AnzenOT

Privacy Policy

Last updated: January 22, 2026

GDPR & Data Protection: AnzenOT is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), UK GDPR, and other applicable data protection laws. This policy explains how we collect, use, and protect your personal data.

Table of Contents

  1. Data Controller
  2. Data We Collect
  3. Legal Basis for Processing
  4. How We Use Your Data
  5. Data Sharing and Transfers
  6. Data Retention
  7. Your Rights
  8. Cookies and Tracking
  9. Data Security
  10. Children's Privacy
  11. Changes to This Policy
  12. Contact Us

1. Data Controller

AnzenOT is the data controller responsible for your personal data. Our contact details are:

2. Data We Collect

2.1 Information You Provide

Category Data Types Purpose
Account Data Name, email address, password (hashed), organization name Account creation and authentication
Profile Data Job title, phone number, preferences Service personalization
Billing Data Payment method, billing address, transaction history Payment processing (via Stripe)
Customer Content Facility information, risk assessments, scenarios Providing the Service
Communications Support tickets, feedback, correspondence Customer support

2.2 Information Collected Automatically

Category Data Types Purpose
Usage Data Pages visited, features used, actions taken Service improvement and analytics
Device Data IP address, browser type, operating system Security and troubleshooting
Log Data Access times, error logs, referral URLs Security monitoring
Cookie Data Session identifiers, preferences Site functionality (see Cookie Policy)

Under the GDPR, we process your personal data based on the following legal grounds:

Legal Basis When We Use It
Contract Performance
(Article 6(1)(b))		 Processing necessary to provide the Service you subscribed to, including account management, service delivery, and customer support.
Legitimate Interests
(Article 6(1)(f))		 Improving our Service, security monitoring, fraud prevention, and business analytics. We balance these interests against your rights.
Legal Obligation
(Article 6(1)(c))		 Complying with tax laws, responding to legal requests, and maintaining required records.
Consent
(Article 6(1)(a))		 Marketing communications, non-essential cookies, and any processing where we explicitly request your consent.

4. How We Use Your Data

We use your personal data to:

AI Processing: Our Service uses artificial intelligence to generate risk assessments, recommendations, and reports. Your facility and scenario data may be processed by AI systems. This processing is necessary to provide core Service functionality. We do not use your data to train AI models for other customers.

5. Data Sharing and Transfers

5.1 Service Providers

We share data with trusted third parties who help us operate our Service:

Provider Category Purpose Data Shared
Cloud Infrastructure (AWS) Hosting and data storage All service data
Payment Processor (Stripe) Subscription billing Billing data only
AI Services (OpenAI) Risk analysis generation Anonymized facility data
Email Services Transactional emails Email address, name

5.2 International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards:

5.3 Legal Disclosures

We may disclose your data if required by law, court order, or to protect our rights and safety.

6. Data Retention

We retain your personal data only as long as necessary:

Data Type Retention Period
Account Data Duration of account + 30 days after deletion request
Customer Content Duration of subscription + 90 days for export
Billing Records 7 years (legal requirement)
Usage Logs 12 months
Support Communications 3 years

7. Your Rights

Under the GDPR and other data protection laws, you have the following rights:

Access

Request a copy of your personal data we hold.

Rectification

Correct inaccurate or incomplete data.

Erasure

Request deletion of your data ("right to be forgotten").

Restriction

Limit how we process your data.

Portability

Receive your data in a structured, machine-readable format.

Object

Object to processing based on legitimate interests.

Withdraw Consent

Withdraw consent at any time where we rely on it.

Complain

Lodge a complaint with a supervisory authority.

To exercise your rights, contact us at privacy@anzenot.ai. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies to operate our Service. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

Key points:

9. Data Security

We implement robust security measures to protect your data:

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

10. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

For privacy-related inquiries or to exercise your rights:

EU Representative: If you are located in the EU and wish to contact our EU representative, please email eu-rep@anzenot.ai.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. A list of EU authorities is available at edpb.europa.eu.

Document Version: 2.0
Effective Date: January 22, 2026
Previous Version: View archived versions

Terms of Service Privacy Policy Cookie Policy Contact DPO

© 2026 AnzenOT. All rights reserved.