PRIVACY POLICY Last updated: May 1, 2026 This Privacy Policy explains how Anima ("we", "us", "our") collects, uses, and shares information about you when you use our service at anima.biz, our mobile applications, and related products (collectively, the "Service"). By using the Service you agree to the collection and use of information in accordance with this Policy. If you do not agree, do not use the Service. 1. INFORMATION WE COLLECT a) Account information. When you create an account we collect your email address, display name, and authentication identifiers (e.g. Google OAuth ID). We do not collect or store your password — authentication is handled via our identity provider (Ory Kratos) or third-party SSO. b) Content you create. Stories, characters, chats, posts, and any media you upload are stored to operate the Service. c) Usage data. We collect technical data about how you interact with the Service: pages visited, features used, device type, browser, IP address, approximate location (country level), language, and timestamps. This is used for product analytics and abuse prevention. d) Cookies and similar technologies. We use cookies for analytics and to remember your preferences. You can accept or reject analytics cookies via the consent banner shown on first visit. Functional cookies (session, security) are required and cannot be disabled. e) Communications. If you contact support, we keep a record of the conversation to help resolve your issue. 2. HOW WE USE INFORMATION We use the information we collect to: - Provide, maintain, and improve the Service. - Personalize content recommendations and character suggestions. - Communicate with you about your account, the Service, and important updates. - Detect, prevent, and address technical issues, abuse, and fraud. - Comply with legal obligations. 3. LEGAL BASIS (EU/UK USERS) For users in the European Economic Area or United Kingdom, we process personal data under the following bases (GDPR Art. 6): - Performance of a contract — to deliver the Service you have requested. - Legitimate interests — to keep the Service secure, prevent abuse, and improve product quality. - Consent — for analytics and marketing cookies (you can withdraw consent any time via cookie settings). - Legal obligation — when required by law. 4. SHARING We do not sell your personal data. We share information only with: - Service providers who help us operate the Service (cloud hosting, analytics, error monitoring, payment processing). They are contractually bound to use your data only to provide their services. - Authorities, when required by law or to protect rights, safety, or property. - New owners, in the event of a merger or acquisition, with notice to you. Specific processors we use: - Google Analytics (analytics, only with consent) - Sentry (error monitoring) - Stripe (payment processing — required only for paid features) - Google Cloud (hosting) - Cloudflare (network and DDoS protection) 5. RETENTION We keep your account data while your account is active. Backups are kept for up to 30 days. If you delete your account we remove or anonymize personal data within 30 days, except where retention is required by law (e.g. tax records). 6. YOUR RIGHTS Depending on your jurisdiction you may have the right to: - Access the personal data we hold about you. - Correct inaccurate data. - Delete your data ("right to be forgotten"). - Export your data ("data portability"). - Object to or restrict processing. - Withdraw consent at any time. To exercise these rights, email [email protected] from the address associated with your account. We respond within 30 days. 7. CHILDREN The Service is not directed at children under 13 (under 16 in the EU). We do not knowingly collect data from such children. If you believe we have, contact us and we will delete it. 8. INTERNATIONAL TRANSFERS Anima operates globally. Your data may be transferred to and processed in countries other than the one where you live. Where required, we use Standard Contractual Clauses or equivalent safeguards. 9. SECURITY We use industry-standard technical and organizational measures to protect your data: encryption in transit (HTTPS), encryption at rest, access controls, audit logging. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. 10. CHANGES TO THIS POLICY We may update this Policy from time to time. Material changes will be announced via email or an in-app notice. The "Last updated" date above always reflects the current version. 11. CONTACT For privacy questions, requests, or complaints: Email: [email protected]