Legal
Security
At Anara, safeguarding your data is our highest priority. We’ve designed our platform with security and privacy at its core. Below, you’ll find information on how we protect your data, our compliance efforts, and answers to common security questions.
We encourage responsible disclosure of any security vulnerabilities. Please send reports to security@anara.com, and our team will acknowledge and investigate promptly.
Compliance
SOC 2 (in progress)
We are actively working with an audit partner to achieve both SOC 2 Type 1 and Type 2 compliance, ensuring rigorous controls around security, availability, and data privacy.
ISO 27001 (in progress)
We are pursuing ISO 27001 certification to establish a comprehensive information security management system (ISMS) that demonstrates our commitment to protecting sensitive information.
GDPR Compliance
Anara is fully compliant with GDPR requirements. We implement data protection by design and default, ensuring user control over personal data, data portability, and the right to be forgotten.
Model Training
Anara employs advanced language models to surface insights from your research materials.- No Third-Party Model Training: We never allow third-party AI providers (like OpenAI and Anthropic) to train their models on your private or proprietary data.
- No Internal Model Training: Your data is never used to train any AI models within Anara. We do not use your information for internal model development.
- Zero Data Retention: We have zero data retention agreements in place with all our model providers. This means AI providers immediately delete your data after processing, ensuring your information is never stored on their servers.
Data Encryption
Encryption at Rest
Our data security measures include multiple layers of encryption: our primary database uses AES-256 (or equivalent) encryption for all user and application data, which is hosted in US-based data centers. Uploaded files and media are protected in encrypted object storage buckets with server-side encryption, also located in US regions. Additionally, we employ managed in-memory data stores for caching and session data, all of which remains encrypted at rest using industry-standard algorithms.Encryption in Transit
All data transmitted to and from Anara is protected using industry-standard encryption protocols. We enforce TLS 1.2 or higher across our entire infrastructure, including web app access, API calls, database connections, object storage, CDN delivery, and internal service communications. This ensures that all data remains private and secure while in transit, with automatic rejection of any non-encrypted connection attempts.Access Control
Role-Based Access
We implement strict role-based access controls (RBAC) at both the application and infrastructure levels. Only authorized personnel have the minimum permissions required to perform their jobs. Database credentials, API keys, and production secrets are stored in encrypted secret-management services with fine-grained access policies.Multi-Factor Authentication (MFA)
All Anara employees with access to production systems are required to use MFA (with hardware tokens or authenticator apps). For organizations using Anara’s Enterprise tier, we offer Single Sign-On (SSO) via SAML 2.0 or OAuth2, integrating seamlessly with popular identity providers. MFA is enforced at the identity provider level.Data Retention
- Data Deletion: You have full control over your data. At any time, you can delete individual folders, files, or your entire account. Once deleted, content is purged from our database and object storage within 30 days.
- Data Export: To request an export of your files, folders and library data, email support@anara.com. We’ll prepare a downloadable ZIP containing your raw files and database exports.
- Retention Policies:
- Active Data: Stored indefinitely until you choose to delete.
- Backups: Daily encrypted backups of your database are retained for 30 days, after which they’re permanently deleted.
- Logs: Application logs and audit trails are stored for 90 days and then automatically purged or aggregated.
Frequently Asked Questions (FAQ)
Can I export my project data and attachments?
Can I export my project data and attachments?
Yes. You can request a data export by emailing support@anara.com. We’ll prepare a downloadable ZIP file containing all your files, folders and library data.
How do you protect my data if I share a project with teammates?
How do you protect my data if I share a project with teammates?
What happens if Anara experiences a data breach?
What happens if Anara experiences a data breach?
In the unlikely event of a breach, our Incident Response Team will follow our documented IR playbook—identifying and containing the threat, notifying affected parties within 72 hours (or as legally required), and providing remediation guidance. We’ll also conduct a post-mortem to improve future defenses.
Are my transcripts or summaries used to train AI models?
Are my transcripts or summaries used to train AI models?
No third-party AI vendor is permitted to use your data for model training. We only send temporary, encrypted text snippets to transcription providers, and they delete that data within 30 days.
Do you support Single Sign-On (SSO)?
Do you support Single Sign-On (SSO)?
Yes. Enterprise customers can configure SSO via SAML 2.0 or OAuth2. We integrate with popular identity providers. Audit logging and MFA enforcement are available through your identity provider.
How long do you retain backups?
How long do you retain backups?
We keep daily-encrypted database backups for 30 days. Old backups are securely deleted via automated retention policies. For files stored in object storage, older versions remain for 30 days before permanent deletion.
Can I delete my account and all associated data?
Can I delete my account and all associated data?
Yes. You can delete your account at any time by going to Settings → Account → Delete Account. After confirming deletion, your data will be queued for permanent deletion and removed from all active storage immediately.
How can I report a security vulnerability?
How can I report a security vulnerability?
Please email any suspected vulnerabilities to security@anara.com. Include as much detail as possible (e.g., steps to reproduce, screenshots). Our team will respond within 48 hours to acknowledge receipt and keep you informed of remediation progress.
Additional Resources
- Privacy Policy: For detailed information about data collection, processing, and sharing.
- Terms of Service: Governs your use of Anara.