Privacy Policy
A Note from Annabelle
Before the legal language: I mean what I said on the site. Your memories are yours. I don't train AI models on them. I don't sell them. I don't share them. This document exists because the law requires it, but the promise is simple: what you share with me stays with you.
Now, here's what our lawyers need you to know:
1. Introduction
This Privacy Policy describes how Strategic Data Architects LLC ("we," "us," "our," or "the Company") collects, uses, and protects information when you use Annabelle ("the Service"), accessible via WhatsApp and Telegram at withanna.io.
Company Information:
Strategic Data Architects LLC
1209 Mountain Road Place Northeast, STE R
Albuquerque, NM 87110
United States
Email: hello@withanna.io
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide Directly
When you interact with Annabelle, you voluntarily share:
- Messages: Text, voice notes, photos, documents, links, and any other content you send
- Contact Information: Phone number (from WhatsApp/Telegram)
- Payment Information: Processed securely through Stripe (see Section 5)
- Conversation History: All interactions with Annabelle
2.2 Information Collected Automatically
- Usage Data: Timestamps of messages, interaction frequency, conversation metadata
- Device Information: Device type, operating system, messaging platform (WhatsApp or Telegram)
- Technical Data: IP address (collected by WhatsApp/Telegram, not directly by us)
2.3 Information We Do NOT Collect
- We do not collect browsing history outside of withanna.io
- We do not collect location data beyond what messaging platforms provide
- We do not collect social media information
- We do not use cookies on our website (static HTML page)
3. How We Use Your Information
3.1 Primary Purposes
We use your information exclusively to:
- Provide the Service: Remember your conversations, identify patterns, show you how your thinking evolves
- Process Payments: Handle subscriptions via Stripe
- Communicate: Respond to support requests, send service updates
- Improve Annabelle: Enhance conversation quality and memory accuracy (NOT by training AI models on your data—see Section 3.3)
3.2 Memory Storage
Your memories are stored as:
- Markdown files (.md) in version-controlled repositories (Git)
- Encrypted at rest using industry-standard encryption (AES-256)
- Encrypted in transit via TLS/SSL
- Accessible only to you and necessary systems for Service operation
3.3 What We DON'T Do With Your Data
We explicitly do NOT:
- Train AI models on your personal memories or conversations
- Sell your data to third parties
- Share your data with advertisers
- Use your data for marketing purposes beyond the Service
- Aggregate your data with other users for analytics (each user's data remains isolated)
Exception: We may use anonymized, aggregated statistics (e.g., "% of users who send voice notes") for product improvement, where individual users cannot be identified.
4. How We Share Your Information
4.1 Third-Party Service Providers
We share limited data with:
a) Messaging Platforms:
- WhatsApp (Meta Platforms, Inc.)
- Telegram (Telegram Messenger Inc.)
These platforms transmit your messages to us. We do not control their privacy practices. Review their policies:
- WhatsApp: https://www.whatsapp.com/legal/privacy-policy
- Telegram: https://telegram.org/privacy
b) AI Language Model Providers:
To generate Annabelle's responses, we use AI providers with zero data retention policies, meaning they do not store or train on your data. As of this policy date:
- We use providers contractually bound to delete your data after processing
- We do not use providers that train models on customer data
- We are actively working toward fully local AI models for enhanced privacy
c) Payment Processor:
- Stripe, Inc. processes all payments
- We do not store full credit card numbers
- Stripe Privacy Policy: https://stripe.com/privacy
d) Infrastructure Providers:
- Cloud hosting for encrypted memory storage (AWS, Google Cloud, or similar)
- Data remains encrypted; providers cannot access content
4.2 Legal Requirements
We may disclose your information if required by law:
- To comply with legal processes (subpoena, court order)
- To protect our rights, property, or safety
- To investigate fraud or security issues
- To comply with national security or law enforcement requests
In such cases, we will:
- Notify you unless legally prohibited
- Resist overbroad requests
- Provide only the minimum information required
4.3 Business Transfers
If Strategic Data Architects LLC is acquired or merged, your data may transfer to the new entity. You will be notified, and the new entity must honor this Privacy Policy.
5. Payment Information
Payment Processor: Stripe, Inc.
What Stripe Collects: Credit card details, billing address, payment history
What We Receive from Stripe: Transaction confirmation, subscription status, last 4 digits of card
We Do NOT: Store full credit card numbers or process payments directly
Your payment data is governed by Stripe's Privacy Policy and PCI-DSS standards.
6. Data Retention
6.1 Active Users
We retain your data as long as your account is active to provide the Service.
6.2 After Cancellation
When you cancel:
- You can export all memory files (we provide them within 30 days)
- We delete all data within 90 days after account closure
- Backups are deleted within 180 days
6.3 Legal Retention
We may retain minimal data (e.g., transaction records) for:
- Tax/accounting purposes (up to 7 years)
- Legal compliance
- Dispute resolution
This data is anonymized where possible.
7. Your Rights
7.1 All Users
You have the right to:
- Access: Request a copy of all data we hold about you
- Export: Download your memory files at any time (markdown format)
- Correct: Update or correct inaccurate information
- Delete: Request deletion of your account and all associated data
- Restrict: Limit how we process your data
- Object: Opt out of specific data processing activities
- Portability: Receive your data in machine-readable format
How to Exercise Rights: Email hello@withanna.io with your request. We respond within 30 days.
7.2 European Users (GDPR)
If you are in the EU/EEA/UK:
- Legal Basis for Processing: Consent (by using the Service) and contractual necessity
- Data Controller: Strategic Data Architects LLC
- Right to Complain: You may file a complaint with your local data protection authority
- International Transfers: We may transfer data to the U.S. We use Standard Contractual Clauses approved by the EU Commission
7.3 California Users (CCPA/CPRA)
If you are a California resident:
- Right to Know: What personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do NOT sell personal information, so no opt-out needed
- No Discrimination: We will not discriminate against you for exercising your rights
Shine the Light Law: We do not share personal information with third parties for their direct marketing purposes.
8. Data Security
8.1 Technical Measures
We implement:
- Encryption: AES-256 encryption at rest, TLS 1.3 in transit
- Access Controls: Role-based access, principle of least privilege
- Authentication: Multi-factor authentication for all systems
- Monitoring: Automated intrusion detection and logging
- Regular Audits: Security assessments and penetration testing
8.2 Organizational Measures
- Employee Training: All staff trained on data protection
- Data Minimization: We collect only what's necessary
- Incident Response Plan: Protocol for data breaches
- Vendor Agreements: All third parties sign data protection agreements
8.3 Limitations
No system is 100% secure. While we use industry-standard protections, we cannot guarantee absolute security. You use the Service at your own risk.
Your Responsibility: Protect your phone and messaging app access. Do not share your device with untrusted individuals.
9. Data Breach Notification
If a breach occurs that compromises your data:
- We will notify you within 72 hours via WhatsApp/Telegram and email
- We will explain: What happened, what data was affected, what we're doing
- We will notify authorities as required by law (e.g., EU authorities under GDPR)
10. Children's Privacy
Annabelle is not intended for users under 18.
We do not knowingly collect data from minors. If you believe a child has used the Service, contact us immediately at hello@withanna.io, and we will delete the data.
11. International Users
Data Location: Your data may be stored in the United States or other countries where our service providers operate.
Legal Protections: We comply with:
- GDPR (EU General Data Protection Regulation)
- CCPA/CPRA (California Consumer Privacy Act)
- Other applicable privacy laws
By using the Service, you consent to international data transfers as described in this policy.
12. Third-Party Links
Our website and Annabelle's conversations may include links to third-party sites. We are not responsible for their privacy practices. Review their policies before sharing information.
13. Changes to This Privacy Policy
We may update this policy to reflect:
- Changes in the law
- New features or services
- Feedback from users
We will notify you of material changes:
- By posting notice on withanna.io
- Via message through Annabelle
- By email (if we have your email)
Continued use after changes means you accept the updated policy.
14. Open Source Commitment
Our memory module (DiffMem) is open source: https://github.com/Growth-Kinetics/DiffMem
You can review how your data is structured and stored. We believe in transparency through code.
15. Questions & Contact
For privacy-related questions, data requests, or concerns:
Email: hello@withanna.io
Mail:
Strategic Data Architects LLC
Attn: Privacy Officer
1209 Mountain Road Place Northeast, STE R
Albuquerque, NM 87110
United States
Response Time: We respond to all privacy inquiries within 30 days.
16. Dispute Resolution
Informal Resolution: Contact us first at hello@withanna.io
Arbitration (U.S. Users): Disputes will be resolved through binding arbitration under the American Arbitration Association (AAA) rules, rather than in court.
Exceptions: You may bring claims in small claims court or file complaints with privacy regulators.
Governing Law: This policy is governed by the laws of New Mexico, United States.
17. Your Consent
By using Annabelle, you consent to:
- This Privacy Policy
- The collection and use of information as described
- International data transfers for Service operation
You may withdraw consent at any time by deleting your account.
Summary (Plain Language)
What we collect: Messages you send to Annabelle, your phone number, payment info
Why we collect it: To provide the memory service, process payments, improve the experience
Who we share with: Messaging platforms (WhatsApp/Telegram), AI providers (with zero retention), Stripe (payments)
What we DON'T do: Sell your data, train AI models on your memories, share with advertisers
Your rights: Access, export, delete your data anytime
Security: Encrypted storage, secure transmission, industry-standard protections
Questions: hello@withanna.io
Last Updated: January 15, 2025
Strategic Data Architects LLC
All Rights Reserved
This privacy policy was written to be as clear as possible while protecting both you and us. If anything is unclear, please ask. We're here to help.
← Back to Annabelle