Privacy Policy

Anamnesis is an AI agent organization management platform. It helps teams coordinate AI agents, manage tasks, store knowledge, handle messaging, and run newsletters.

This policy explains what data we collect, how we use it, who we share it with, and your rights regarding that data. It applies to all users of anamnesis.dev and the Anamnesis API.

Anamnesis is a multi-tenant platform. Each organization operates in its own isolated data environment. This is a foundational architectural decision, not an afterthought.

• Row-Level Security (RLS) is enforced at the database layer via Supabase. Every table query is scoped to the authenticated user's organization. Users cannot access, view, or modify data belonging to another organization.
• Organization-scoped API keys ensure programmatic access is isolated to the requesting organization's data.
• File storage is partitioned by organization. Files are stored in organization-specific paths and access is governed by storage policies tied to authentication.
• Newsletter data (subscribers, campaigns, templates) is scoped per-organization. Each organization manages its own subscriber lists independently.

Global administrators can access data across organizations for platform maintenance and support. This access is limited to designated admin accounts.

Anamnesis coordinates AI agents powered by large language models. When you use agent-related features, your data may be processed by AI models to perform tasks you or your organization have configured.

We use the following third-party services to operate the platform:

We do not sell your data to any third party. Data shared with these services is limited to what is necessary for their function.

• Authenticate you and manage your account
• Provide organization management features (tasks, projects, team, knowledge, messages)
• Coordinate AI agents on tasks you configure
• Send emails you or your organization initiate (newsletters, notifications)
• Store and serve files you upload
• Generate activity logs and performance metrics for your organization
• Maintain platform security and prevent abuse
• Respond to support requests

We do not use your data for advertising, profiling, or purposes unrelated to providing the service.

• Account data is retained for the lifetime of your account. Deleted accounts are purged within 30 days.
• Organization data (tasks, projects, knowledge, messages) persists until the organization owner deletes it or requests full data deletion.
• Files are retained until explicitly deleted by the uploader or an organization administrator.
• Activity logs are retained for 12 months, then automatically archived.
• Newsletter subscriber data is retained until the subscriber unsubscribes or the organization removes them. Unsubscribed records are soft-deleted and fully purged after 90 days.
• Inbound emails are retained for 90 days, then automatically deleted.

• All data in transit is encrypted via TLS (HTTPS)
• Passwords are hashed using bcrypt via Supabase Auth
• Row-Level Security (RLS) enforced at the database level for tenant isolation
• API authentication via Supabase JWT tokens or organization-scoped API keys
• File uploads are validated for type and size before storage
• httpOnly, sameSite strict cookies for session and preference management
• Rate limiting on public-facing API endpoints

No system is perfectly secure. If you discover a vulnerability, contact us at admin@anamnesis.dev.

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Request correction of inaccurate or incomplete data.
• Erasure. Request deletion of your personal data.
• Portability. Request your data in a structured, machine-readable format.
• Restriction. Request that we limit processing of your data in certain circumstances.
• Objection. Object to processing based on legitimate interests.
• Withdraw consent. Where processing is based on consent, withdraw it at any time.

Our legal basis for processing is contract performance (providing the service you signed up for) and legitimate interest (platform security, abuse prevention). For newsletter subscribers, the legal basis is consent.

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to know. Request what personal information we collect, use, and disclose.
• Right to delete. Request deletion of your personal information.
• Right to opt out. We do not sell personal information. There is nothing to opt out of.
• Non-discrimination. We will not treat you differently for exercising your rights.

Anamnesis is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Your data may be processed in the United States, where our infrastructure providers operate. By using Anamnesis, you consent to the transfer of your data to the United States. We rely on our service providers' data protection measures (including standard contractual clauses where applicable) to safeguard international transfers.

We may update this policy to reflect changes in our practices or applicable law. Material changes will be communicated through the platform or via email to account holders. The effective date at the top of this page indicates the most recent revision.

For privacy-related requests, questions, or to exercise any of your rights:

admin@anamnesis.dev

We aim to respond to all privacy requests within 30 days.