0%
Skip to main content

Privacy Policy 🛡️

Last updated: June 4, 2025

🔐 At Anthromorphe LLC, we are committed to protecting your privacy and being transparent about our data practices. We collect minimal personal information and implement strong security measures to keep your data safe.

✅ OUR PRIVACY COMMITMENT

GDPR & CCPA COMPLIANT: We comply with major privacy regulations including GDPR, CCPA, and other applicable privacy laws.

MINIMAL DATA COLLECTION: We only collect essential information through our contact form to respond to your inquiries.

STRONG SECURITY: Your data is encrypted at rest and in transit, stored in secure databases with role-based access controls.

YOUR CONTROL: You choose how long we keep your data (30, 90, or 365 days) and can exercise your privacy rights at any time.

NO TRACKING: We don't use Google Analytics or tracking cookies. Only essential functional cookies for website operation.

1. Information We Collect 📊

📋 We practice data minimization and only collect information necessary to provide our services and respond to your inquiries.

Contact Information 👤

When you contact us through our contact form, we collect:

Name (required for personalized response)
Email address (required for our response)
Phone number (optional)
Subject of your inquiry
Message content
Your chosen data retention preference (30/90/365 days)

✅ Secure Storage: Data encrypted at rest in Supabase with role-based access controls. Only the business owner has access. Auto-deleted based on your preference.

Technical Information 🔧

We collect minimal technical information for website functionality:

Google Search Console: Aggregate page views and country-level statistics (no personal data)
Functional cookies: Theme preference and language settings only
Website performance: Basic loading times and error logs (anonymized)
Security logs: Failed login attempts and potential threats (anonymized)

ℹ️ No Tracking: We do not use Google Analytics, tracking pixels, or any behavioral tracking tools. No cross-site tracking or advertising cookies.

2. How We Use Your Information ⚙️

🎯 We use your information solely for legitimate business purposes and only as necessary to provide our services:

💬
Respond to your service inquiries and provide customer support
Legal Basis: Communication
📞
Contact you about your specific project requirements
Legal Basis: Service Delivery
📋
Maintain records for business and legal compliance
Legal Basis: Legal Obligation
🛡️
Protect against spam, fraud, and security threats
Legal Basis: Legitimate Interest
📊
Improve our website functionality and user experience
Legal Basis: Legitimate Interest
⚖️
Comply with applicable laws and regulations
Legal Basis: Legal Obligation

Data Sharing Policy

We do NOT sell, trade, or rent your personal information to third parties. We only share data when:

  • Required by law or court order
  • Necessary to protect our rights or safety
  • With your explicit consent
  • With service providers under strict data processing agreements (hosting, email)

3. Data Security & Protection 🔒

🛡️ We implement industry-standard security measures to protect your personal information:

Technical Safeguards ⚙️

Encryption at rest and in transit (TLS/SSL)
Secure database hosting with Supabase
Role-based access controls (RLS policies)
Regular security updates and monitoring
Automated backup systems
Network security and firewall protection

Administrative Safeguards 👥

Single-person access control (business owner only)
Strong authentication and password policies
Regular privacy and security training
Data processing agreements with all vendors
Incident response procedures
Regular privacy impact assessments

✅ YOUR DATA IS SECURE: Industry-standard encryption, access controls, and monitoring protect your information

4. Your Privacy Rights ⚖️

You have comprehensive privacy rights under GDPR, CCPA, and other applicable laws. We make it easy to exercise these rights:

Access & Portability

Request a copy of your personal data in a machine-readable format

Response Time: Within 30 days, usually much faster

Correction & Updates

Request corrections to inaccurate or incomplete personal data

Process: Secure verification and prompt updates

Deletion & Erasure

Request deletion of your personal data (right to be forgotten)

Automated: Respects your chosen retention period or immediate upon request

Restriction & Objection

Limit or object to how we process your personal data

Flexible: We honor processing restrictions and objections

How to Exercise Your Rights

Automated System:

  • • Use our Data Subject Rights form
  • • Secure identity verification
  • • Automated processing when possible
  • • Email confirmation and tracking

Direct Contact:

  • • Email: privacy@anthromorphe.com
  • • Response time: Within 72 hours
  • • Processing: Usually within 7-14 days
  • • Free of charge for reasonable requests

5. Data Retention & International Transfers 🌍

Data Retention Policy

You control how long we keep your data. When you contact us, you choose your retention period:

30 Days
Standard retention for simple inquiries
90 Days
For ongoing project discussions
365 Days
For long-term partnerships

Data is automatically deleted after your chosen period unless you request earlier deletion.

International Data Transfers

Your data is primarily stored in the United States with our secure hosting provider (Supabase). For international users:

  • EU Users: We provide adequate data protection safeguards under GDPR
  • UK Users: We comply with UK GDPR requirements
  • Canadian Users: We meet PIPEDA privacy standards
  • Other Jurisdictions: We apply the highest applicable privacy standards

6. Contact Information 📞

For privacy-related questions, to exercise your rights, or to report concerns:

Anthromorphe LLC - Privacy Team

Primary Contact
privacy@anthromorphe.com
Phone
(555) 123-4567
Address
Los Angeles, CA
Response Time
Within 72 hours
Data Requests
Processed within 30 days
Security
Encrypted communication

Automated Rights Requests: Use our Data Subject Rights Request form for fastest processing of access, deletion, correction, and portability requests.

This Privacy Policy is effective as of June 4, 2025 and reflects our current privacy practices and compliance with applicable privacy laws.

🔐 Exercise Your Privacy Rights

Access, delete, correct, or port your personal data quickly and securely through our automated rights request system.

Submit Privacy Rights Request

International Privacy Law Compliance

🇬🇧 UK GDPR

Status: Full compliance maintained

Scope: UK residents have same rights as EU residents under UK GDPR

Data Transfers: Adequate protections in place for UK-US data transfers

Rights: Access, rectification, erasure, portability, restriction, objection

✅ UK Compliance: Our GDPR compliance framework covers UK GDPR requirements

🇨🇦 PIPEDA (Canada)

Status: Compliant with reasonable privacy practices

Scope: Personal Information Protection and Electronic Documents Act

Principles: Consent, purpose limitation, data minimization

Rights: Access to personal information, correction of errors

✅ PIPEDA Compliance: Our privacy practices meet PIPEDA requirements

🇧🇷 LGPD (Brazil)

Status: Voluntary compliance with LGPD principles

Scope: Lei Geral de Proteção de Dados Pessoais

Basis: Lawful basis for processing, data subject rights

Rights: Similar to GDPR - access, correction, deletion, portability

ℹ️ LGPD Alignment: Our GDPR-compliant practices align with LGPD requirements

🇦🇺 Australia Privacy Act

Status: Privacy principles alignment

Scope: Australian Privacy Principles (APPs)

Focus: Collection, use, disclosure, data quality, security

Rights: Access and correction of personal information

📋 Monitoring: We monitor Australian privacy law developments

🌍 Global Privacy Standards Approach

Our Principles:

  • • Apply highest applicable privacy standard globally
  • • Data minimization and purpose limitation
  • • Strong security measures and encryption
  • • User control over data retention periods
  • • Transparent data practices and policies

Implementation:

  • • Single global privacy standard (GDPR-level)
  • • Consistent data subject rights worldwide
  • • Regular monitoring of international developments
  • • Legal consultation for major changes
  • • Proactive compliance approach

Data Breach Response Procedures

🚨 Incident Response Overview

Anthromorphe LLC maintains comprehensive incident response procedures to handle potential data breaches quickly and effectively, ensuring compliance with notification requirements under GDPR, CCPA, and other applicable privacy laws.

⚡ Response Time: Initial response within 1 hour, notification within 72 hours where required

🔍 Phase 1: Detection & Assessment

Timeline:

0-1 hours

Actions:
  • • Incident detection and verification
  • • Initial impact assessment
  • • Incident team activation
  • • Immediate containment measures

🛡️ Phase 2: Containment & Investigation

Timeline:

1-24 hours

Actions:
  • • Full containment and isolation
  • • Detailed forensic investigation
  • • Data impact assessment
  • • Evidence preservation

📢 Phase 3: Notification & Recovery

Timeline:

24-72 hours

Actions:
  • • Regulatory notifications
  • • Individual notifications
  • • System recovery and hardening
  • • Post-incident review

📋 Notification Requirements by Jurisdiction

GDPR (EU/UK)

Authority Notification:

Within 72 hours to supervisory authority

Individual Notification:

Without undue delay if high risk to rights and freedoms

Required Information:
  • Nature of breach and data categories
  • Number of data subjects affected
  • Likely consequences and mitigation measures
  • Contact information for further details

US State Laws

California (CCPA/SB-1386):

Without unreasonable delay to California residents

Other States:

As required by applicable state breach notification laws

Federal Requirements:
  • Industry-specific requirements (if applicable)
  • Law enforcement coordination when required
  • Consumer reporting when appropriate

⚖️ Risk Assessment & Notification Decision Matrix

Risk LevelData TypeIndividual NotificationRegulatory Notification
HIGHContact data + sensitive information✅ Required immediately✅ Within 72 hours
MEDIUMContact information only📋 Case-by-case assessment✅ Within 72 hours
LOWAnonymized/encrypted data❌ Generally not required📋 Documentation only

📞 Incident Response Contact Information

Internal Response Team

Incident Commander: Business Owner
Technical Lead: Development Team
Legal Contact: External legal counsel (on retainer)
Communication Lead: Privacy team

External Contacts

Legal Counsel: Data protection specialist
Forensics Partner: Incident response firm
Regulatory Authorities: Pre-identified contacts
Vendor Support: Supabase, Netlify emergency contacts

24/7 Incident Hotline: privacy@anthromorphe.com | Emergency procedures documented and accessible to response team

📝 Documentation & Record Keeping

Required Documentation:

  • • Incident timeline and response actions
  • • Data impact assessment and affected records
  • • Notification records and recipients
  • • Remediation measures and system changes
  • • Post-incident review and lessons learned

Retention Requirements:

  • • GDPR: 3+ years for major incidents
  • • CCPA: 24 months minimum
  • • Internal policy: 5 years for all incidents
  • • Legal hold: Indefinite if litigation risk
  • • Regulatory requests: Available upon demand

✅ PRIVACY COMPLIANCE STATEMENT

This privacy policy reflects our commitment to privacy protection and compliance with applicable privacy laws including GDPR, CCPA, PIPEDA, and other international privacy regulations. We continuously monitor and update our practices to maintain the highest privacy standards.

✅ COMPLIANCE CONFIRMED: We implement appropriate technical and organizational measures to ensure privacy protection and give you full control over your personal data.