Privacy Policy

Anor Data (“Anor,” “we,” “us,” or “our”) provides a data intelligence platform for nonprofits and churches. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website at anordata.com (the “Site”) or use our platform and services (collectively, the “Services”).

By accessing or using our Services you agree to the practices described in this policy. If you do not agree, please do not use our Services.

1. Information We Collect

1.1 Information You Provide

• Account & onboarding information — organization name, contact name, email address, phone number, website URL, and contact count range submitted through our onboarding form.
• Integration preferences — the third-party tools you select during onboarding (e.g., CRM, donation platform, email marketing tool). We do not collect API keys or credentials through the onboarding form.
• Payment information — billing details are collected and processed exclusively by our payment processor, Stripe. We do not store credit card numbers or bank account details on our servers. We receive only a Stripe customer ID and payment status.
• Communications — any information you provide when you email us, schedule a call, or otherwise contact us.

1.2 Information Collected Through the Platform

When you use our dashboard, we process data that your organization syncs from connected third-party tools. This may include contacts, donations, event registrations, email engagement data, and other CRM-related records. This data belongs to your organization; we process it solely to provide the Services.

1.3 Information Collected Automatically

We do not currently use analytics or tracking tools on our Site. We do not set non-essential cookies. Standard server logs maintained by our hosting provider (Vercel) may record your IP address, browser type, operating system, referring URL, and timestamps when you visit the Site. These logs are used only for security and operational purposes.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Services.
• Process your onboarding submission and set up your dashboard.
• Process payments and manage your subscription through Stripe.
• Schedule and conduct your technical integration call via Calendly.
• Communicate with you about your account, the Services, and support requests.
• Detect, prevent, and address fraud, abuse, or technical issues.
• Comply with legal obligations.

3. Artificial Intelligence & Machine Learning

Our platform uses third-party AI language models (Anthropic Claude) to generate insights and analysis from your data. We want to be completely transparent about how this works:

• Your data is never used to train AI models. We do not use your organization's data — including contacts, donations, events, or any other records — to train, fine-tune, or improve any machine learning or AI model.
• AI processing is ephemeral. When we use AI to generate insights for your dashboard, your data is sent to the AI provider solely for that request. It is not stored by the AI provider or used for any other purpose.
• We do not build profiles. We do not use AI or algorithmic methods to build behavioral profiles, predict individual actions, or make automated decisions about the people in your database.
• No cross-customer data sharing. Your organization's data is never combined with, compared to, or made accessible to other organizations on our platform.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

4.1 Service Providers (Sub-processors)

We use a limited number of third-party providers to operate the Services. Each provider processes data only as necessary to perform its function and is contractually obligated to protect your information.

4.2 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect our rights or safety, or investigate potential violations of our terms.

4.3 Business Transfers

If Anor is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Services. Specifically:

• Account & onboarding data — retained for the duration of your subscription plus 90 days after cancellation, after which it is deleted unless we are legally required to retain it.
• Platform data (contacts, donations, events, etc.) — deleted within 30 days of account termination or upon your written request, whichever comes first.
• Payment records — retained as required for tax, accounting, and legal compliance (typically 7 years).
• Server logs — retained by Vercel per their standard retention policy and used only for security and operational monitoring.

6. Data Security

We take reasonable technical and organizational measures to protect your information, including:

• Encryption in transit (TLS/HTTPS) for all data transmitted between your browser and our servers.
• Encryption at rest for data stored in our database (Supabase).
• Row-level security policies that restrict data access to authorized users within your organization.
• Content Security Policy (CSP) headers to mitigate cross-site scripting and injection attacks.
• Secure authentication via Supabase Auth with support for single sign-on.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 All Users

• Access — request a copy of the personal information we hold about you.
• Correction — request that we correct inaccurate or incomplete information.
• Deletion — request that we delete your personal information, subject to legal retention requirements.
• Data portability — request your data in a structured, machine-readable format.

7.2 European Economic Area (EEA) & United Kingdom Residents

If you are located in the EEA or UK, the General Data Protection Regulation (GDPR) and UK GDPR provide additional rights:

• Legal basis — we process your data on the basis of contract performance (to deliver the Services you signed up for), legitimate interest (to operate and improve our business), and consent (where applicable).
• Restriction — you may request that we restrict processing of your data in certain circumstances.
• Objection — you may object to processing based on our legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.
• Supervisory authority — you have the right to lodge a complaint with your local data protection authority.

7.3 California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) grants you additional rights:

• Right to know — you may request the categories and specific pieces of personal information we have collected.
• Right to delete — you may request deletion of your personal information.
• Right to opt out of sale — we do not sell your personal information.
• Non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us at hello@anordata.com. We will respond to verified requests within 30 days (or the period required by applicable law).

8. Cookies & Local Storage

Our Site uses only essential cookies and browser local storage necessary for the Services to function (e.g., authentication tokens, form draft persistence). We do not use advertising, analytics, or third-party tracking cookies.

If we introduce non-essential cookies in the future, we will update this policy and provide a consent mechanism before setting them.

9. Third-Party Links

Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will promptly delete it.

11. International Data Transfers

Our Services are hosted in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required by applicable law.

12. Data Processing (For Our Customers)

When you use our platform to process your organization's contact, donation, event, and engagement data, you are the data controller and Anor acts as the data processor. We process this data solely on your instructions and for the purpose of providing the Services. If you need a formal Data Processing Agreement (DPA), please contact us at hello@anordata.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by emailing the address associated with your account. Your continued use of the Services after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: hello@anordata.com
• Website: anordata.com