Privacy Policy

Last updated: January 2025

1. Introduction

Anhencer ("we", "us", "our") is committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: Anhencer, SIRET: 878 256 775 00023, France

Data Protection Officer: [email protected]

2. Data We Collect
Account Information
  • Name (required)
  • Email address (required)
  • Password (hashed, if not using OAuth)
  • Profile picture (optional)
  • Language preference
  • Timezone
OAuth Authentication Data

When you sign in with Google, GitHub, or other providers, we receive:

  • Name and email address
  • Profile picture (if provided)
  • Provider user ID

We do not access or store your OAuth provider passwords.

Usage Data
  • Projects, bubbles, links, and their relationships
  • MVP configurations
  • Snapshots and exports
  • AI conversation history
  • Templates and guides you create
  • Sharing and collaboration settings
Technical Data
  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Referral source
  • Pages visited and actions taken
  • Session duration
Payment Information

Payment data is processed by Stripe. We store:

  • Subscription plan and status
  • Billing history
  • Stripe customer ID

We do NOT store credit card numbers or payment details—these are handled securely by Stripe.

API Keys (BYOK)

Premium users who provide their own OpenRouter API keys:

  • API keys are encrypted at rest
  • Used only to make AI requests on your behalf
  • Never shared with third parties
  • Can be deleted at any time
3. Legal Basis for Processing (GDPR)

Contract Performance

Processing your account, usage, and subscription data to provide the Service.

Consent

Using AI features, receiving marketing emails (opt-in), and analytics cookies.

Legitimate Interests

Fraud prevention, security monitoring, service improvements, and analytics.

Legal Obligation

Tax compliance, responding to lawful requests, and enforcing Terms of Service.

4. How We Use Your Data
  • Provide and operate the Service
  • Process AI requests and generate suggestions
  • Manage subscriptions and billing
  • Send service notifications (account, security, updates)
  • Improve the Service through analytics
  • Provide customer support
  • Prevent fraud and ensure security
  • Comply with legal obligations
  • Send marketing communications (with your consent)
5. AI and Third-Party Processing
Default AI Provider

When using our default AI features, we send your project context (bubbles, links, conversation history) to OpenRouter, which routes requests to various AI models.

Data sent:

  • Project structure (bubbles, links, types)
  • Your conversation with the AI assistant
  • MVP configuration

Data NOT sent:

  • Account information (name, email)
  • Payment details
  • Other projects
Bring Your Own Key (BYOK)

If you use your own OpenRouter API key (Premium plan), requests are sent directly from our servers to OpenRouter using your key. You control the AI model and have direct visibility into usage via your OpenRouter account.

AI Provider Data Retention

OpenRouter and underlying AI providers (Anthropic, OpenAI, etc.) may temporarily process your data. Refer to their privacy policies for details:

  • OpenRouter Privacy Policy: https://openrouter.ai/privacy
  • Anthropic Privacy Policy: https://www.anthropic.com/privacy
  • OpenAI Privacy Policy: https://openai.com/privacy
6. Data Sharing and Transfers

We share data with:

Service Providers

Stripe (payments), OpenRouter (AI), hosting providers, email service (transactional emails).

Team Collaboration

Project data is shared with users you invite to collaborate on specific projects.

Legal Requirements

We may disclose data to comply with legal obligations, court orders, or to protect rights and safety.

We do NOT sell your personal data to third parties.

International Transfers

Our servers are located in [France/EU]. Some service providers (Stripe, OpenRouter, AI providers) may process data outside the EU. In such cases, we ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Provider compliance with GDPR
7. Data Retention

Active accounts: Active accounts: Data is retained as long as your account is active.

Inactive accounts: Inactive accounts: Free plan accounts inactive for 12 months may be deleted.

Deleted accounts: Deleted accounts: Data is permanently deleted within 30 days, except:

  • Legal obligations (tax records: 7 years)
  • Fraud prevention
  • Resolving disputes

Backups: Backups: Data may remain in encrypted backups for up to 90 days after deletion.

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

Right of Access

Request a copy of your personal data.

Right to Rectification

Correct inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your data.

Right to Restriction

Limit how we process your data.

Right to Data Portability

Export your data in a machine-readable format (JSON, Markdown).

Right to Object

Object to processing based on legitimate interests or marketing.

Right to Withdraw Consent

Withdraw consent at any time (e.g., marketing emails, AI features).

Right to Lodge a Complaint

File a complaint with your national data protection authority (France: CNIL).

How to Exercise Your Rights

Contact us at [email protected] or use account settings to:

  • Export your data
  • Delete your account
  • Update your information
  • Manage email preferences

We will respond within 30 days.

9. Cookies and Tracking

We use cookies for:

Essential Cookies

Authentication, session management, security (cannot be disabled).

Functional Cookies

Language preference, theme (dark/light mode), user settings.

Analytics Cookies (optional)

Anonymous usage statistics to improve the Service.

Managing Cookies

You can disable non-essential cookies via browser settings or our cookie banner. Note that disabling cookies may affect functionality.

10. Security Measures

We implement industry-standard security practices:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data (passwords, API keys)
  • Regular security audits
  • Access controls and authentication
  • Secure password hashing (bcrypt)
  • Two-factor authentication (optional)

No system is 100% secure. If you suspect a security breach, contact us immediately at [email protected].

11. Children's Privacy

The Service is not intended for users under 16 years old. If you are under 16, you must have parental consent. We do not knowingly collect data from children under 13.

If you believe a child under 13 has provided us with data, contact us at [email protected].

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via:

  • Email notification
  • In-app notification
  • Notice on our website

Changes are effective upon posting unless otherwise stated.

13. Contact Us

For privacy-related questions or to exercise your rights, contact:

Email: [email protected]

Data Protection Officer: [email protected]

SIRET: 878 256 775 00023

Supervisory Authority (France): CNIL - https://www.cnil.fr

Back to Home
Start typing to search
Search across your projects, bubbles, AI sessions, and templates
↑↓ to navigate
↵ to select
ESC to close