Privacy Policy

1. Data Controller

Anotum, headquartered in Denmark, is the Data Controller responsible for your personal data under GDPR.

Contact Email: hello@anotum.com

2. Information We Collect

• Personal Identification Information: Name, email address, and account credentials when you register.
• Payment Information: Processed by our third-party provider, Stripe. We only receive limited transaction data (e.g., subscription status, last four digits of a card).
• User Content: The files, text, notes, and highlights you upload or create using our Service.
• Automatically Collected Data: IP addresses, browser types, device types, operating systems, and timestamp data logged automatically by our servers.
• Activity and Tracking Data: Interaction data, reading habits, and website usage statistics, collected via cookies and analytics tools.

3. How We Use Your Data and Legal Basis (GDPR)

We process your data based on the following legal grounds:

• To provide the Service (Performance of a Contract): Creating your account, hosting your User Content, and facilitating device integrations.
• To process payments (Performance of a Contract / Legal Obligation): Managing your subscription via Stripe and maintaining financial records for tax purposes.
• To improve our Service (Consent / Legitimate Interest): Using analytics to understand user behavior and troubleshoot technical issues. We rely on your explicit consent (via our cookie banner) before dropping tracking cookies.
• To communicate with you (Legitimate Interest / Consent): Sending service updates, security alerts, and marketing communications (you may opt out of marketing at any time).

4. Data Sharing and Third-Party Processors

We do not sell your personal data to third parties. We disclose your data only to trusted service providers bound by strict data processing agreements:

• Payment Processors: Stripe.
• Cloud Hosting Providers: To store your User Content and host our platform.
• Analytics Providers: To track and report website traffic (subject to your consent).
• Legal Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5. International Data Transfers

Because we use global service providers (like Stripe), your personal data may be transferred to, and processed in, countries outside of the European Economic Area (EEA), including the United States. When we do so, we ensure appropriate safeguards are in place, such as executing Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data & User Content: Retained while your account is active. If you delete your account, this data is permanently deleted from our active servers within 30 days.
• Payment & Transaction Data: Retained for up to 5-7 years to comply with Danish and EU tax and accounting laws.
• Analytics Data: Anonymized or deleted within 14 to 26 months.

7. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security.

8. Your Data Protection Rights (GDPR)

If you are a resident of the EEA or UK, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the data we hold about you.
• Right to Rectification: Request that we correct any inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request the deletion of your personal data.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Request to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to our processing of your personal data, particularly for direct marketing.
• Right to Withdraw Consent: Withdraw your consent at any time where we relied on it to process your data (e.g., tracking cookies).

To exercise any of these rights, please email us at hello@anotum.com. You also have the right to complain to your local Data Protection Authority if you believe our processing violates the GDPR.

9. US State Privacy Rights

If you are a resident of California, Virginia, Colorado, or other US states with applicable privacy laws, you have the right to know what personal information is collected, request deletion of that information, and opt out of the "sale" or "sharing" of your personal information. Anotum does not sell personal information for monetary value. To exercise your rights, contact us at the email provided.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.