Privacy Policy

Anchor Co AI is a product of Anchor Co, operated by Isaiah 41 LLC ("we," "us," "our"), a limited liability company organized in the State of Missouri, United States. For privacy questions, email hello@anchorcoai.com. For security incidents or vulnerabilities, email security@anchorcoai.com.

This policy explains what information we collect, how we use it, who we share it with, and the rights you have. It applies to anchorcoai.com and all related services (the "Service").

When you create an account we collect:

• Your name and email address (provided by you)
• Your billing information — processed and stored by Stripe. We receive the last 4 digits, card brand, and billing country only. We never see or store your full card number.
• The URLs and page content you choose to train your chatbot on
• Conversations between your website visitors and your chatbot, for display in your dashboard
• Any custom knowledge notes, system prompts, or configuration you provide

We also collect:

• Server logs — IP address, user agent, request paths, timestamps — for security, debugging, and rate limiting
• Essential cookies — a signed session cookie to keep you logged in. We do not use advertising, tracking, or analytics cookies.
• Visitor chat metadata— when a visitor on your customer's website uses the chat widget, we record the message content, timestamp, page URL, and a short-lived anonymous session identifier. We do not collect visitor IP addresses beyond temporary abuse-prevention logs.

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR:

• Performance of a contract — to provide the Service you signed up for (account creation, chatbot training, message delivery, billing).
• Legitimate interests — to secure the Service, prevent abuse, improve product quality in aggregate, and communicate about your account.
• Consent — where required by law, such as optional product-update emails. You can withdraw consent at any time.
• Legal obligation — to comply with tax, accounting, and law-enforcement requirements.

• To operate the Service — train your chatbot, answer visitor questions, render your dashboard, bill you
• To communicate with you about your account, security, billing, and product updates
• To enforce our Terms and prevent abuse, fraud, or illegal activity
• To improve the Service in aggregate — we analyze trends and errors but do not use your content to train general-purpose AI models

The Service uses large language models (currently provided by Anthropic and OpenAI) to generate chatbot responses from your training content. These responses are algorithmic and may contain errors. You are responsible for reviewing AI output before relying on it for any important decision.

We do not use AI to make decisions that produce legal or similarly significant effects about you. We do not use your chatbot conversations, training content, or knowledge notes to train the underlying AI models. Our AI subprocessors contractually do not train their models on your content.

We share only the minimum necessary data with the following subprocessors to operate the Service:

• Vercel, Inc. (USA) — hosting and content delivery
• Supabase, Inc. (USA) — database and authentication
• Stripe, Inc. (USA) — payment processing
• Resend, Inc. (USA) — transactional email delivery
• ImprovMX (France) — inbound email routing
• Anthropic PBC (USA) — AI response generation
• OpenAI, L.L.C. (USA) — text embeddings for content search

A current and complete list of subprocessors is available at anchorcoai.com/subprocessors. We will post at least 30 days' notice before adding a new subprocessor. We do not sell your personal data to anyone, ever.

We are based in the United States, and most of our subprocessors are located in the United States. If you access the Service from outside the U.S., your information will be transferred to, processed in, and stored in the United States.

For transfers of personal data out of the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards in our subprocessor agreements. If you would like a copy of the relevant SCCs, email hello@anchorcoai.com.

We keep your information only as long as we need it:

• Account data — for the life of your account, plus 30 days after you delete it, after which it is permanently removed.
• Chatbot training content — until you delete it or delete your account.
• Visitor conversations — for 12 months by default, or the duration of your plan, whichever is shorter. You can configure a shorter retention window in your dashboard.
• Billing records — for 7 years as required by U.S. tax and accounting law.
• Server logs — for up to 90 days.

Depending on where you live, you may have the following rights over your personal data. To exercise any of them, email hello@anchorcoai.com. We will respond within 30 days and will verify your identity before acting on the request.

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — delete your account and associated personal data (subject to legal-retention exceptions).
• Portability — receive your data in a common machine-readable format.
• Object — object to processing based on our legitimate interests.
• Restrict — ask us to pause certain processing while we address a dispute.
• Withdraw consent — where we rely on consent, withdraw it at any time.

EEA, UK, and Swiss users have the right to lodge a complaint with your national data-protection supervisory authority. You can find the list of authorities at edpb.europa.eu.

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and (if applicable) sell or share
• Delete personal information we have collected from you
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information — we do not sell or share personal information for cross-context behavioral advertising
• Limit use of sensitive personal information — we do not collect sensitive personal information beyond what is necessary to provide the Service
• Non-discrimination for exercising your rights

To exercise any of these rights, email hello@anchorcoai.com. We will verify your identity before responding.

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please email hello@anchorcoai.com and we will delete it.

We use industry-standard safeguards to protect your data — TLS in transit, encryption at rest through our subprocessors, role-based access controls, and the principle of least privilege. No system is perfectly secure, but we treat security seriously.

If you discover a vulnerability, please report it to security@anchorcoai.com. We acknowledge reports within 2 business days.

We use essential cookies only — a signed session cookie to keep you logged in and CSRF protection. We do not use advertising, analytics, or tracking cookies, so no cookie consent banner is required under GDPR or ePrivacy rules.

If we make material changes to this policy we will email all account holders at least 14 days before they take effect and update the "last updated" date at the top of this page.

Isaiah 41 LLC
d/b/a Anchor Co, operator of Anchor Co AI
Missouri, USA
hello@anchorcoai.com

For business customers requiring a Data Processing Agreement (DPA) or Standard Contractual Clauses, email hello@anchorcoai.com and we will send our standard DPA.