Privacy Policy
1. Introduction
We at TALENTSEC TECHNOLOGY (HONG KONG) LIMITED ("Company," "We," or "Us") are strongly committed to respecting Your privacy and keeping secure any information You share with Us.
1.1 Our Privacy Commitment
As ANNA operates as a general-purpose AI agent with the ability to interface with Your local applications, We hold Your privacy as Our highest priority. We do not use Your data to train generative AI model weights. We process Service Context in a purpose-limited manner and, where feasible, transiently; however, We may retain limited Service Context (e.g., task/session history, operational logs, or security records) where You enable features that require it or where needed for security, abuse prevention, troubleshooting, quality evaluation (non-training), and legal compliance, as described in this Privacy Policy.
1.2 Scope
This Privacy Policy explains how We collect, use, and protect information when You use the ANNA software ecosystem, which includes:
- (a) The ANNA Cloud Platform;
- (b) The local ANNA Agent;
- (c) Our APIs, documentation, and related developer tools; and
- (d) Our website and customer portals (collectively, the "Service").
1.3 Acceptance & Consent
Please read this Privacy Policy carefully. By accessing, installing, or using the Service, You acknowledge that You have been informed of Our practices and consent to the collection and use of Your information — specifically as required to execute the tasks You command — as described in this Policy. You understand that ANNA's ability to perform tasks within Your local applications depends on the permissions You grant to the ANNA Agent.
1.4 Relationship to Terms of Service
(a) Terms of Service: This Policy is incorporated by reference into the ANNA Terms of Service. Capitalized terms not defined here have the meanings given to them in the Terms. Please note that as a general-purpose agent, "Inputs" and "Service Context" explicitly include the commands You issue and the data ANNA retrieves from Your local applications to fulfill those requests.
(b) Enterprise Agreements: If Your organization has entered into a separate Enterprise Master Services Agreement (MSA) or Data Processing Agreement (DPA) with Us, the terms of that separate agreement shall control to the extent it governs the Processing of Personal Data on Your organization's behalf, and this Privacy Policy does not apply to such Processing.
1.5 Our Role: Controller vs. Processor
(a) Individual / Self-Serve Use (No Enterprise MSA/DPA). When You use the Service as an individual or under a standard self-serve account, We act as an independent Data Controller for the Personal Data We process to provide and secure the Service. This includes Account Information and other Personal Data processed in connection with Your use of the Service (including Personal Data that may be contained in Service Context).
(b) Enterprise Use (Enterprise MSA/DPA Applies). If Your organization has entered into an Enterprise MSA and/or DPA with Us, then for the Processing of Customer Personal Data on Your organization's behalf, Your organization acts as the Data Controller and We act as the Data Processor. In such cases, the DPA governs that Processing.
(c) Account Information Always Remains Controller Data. Regardless of whether You use the Service individually or through an Enterprise account, We act as a Data Controller for Account Information (e.g., registration details, billing and payment administration, account security, and login credentials).
1.6 Key Terms and Definitions
For purposes of this Privacy Policy: (i) "Third-Party Services" means any third-party application, website, platform, API, tool, or service that is not provided by Us; (ii) "Integrations" means the in-product connection capabilities within the Service that You use to connect to Third-Party Services; (iii) "Integration Management Interface" means the user interface that allows You to manage Integrations. Enabling/disabling an Integration controls whether the Service will attempt to use it; adding/updating/removing credentials is separate.
1.7 Minimum Age
You must be at least eighteen (18) years old or the age of legal majority in your place of residence (whichever is higher) to use the Service. The Service is not directed to children or minors.
2. Information We Collect
We collect information in three ways: directly from You, automatically through Your use of the Service (including through the ANNA Agent's interaction with Your authorized applications), and from third-party sources.
"Personal Data" means any information about an individual from which that person can be identified. It does not include data where the identity has been removed ("Anonymous Data").
Data Minimization: We take active steps to minimize the amount of Personal Data We collect, utilizing aggregated, anonymized, or pseudonymized datasets whenever possible.
2.1 Account & Profile Information
We collect data directly from You when You register for the Service:
- (a) Identity Data: Your name, username, email address, and authentication credentials.
- (b) Contact Data: Your billing address, delivery address (if applicable), and telephone numbers.
- (c) Payment Information: Our third-party processor (Stripe) may collect and process payment method details. We do not store full credit card numbers on Our servers.
- (d) Transaction Data: Details about payments to and from You and details of products and services You have purchased.
- (e) Professional Data: If You sign up via an Enterprise Order Form, We may collect Your job title and company details.
- (f) Integration & Connected Account Data: If You link third-party cloud accounts, We may collect authentication tokens and basic profile information.
2.2 Usage, Device & Log Data
(a) ANNA Agent Telemetry
Because the Service includes a local software component, We receive limited telemetry to ensure the software is functioning correctly:
- Heartbeat Signals: Periodic pings to verify the Agent is online;
- Performance Metrics: CPU/memory usage, task execution duration, and diagnostic/error events. Diagnostic logs do not include substantive content by default;
- Environment Data: OS type and version, Agent version, and information about authorized applications.
Telemetry/diagnostics collection is enabled by default, and You can disable it in the Service settings.
(b) Cloud Platform & Device Logs
- Device and System Telemetry: Limited device information for operational and security purposes;
- Identifiers and Network Information: For security, session management, and abuse prevention;
- Email Beacons: To understand email engagement and improve communications;
- Internal Identifiers: Usage Data may be associated with an internally-generated user ID.
(c) Location Information
For security reasons, We may determine Your approximate geographic location based on Your IP address.
(d) Security Audit Logs
We collect audit log information related to system access, authorization, and activity. Audit logs are intended to capture operational metadata and do not include substantive content by default.
2.3 Service Context (Inputs & Outputs)
This is the core operational data required for ANNA to perform requested tasks:
- (a) Inputs: Text commands, voice prompts, Target URLs, IP addresses, API schemas, and configuration settings.
- (b) Task & System Context: Data retrieved by the ANNA Agent from Your local environment or Third-Party Services, including communication data, web/interface context, and technical context.
- (c) Outputs: Results, actions, or content generated by the Service including technical reports, remediation suggestions, drafted emails, and completed automation tasks.
Collectively, these are referred to as "Service Context" and are governed by the "No Training Covenant" in Section 4.
2.4 Cookies & Tracking Technologies
We and Our service providers utilize cookies (including session and persistent cookies), local storage, pixels, and scripts to operate the Service, improve Your experience, and prevent security abuse. You can manage cookie preferences through Your browser settings.
3. How We Use Your Information
We use the information We collect for the following purposes:
- Providing, maintaining, and improving the Service;
- Processing Your transactions and managing Your account;
- Communicating with You about the Service;
- Ensuring security and preventing fraud and abuse;
- Complying with legal obligations;
- Analyzing usage patterns to improve the Service (using aggregated/anonymized data).
4. No-Training Covenant
Where available under Our agreements and technical configurations, We seek to restrict Our third-party AI model providers from using Service Context for their model training. However, third-party AI model providers may still Process (and in some cases retain) Service Context as necessary to provide their services.
5. How We Share Your Information
We may share Your information with:
- AI Partners: Third-party LLM providers (e.g., OpenAI, Anthropic) to process Your Inputs and generate Outputs;
- Cloud Infrastructure Providers: To host and operate the Service;
- Payment Processors: To process Your payments;
- Professional Advisors: Lawyers, auditors, and accountants as necessary;
- Legal Requirements: Where required by law, regulation, or legal process;
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
6. Data Retention
We retain Your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When determining the appropriate retention period, We consider the amount, nature, and sensitivity of the data, the potential risk of harm, and applicable legal requirements.
7. Data Security
We implement appropriate technical and organizational measures to protect Your Personal Data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.
8. Your Rights
Depending on Your jurisdiction, You may have the following rights regarding Your Personal Data:
- Access: Request a copy of Your Personal Data;
- Rectification: Request correction of inaccurate data;
- Erasure: Request deletion of Your Personal Data;
- Restriction: Request restriction of processing;
- Portability: Request transfer of Your data;
- Objection: Object to processing of Your data;
- Withdrawal of Consent: Withdraw consent where processing is based on consent.
To exercise these rights, please contact us at [email protected].
9. International Data Transfers
Your information may be transferred to, and maintained on, computers located outside of Your jurisdiction where data protection laws may differ. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where applicable.
10. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children. If We learn that We have collected Personal Data from a child, We will take steps to delete such information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify You of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes Your acceptance of the updated Privacy Policy.
12. Contact Us
If You have any questions about this Privacy Policy, please contact us:
- Email: [email protected]
- Postal Address: UNIT 806 MEGA CUBE NO 8 WANG KWONG RD KOWLOON BAY HONG KONG
For the complete and authoritative version of this Privacy Policy, or if you have any questions, please contact [email protected].