
Security Governance
Information Security Program: Anecdote maintains a formal information security program, supported by written policies, approved by management, and communicated to our staff.Security Leadership Committee: Oversight and approval for security and compliance initiatives are provided by our security leadership committee at the executive level.
Application & Product Security
Authentication: Single Sign-On (SSO) using G-Suite identity offers secure authentication for users. Strong encryption and hashing methods protect user passwords, while APIs communicate exclusively over encrypted channels, accessible only by verified users.Access Controls: Our multitenant architecture enforces logical separation of customer data through access control mechanisms based on company, users, and roles. A meticulous system of access control lists, authentication, and authorization ensures data access solely for authorized users. Unique GUIDs grant customer accounts access according to assigned privileges.
Resilient & Secure Architecture
Redundant and Scalable Infrastructure: Our geographically distributed availability zones, hosted by Amazon Web Services, ensure the resilience and scalability of Anecdote's data and services. Scalable infrastructure supports high availability, network resources are isolated, and automated provisioning meets peak demands.Encryption: We employ recommended secure cipher suites for end-to-end encryption, safeguarding data in transit and at rest. Strict key management protocols, including key rotation and limited access, ensure data protection.Threat Monitoring: Our vigilant threat detection mechanisms and incident response process are poised to address potential network intrusions, system compromises, and breaches. Swift communication is maintained with stakeholders in the event of an incident.Recovery Capabilities: Geographically distributed data replication, daily backups, and robust restoration procedures guarantee data continuity and recovery in the face of unexpected events.
Secure Build
Design & Build Practices: A well-defined Software Development Lifecycle (SDLC) policy guides our engineers, ensuring secure development practices, code evaluation, change management, and peer reviews.Penetration Testing: Annual third-party penetration tests validate our security measures.
Personnel Practices
Recruitment & Selection Practices: Rigorous background verification and confidentiality agreements bolster our employee selection process.Access Controls: Access to production systems is exclusive to authorized employees, regularly reviewed for necessity.For inquiries or security incidents, please reach out to hello@anec.app. Your trust is paramount, and we're dedicated to upholding the highest security standards to protect your data.
Anecdote, Inc is an entity registered in the United States with its address at 651 N Broad St, Suite 206 Middletown Delaware 19709.
