Privacy Policy

1. Who We Are

Anonymaze ("we," "us," "our") is a privacy tool developed to help individuals and organizations remove personally identifiable information (PII) from documents before sharing them with AI assistants, colleagues, or the public.

For privacy-related inquiries, contact us at: privacy@anonymaze.ai

2. Scope of This Policy

This Privacy Policy applies to:

• The Anonymaze desktop application for macOS (and future platforms)
• The Anonymaze online demo service at anonymaze.ai
• The Anonymaze website at anonymaze.ai
• Any email communications (waitlist, support, newsletters)

Each of these has fundamentally different data handling characteristics, detailed below.

3. Desktop Application — Zero-Access Architecture

3.1 How It Works

The Anonymaze desktop application operates entirely offline. All document processing — including file reading, NLP-based entity detection, and text replacement — happens locally on your device. No data leaves your computer. No network connections are made during processing.

3.2 What We Do NOT Collect

• The contents of your documents
• The results of anonymization
• The entity mapping (what was replaced with what)
• Any usage analytics or telemetry (unless you explicitly opt in — see Section 6)
• Crash reports (unless you explicitly choose to send one)
• Hardware or software identifiers
• IP addresses, location data, or device fingerprints

We literally cannot access your data. The application does not contain any analytics SDK, tracking pixel, or phone-home functionality beyond optional update checks and opt-in telemetry. You can verify this by inspecting network traffic during operation.

3.3 What We May Collect

• Update checks: If automatic updates are enabled, the app periodically checks our server for the latest version number. This transmits only the current app version and your operating system version. No document data is included.
• License validation (Pro/Team tiers): If you purchase a Pro or Team license, the app validates your license key against our server. This transmits only the license key and a hashed device identifier. No document data is included.
• Opt-in telemetry: See Section 6.

4. Online Demo Service

4.1 How It Works

The online demo at anonymaze.ai allows users to paste text and see anonymization results in their browser. Text submitted through the online demo is sent to our server for processing.

4.2 Data Handling

• Encryption in transit: All data is transmitted over TLS 1.3 encryption.
• Immediate deletion: Text is processed in memory and deleted immediately after the response is returned. We do not write submitted text to disk, database, or any persistent storage.
• No logging of content: We do not log the text you submit. Server logs contain only timestamps, HTTP status codes, and anonymized IP addresses (last octet zeroed) for abuse prevention.
• No model training: Your text is never used to train, fine-tune, or improve any AI/NLP models.
• Rate limiting: We track the number of requests per IP address (using anonymized IPs) to prevent abuse. This data is retained for 24 hours.

5. Anonymization Engine — Known Limitations

Anonymaze uses a local NLP engine combining rule-based patterns, regex, and machine-learning NER models. Our engine currently supports 13 languages: Chinese, English, French, German, Hindi, Italian, Japanese, Korean, Polish, Portuguese, Russian, Spanish, and Turkish.

• Our NLP engine detects approximately 95% of common PII types but is not perfect. Some rare or context-specific PII may not be detected.
• Detection quality varies by language and document type. Languages with smaller training corpora (ZH, PT, FR, DE) may have lower recall than English and Russian.
• You are responsible for reviewing each detection before sharing anonymized output.
• The engine runs 100% locally on your device (desktop app) or in our privacy-preserving backend (online demo, where no text is stored — see Section 4).
• We continuously improve detection accuracy based on aggregated, de-identified feedback (see Section 7).

6. Telemetry — Opt-In Only

By default, Anonymaze collects zero telemetry.

Users may optionally enable anonymous detection-count telemetry in Settings to help us improve the engine. If you opt in:

• What is collected: language code, entity-type counts (e.g., PERSON: 3, EMAIL: 2), and a hashed session ID. No text, no PII, no identifying information.
• What is never collected: the content of your documents, the original text, the anonymized output, or any mapping data.
• Retention: opt-in telemetry data is retained for 90 days, then automatically deleted.
• Revocation: you can disable telemetry at any time in Settings. Disabling stops all future collection immediately.

7. Missed Detection Reports

Users can voluntarily report missed PII via the "Report a miss" button in /app.

• Report payload includes: language code, entity type, up to 30 characters of context before and after the missed entity, and the anonymized output.
• NO raw input text is transmitted. We never receive the original text you submitted.
• Purpose: reports are used exclusively to improve the NLP engine.
• Retention: retained indefinitely unless you request deletion. To request deletion of your reports, email support@anonymaze.ai.
• No PII in reports: context excerpts are limited to 30 characters and may themselves contain PII. By submitting a report you consent to us processing that excerpt for engine improvement purposes.

8. Website and Cookies

8.1 Analytics

We use privacy-respecting analytics (Plausible Analytics) that does not use cookies, does not collect personal data, and is fully GDPR/CCPA/PECR compliant. We track only:

• Page views (aggregate, not per-user)
• Referrer sources (where visitors come from)
• Country-level geolocation (derived from anonymized IP)
• Device type (desktop/mobile) and browser family

We do not track individual users, create profiles, set cookies, or use fingerprinting.

8.2 Cookies

The Anonymaze website uses only strictly necessary cookies:

We do not use advertising cookies, social media trackers, or third-party analytics cookies.

9. Information We Collect

When you interact with our services (excluding the desktop app, which collects nothing by default), we may collect:

9.1 Information You Provide

• Email address: If you join the waitlist, subscribe to updates, or create an account for Pro/Team tiers.
• Payment information: If you purchase a Pro or Team subscription. Payment processing is handled entirely by our payment processor (Stripe). We do not store credit card numbers, CVVs, or bank account details on our servers.
• Support correspondence: If you contact us for support, we retain the conversation for service purposes.

9.2 Information Collected Automatically

• Server logs: Anonymized IP address, timestamp, HTTP method, URL path, status code, response size. Retained for 30 days for security and abuse prevention.
• Aggregate analytics: Page views, referrer, device type, country (via Plausible, no personal data).

9.3 Data Collected — Summary Table

10. How We Use Your Information

We use collected information exclusively for:

1. Service provision: Processing waitlist signups, managing subscriptions, and validating licenses.
2. Communication: Sending platform availability notifications (waitlist), transactional emails (receipts, password resets), and security notices. You can unsubscribe from non-essential emails at any time.
3. Engine improvement: Aggregated, de-identified telemetry and voluntary missed-detection reports help us improve detection accuracy. No individual user or text content is identifiable in this process.
4. Security: Detecting and preventing abuse, fraud, and unauthorized access to our services.
5. Legal compliance: Responding to lawful requests from authorities, enforcing our Terms of Service.

We do not use your information for:

• Advertising or ad targeting
• User profiling or behavioral analysis
• Sale or rental to third parties
• Training AI/ML models on your text content

11. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data.

We share data only with the following categories of third parties, solely for operational purposes:

• Payment processor (Stripe): Processes payments for Pro/Team subscriptions. Subject to Stripe's Privacy Policy.
• Email service: Delivers transactional and waitlist emails. Receives only your email address.
• Hosting provider: Our servers are hosted on infrastructure that may process anonymized server logs. No document content is stored.

We require all third-party processors to maintain equivalent or stronger data protection standards through Data Processing Agreements (DPAs).

12. Data Retention

13. Your Rights

Depending on your jurisdiction, you have the right to:

• Access: Request a copy of any personal data we hold about you.
• Rectification: Correct inaccurate personal data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Restriction: Request limitation of processing in certain circumstances.
• Withdraw consent: Where processing is based on consent, withdraw at any time.

To exercise any of these rights, email us at privacy@anonymaze.ai. We will respond within 30 days.

13.1 GDPR (European Economic Area)

If you are in the EEA, our legal bases for processing are: consent (waitlist signup, opt-in telemetry, voluntary report-miss submissions), contractual necessity (subscription services), and legitimate interest (security, abuse prevention). You have the right to lodge a complaint with your local data protection authority.

13.2 CCPA (California)

California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete, and the right to opt out of "sale" of personal information. We do not sell personal information.

Do Not Sell or Share My Personal Information

Anonymaze does not sell your personal data. As a California resident, you have the right under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), to request that we do not share your personal information with third parties for cross-context behavioral advertising purposes. We do not engage in such sharing. The Anonymaze desktop application processes everything locally on your device and never transmits your text content to any server. The online demo deletes submitted text immediately after processing and never shares it with advertising or analytics partners.

To submit a "Do Not Sell or Share" request anyway, or to exercise any other CCPA right (right to know, right to delete, right to correct, right to limit use of sensitive personal information), email us at privacy@anonymaze.ai. We will respond within 45 days as required by California law. We do not discriminate against users who exercise their CCPA rights.

13.3 LGPD (Brazil)

Brazilian residents are protected under the Lei Geral de Proteção de Dados (LGPD, Lei nº 13.709/2018). Anonymaze processes personal data only with a legal basis — primarily consent (waitlist, opt-in telemetry) and legitimate interest (security, abuse prevention) — and respects the rights of data subjects to access, rectify, anonymize, port, and delete their data. To exercise your LGPD rights or contact our data protection officer, email privacy@anonymaze.ai.

13.4 Other Jurisdictions

We respect privacy rights globally and will honor data subject requests regardless of your location, to the extent technically feasible and legally permitted.

14. Security Measures

• Desktop application: Zero-network architecture. All processing is local. No attack surface for remote data exfiltration.
• Online demo: TLS 1.3 encryption in transit, no persistent storage of submitted text, in-memory-only processing, anonymized server logs.
• Infrastructure: Encrypted storage at rest (AES-256), access controls, regular security reviews, principle of least privilege.
• Payment data: Handled entirely by Stripe (PCI DSS Level 1 certified). We never see or store card details.

15. International Data Transfers

Our servers are located in the European Union. If you access our services from outside the EU, your data may be transferred to and processed in the EU. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required.

16. Children's Privacy

Anonymaze is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@anonymaze.ai and we will promptly delete it.

17. Open-Source Components

The Anonymaze desktop application uses open-source NLP libraries for entity detection. These libraries run locally and do not transmit any data. Their use is subject to their respective open-source licenses, which do not affect this Privacy Policy.

18. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• A notice on the Anonymaze website
• Email notification to registered users
• In-app notification (for desktop app users with update checks enabled)

The "Last updated" date at the top reflects the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.

19. Contact

For any questions, concerns, or data subject requests regarding this Privacy Policy:

• Email: privacy@anonymaze.ai
• General inquiries: hello@anonymaze.ai
• Report-miss deletion requests: support@anonymaze.ai