Privacy Policy

This Privacy Policy ("Policy") explains how Meta Protocol Inc. ("Meta Protocol," "Anuma AI," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with https://anuma.ai (the "Site") and our APIs, dashboards, developer tools, documentation, and related services (collectively, the "Service"). This Policy is written to align with our Terms of Service and is intended to be read together with them.

IMPORTANT NOTICE ABOUT AI MODELS AND PROVIDERS. Anuma AI routes certain requests (including Inputs) to third-party model providers ("Providers") and returns Outputs generated by those Providers. Providers are independent third parties and their handling of Inputs and Outputs is governed by Provider terms and policies, not this Policy. You should not submit sensitive personal information through the Service unless you have a lawful basis to do so and you have evaluated whether the applicable Provider's terms and controls are suitable for your use case.

This Policy applies solely to personal information processed by Anuma AI in connection with the Site and Service. Anuma AI acts as an independent service provider offering a routing and aggregation layer for third-party AI models. Except as expressly stated in this Policy or a separate written agreement, Anuma AI does not determine the purposes or means of Providers' processing of Inputs or Outputs and does not assume responsibility for Provider privacy, security, or data retention practices. Provider processing is governed exclusively by Provider terms and policies.

Nothing in this Policy creates any fiduciary, advisory, or trust relationship between you and Anuma AI. Anuma AI acts solely as a technology service provider and does not assume duties beyond those expressly stated.

We may modify this Policy from time to time. If we make changes, we will post the revised Policy on the Site and update the "Last Updated" date above. If we make material changes to how we collect, use, or disclose personal information, or changes that materially affect your rights, we will provide additional notice that is reasonably designed to inform you (for example, via email to the address associated with your Account or via an in-product notice). Your continued use of the Site or Service after the revised Policy becomes effective means you accept the revised Policy.

In the event of a conflict between this Policy and the Terms of Service, the Terms of Service will control to the extent permitted by law.

"Personal information" generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with you or your household. The personal information we collect depends on how you interact with the Site and Service.

We collect personal information you provide to us, such as identifiers and contact information (including name, email address, billing contact details, organization name, and account identifiers and authentication information), communications you send to us (including support tickets and emails), configuration and preference information (such as user settings, saved preferences, memories, or similar features where enabled), chat history or conversation content where you choose to use features that store such information, and transactional information (including records of funding events, invoices, payments, refunds, credits, and associated confirmations). If you include personal information in content you submit through the Service (for example, a prompt or dataset containing names, emails, or other identifiers), we will receive and process that information as part of providing the Service and routing requests to Providers. This may include information you provide directly or through third-party authentication or single sign-on services, where you authorize the provider to share certain information with us, such as your name, email address, profile information, and account identifiers. We use this information to create and authenticate your Account and provide the Service.

We also collect information automatically, including IP address, device and browser identifiers, operating system, time zone, approximate location derived from IP, access times, pages or screens viewed, referring/exit pages, session duration, and diagnostic information such as logs, performance metrics, and error reports. Because Anuma AI is a usage-metered platform, we also collect usage telemetry necessary for billing and security, which may include request timestamps, model routing selections, token counts or other metered units, latency measurements, and abuse or fraud signals.

Cookies and similar technologies may be used for functionality, security, analytics, and performance. We use Google Analytics ("GA") and PostHog to understand how users interact with the Site and Service. PostHog may support product analytics features and, depending on configuration, may support session replay or similar tools that help us diagnose issues and improve usability; we endeavor to configure such tools to avoid capturing sensitive fields, but you should assume that interactions with the Site may be recorded as part of telemetry. We also use Dune Analytics to analyze and visualize blockchain-related data and usage trends; depending on implementation, Dune may process pseudonymous identifiers (such as wallet addresses or transaction hashes) and aggregated analytics outputs that may be associated with the Service.

Session replay, where enabled, is used solely for debugging and product improvement and is not intended to capture Inputs or sensitive personal information.

The Service may allow you to connect third-party applications, services, or data sources that you authorize ("Connectors"). Any content, files, records, or other data accessed through a Connector is treated as information you provide to us, just as if you had submitted it directly through the Service. You are solely responsible for the data you choose to make accessible via a Connector and for ensuring you have the rights and lawful basis to permit such access. The third-party provider's terms and privacy policies govern your relationship with that provider and the provider's initial collection and disclosure of your data.

Personal information contained within Inputs, Outputs, datasets, or files submitted through the Service is processed strictly at your direction and as part of providing the Service. Anuma AI does not independently determine the content of Inputs and does not verify the accuracy, legality, or appropriateness of personal information contained therein.

2.1 User Responsibility for Submitted Personal Information. You are solely responsible for determining what personal information, if any, you submit through the Service, including through Inputs, datasets, files, or Connectors. You should not submit sensitive personal information (such as government identifiers, financial account numbers, health data, biometric data, or information about children) unless you have a lawful basis to do so and have evaluated the risks of Provider processing. Anuma AI has no obligation to screen, edit, or remove personal information embedded in Inputs or data you choose to submit.

We use personal information to provide and operate the Service, including to create and administer Accounts, route requests to Providers, authenticate users, provide customer support, meter usage, and maintain accurate billing records. We use personal information to process payments, fund prepaid balances, issue invoices and receipts, handle refunds or credits where applicable, and maintain required accounting records. We also use personal information to secure the Site and Service; to detect, prevent, and investigate fraud, abuse, and malicious activity; to enforce our Terms and policies; and to protect the rights, property, and safety of Anuma AI, our users, Providers, and the public.

We use telemetry and analytics to monitor performance, conduct debugging, fix bugs, maintain reliability, and improve the Service. We may use aggregated and de-identified information to understand feature adoption and to generate high-level metrics and analytics reports. Where permitted by law, we may send marketing communications about Anuma AI; you may opt out of marketing emails, but you may still receive transactional and administrative messages. We also process personal information to comply with applicable law, lawful requests, and legal process, and to resolve disputes.

We do not use personal information obtained through the Service to make decisions producing legal or similarly significant effects about individuals, nor do we engage in automated decision-making or profiling as defined under applicable data protection laws.

Anuma AI's core function is routing requests to third-party Providers selected based on technical, operational, or user-configured criteria. To provide the Service, we transmit Inputs to Providers and receive Outputs generated by those Providers. Providers act as independent controllers or processors under their own terms and policies, and Anuma AI does not control or assume responsibility for Provider data retention, training practices, security measures, or secondary uses of Inputs or Outputs.

By default, Anuma AI seeks to minimize retention of raw Inputs and Outputs, while retaining limited technical and billing metadata necessary to operate a usage-metered platform. This generally includes timestamps, model route, token counts or other metered units, latency and error diagnostics, and abuse/fraud signals. By default, we do not use raw Inputs or Outputs to train Anuma AI foundation models. If you opt into features that clearly indicate they store content (such as prompt logging, chat history, traces, or evaluation tooling), we may store Inputs and Outputs related to those features and process them as described in our Terms and any in-product disclosures. Where you opt into such features, we may retain and use those stored Inputs and Outputs to provide, secure, operate, analyze, and improve the Service, consistent with the Terms and any in-product disclosures. We may also process information in aggregated or de-identified form to analyze trends and generate analytics outputs intended not to identify individual users.

4.1 No Training Commitment; No Data Exclusivity. Except as expressly stated in this Policy or a separate written agreement, Anuma AI does not commit to refrain from using aggregated or de-identified information derived from Service usage for analytics, capacity planning, security, or product improvement purposes. Nothing in this Policy grants you exclusivity over Outputs or prevents Providers or other users from generating similar or identical content using the same or similar Inputs.

We may disclose personal information to vendors and service providers that help us operate the Site and Service, including hosting and infrastructure providers, observability and error monitoring vendors, customer support tools, analytics providers (including GA and PostHog), payment processors, and fraud prevention vendors. These vendors are authorized to process personal information only as necessary to perform services on our behalf and are contractually obligated to protect it and use it only for the purposes for which we disclose it.

User-initiated integrations and account connections. If you choose to connect your Account with third-party applications or services (such as Google, Notion, or other integrations using OAuth or similar authorization mechanisms), we may disclose personal information to those third parties at your direction in order to enable the integration. The information shared depends on the integration and the permissions you grant. The third party's use of such information is governed by its own terms and privacy policies, and not this Policy.

We disclose Inputs to Providers in order to provide the Service and receive Outputs back from those Providers. Providers' processing of Inputs and Outputs is governed by Provider terms and policies. We may also disclose information in connection with a corporate transaction (such as a merger, acquisition, reorganization, or sale of assets), and we may preserve or disclose information where we believe in good faith that doing so is reasonably necessary to comply with law, respond to lawful requests, protect safety, investigate fraud or abuse, and enforce our Terms. We may disclose information with your consent or at your direction.

Anuma AI is not responsible for the privacy or security practices of Providers, Connectors, or other third parties to whom you choose to disclose information or authorize access. Any disclosure made at your direction or through your configuration choices is at your own risk.

Depending on your jurisdiction, you may have rights to request access to, correction of, deletion of, or portability of certain personal information, or to object to or restrict certain processing. You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us. You can control cookies through your browser settings and, where applicable, through any cookie consent tools we may provide. If the Service offers account-level settings related to logging or history (for example, prompt logging or chat history), you may be able to enable or disable such settings through your dashboard; disabling a feature may prevent new data from being stored going forward but may not automatically delete data previously stored unless you also request deletion where applicable.

6.1 Identity Verification; Abuse Prevention. To protect the Service and comply with legal obligations, we may require additional information to verify your identity or authority when processing privacy requests, investigating suspected fraud or abuse, or enforcing our Terms. We may deny or limit requests where permitted by law, including where we cannot reasonably verify identity, where requests are excessive or manifestly unfounded, or where compliance would adversely affect the rights of others.

We retain personal information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate interests. Retention periods vary depending on the nature of the information, the purpose for which it was collected, operational and security considerations, and your configuration choices. For example, billing records may be retained for longer periods to satisfy accounting and compliance obligations, while telemetry and security logs may be retained for shorter periods consistent with operational needs. Where you enable optional logging features, retention may be longer to provide the feature and to support auditability and debugging. Retention periods may be extended where reasonably necessary to comply with legal obligations, enforce our Terms, resolve disputes, prevent fraud or abuse, or protect the security and integrity of the Service.

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information. However, no security measure is perfect, and we cannot guarantee absolute security. While we implement reasonable safeguards, no system can guarantee absolute security, and Anuma AI disclaims liability for unauthorized access, loss, or disclosure of personal information resulting from factors beyond our reasonable control, including Provider systems, user misconfiguration, or compromise of user credentials.

We may process and store information in the United States and other jurisdictions where we or our service providers operate. By using the Service, you understand that your personal information may be transferred to and processed in jurisdictions that may have different data protection laws than your jurisdiction. Where required by law, we implement appropriate safeguards for cross-border transfers.

9.1 Law enforcement and government requests. We may preserve, disclose, or provide access to personal information where we reasonably believe doing so is required or permitted by law, legal process, national security requests, or governmental authority. Where legally permitted, we may attempt to notify affected users of such requests, but we reserve the right to delay or withhold notice where prohibited or where notice would undermine an investigation or legal obligation.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us and we will take appropriate steps to delete such information.

Anuma AI may engage third-party subprocessors to process personal information on our behalf for purposes described in this Policy, including infrastructure hosting, analytics, observability, customer support, payment processing, fraud prevention, and security monitoring. Subprocessors are contractually required to implement appropriate safeguards and to process personal information only in accordance with our instructions. A current list of subprocessors may be made available upon request at privacy@anuma.ai, subject to change as our operations evolve.

This section supplements the Policy and applies to residents of certain U.S. states with comprehensive privacy laws (such as California, Colorado, Connecticut, Utah, Virginia, and others) to the extent those laws apply to our processing of personal information. For purposes of these laws, Anuma AI may act as a "business" or "controller" with respect to personal information we process for our own purposes, such as operating the Site, securing the Service, and administering Accounts, and may act as a "service provider" or "processor" when processing personal information on behalf of a business customer, depending on the context and contractual arrangements.

Categories of personal information we collect may include identifiers and contact information; commercial information (such as purchase and transaction records); internet or other electronic network activity information (such as logs and usage data); approximate location derived from IP; and, depending on how you use the Service, content you submit in Inputs that may contain personal information. We use these categories for the purposes described above, including to operate the Service, process payments, provide support, secure the platform, prevent fraud, analyze performance, and comply with legal obligations.

Subject to applicable law and verification, you may have rights to access, correct, delete, or obtain a copy of personal information, and to opt out of certain processing such as targeted advertising or certain profiling activities, where applicable. We do not knowingly sell personal information in exchange for money, as defined under applicable law. We also do not share personal information for cross-context behavioral advertising as that term is defined under California law, except where our use of analytics and advertising technologies could be construed as "sharing"; where required, we provide mechanisms to exercise opt-out choices through cookie controls or other tools. You may exercise your rights by contacting us as described in Section 14, and we will respond consistent with applicable law. You will not be discriminated against for exercising privacy rights, but certain features may require personal information to function.

Authorized agents may submit requests on your behalf where permitted by law. We may require proof of authorization and will separately verify your identity. If you are a resident of California, you may have additional rights, including the right to limit use and disclosure of certain sensitive personal information; however, we generally do not collect "sensitive personal information" as defined by California law except to the extent you choose to provide it in Inputs, and we encourage you not to submit sensitive information through the Service unless necessary and appropriate. Anuma AI does not knowingly sell personal information for monetary consideration, and does not engage in targeted advertising or profiling for purposes of behavioral advertising, except to the limited extent analytics technologies may incidentally collect data that could be construed as "sharing" under certain state laws.

This section applies to individuals in the European Economic Area ("EEA"), the United Kingdom ("UK"), and Switzerland where the General Data Protection Regulation ("GDPR") or similar laws apply. For purposes of this section, Meta Protocol Inc. is the "controller" of personal information processed in connection with the Site and our direct relationship with you (for example, account administration, billing, security, and analytics). We may act as a "processor" to business customers to the extent we process personal information on their behalf through the Service, depending on the nature of the customer relationship and any applicable Data Processing Agreement ("DPA"). Additional details regarding our role as a processor, applicable security measures, and subprocessors may be addressed in a separate DPA, where applicable.

We process personal information under the following lawful bases: (a) performance of a contract, including providing the Service, administering Accounts, and processing transactions; (b) our legitimate interests, such as securing the Service, preventing fraud and abuse, maintaining reliability, improving performance, and understanding usage trends, provided those interests are not overridden by your rights; (c) compliance with legal obligations, such as recordkeeping and responding to lawful requests; and (d) consent, where required by law, such as for certain cookies or marketing communications. Where we rely on consent, you may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

Subject to applicable law, you may have rights to access, rectify, erase, restrict, or object to processing, and to data portability. You also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred. If you object to processing based on legitimate interests, we will evaluate the objection consistent with GDPR requirements.

Where we transfer personal information outside the EEA/UK/Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses ("SCCs") and (where applicable) the UK International Data Transfer Addendum, or other lawful transfer mechanisms.

For GDPR-related inquiries, you may contact us at privacy@anuma.ai with "GDPR" or "UK GDPR" in the subject line. If you are a business customer seeking a data processing agreement ("DPA"), please contact legal@anuma.ai. We may provide a DPA upon request and subject to appropriate commercial terms and a review of your use case.

Business customers are solely responsible for determining whether a DPA is required for their use of the Service and for ensuring that their use complies with GDPR and other applicable data protection laws, including obligations relating to transparency, consent, and data subject rights. Anuma AI does not monitor or validate customer compliance with such obligations.

If you have questions or requests regarding this Policy, please contact us at: