Privacy Policy

Effective: 30 April 2026 · Version 1 (draft, pre-launch)

This is a v1 draft for the pre-launch period. We will replace it with a counsel-reviewed version before opening Animus to the general public. We aim to be transparent now and refine the precise language with legal review later.

1. Who we are

Animus is operated by the team described in About Us. Until we incorporate, "we" / "us" refers to Yijie Ding personally. For privacy questions: [email protected].

2. What we collect

Category	Examples	Why
Account data	Email, hashed password, login IP, user agent	Authentication, security logs
Persona	Name, pronouns, avatar, slider tunings, off-limit topics	Shaping how the AI speaks
Memories	Text you write, photos and videos you upload	Source material for the AI; surfaced to recipients you choose
Voice samples	Audio you record	Cloning your voice (only after you sign the §3344.1 authorization in Account)
Conversation content	Your chat-living turns; recipient chats with the AI	Operating the chat features
Recipients & trustees	Names and emails you provide	Sending invitations and trustee notifications
Server logs	Sunset audit log, pathology log (anonymized counts), demo-only research log for the test account [email protected]	Safety, compliance, product improvement
Cookies	One session cookie (`animus_session`)	Keeping you signed in

3. Why we collect (purposes)

Provide the service you signed up for (contract performance).
Train your personal voice clone, if you authorize it (consent).
Maintain account security and protect against abuse (legitimate interest).
Comply with applicable law (e.g., right-to-erasure requests).

We do not use your content to train any other person's voice or to train general-purpose AI models for third parties. Voice samples are isolated to your account.

4. Sub-processors (who else touches your data)

Provider	What they receive
OpenAI, Inc.	Text content sent to chat completions and Whisper transcription. Subject to OpenAI's API data policy (no training on API data).
ElevenLabs, Inc.	Voice samples (for cloning) and text (for TTS playback). Voice models are stored under your owner ID and deleted on account deletion.
Google (Gmail SMTP)	Email addresses and the body of outbound transactional emails (recipient invites, trustee notifications, password resets).
Hosting provider	All server-side data (TBD before public launch — currently self-hosted in private test).

5. Data retention

While your account is active: indefinite, until you delete or modify.
After a confirmed sunset: kept available to recipients until their access expires, plus a 30-day grace period; then permanently deleted along with cloned voice models.
Server logs: rotated when no longer needed for safety / compliance review.
Demo account ([email protected]): wiped to a clean seed on each logout and on every server restart.

6. Your rights

Regardless of where you live, you can:

Access what we have about you (email [email protected] — we'll respond within 30 days).
Correct persona / memory data directly in the product.
Delete your account from Account → Delete account. Deletion is irreversible.
Export your content — request via email; we will provide a JSON dump of your account-scoped data.
Restrict / object to specific processing (e.g., turning off voice cloning via the AI Learning toggle in Account).

Residents of California (CCPA/CPRA) and the EU/EEA/UK (GDPR) have these rights as a matter of law. Animus is currently designed for U.S. users; if you are in the EU/EEA/UK, please contact us before relying on the service in a regulated context.

7. Children

Animus is not intended for anyone under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has registered, please contact us and we will delete the account.

Recipients (people invited to view what an owner has prepared) are required to confirm they are at least 18 because the content involves loss.

8. Voice and biometric data (special handling)

Your voice samples are biometric data. We process them only after you have signed the in-product §3344.1 authorization. Voice samples and the resulting cloned model are:

Stored in your account-scoped directory on our server, plus the model on ElevenLabs' service;
Used solely to generate audio for you (preview) or for the recipients you've designated (after sunset);
Deleted when you delete your account, including the cloned model on ElevenLabs;
Frozen — no further re-cloning — once a sunset is executed (the voice you had at the moment of passing is preserved as-is).

9. AI-generated content (EU AI Act §50)

Audio generated by Animus is synthetic. We disclose this in three places: at recipient invite acceptance, at the entry of any AI chat surface, and adjacent to voice playback controls. We are working on machine-readable provenance markers (C2PA) for audio output before EU/EEA launch.

10. Security

We protect your data with HTTPS in transit, restricted server access, and account-scoped storage isolation. No system is perfectly secure; in the event of a breach affecting your data, we will notify you within 72 hours where required by law and as soon as practical otherwise.

11. International transfers

Animus is hosted in the United States. If you access from outside the U.S., your data will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses for any data flows requiring them.

12. Changes

We will email registered users at least 30 days before any material change.

13. Contact

Privacy questions: [email protected]