// Legal · Privacy
Privacy Policy
Effective July 3, 2026.
This policy describes how Anomalist Enterprise LLC
("we", "us") handles information on the websites we operate at
anomalistenterprise.com and its subdomains, as well as
the products we ship under that umbrella. It's written in plain
language on purpose. If something isn't clear, email
privacy@anomalistenterprise.com and we'll explain
or fix it.
1. What we collect
1.1 Information you give us directly
- Contact form submissions. Name, email, message, and which services/products you mentioned. Used only to respond and follow up.
- Beta applications. If you apply for access on
/betas, we collect your name, email, the product you're applying for, your reason for applying, and (optionally) your company and role. Used to evaluate the application and, if approved, send a magic-link invite. - Product-level data. Each Anomalist Enterprise product (Berea, Atlas/MentorForge, Compass, Delta, Maximus) collects what it needs to function — conversations, journal entries, account details, etc. Each product surfaces its own data practices on first use; this policy covers the umbrella and any product that does not yet ship its own.
1.2 Information collected automatically
- Server logs. Our edge provider (Cloudflare) logs standard request metadata: IP address, user agent, request path, timestamp. Used for security, abuse prevention, and basic operational visibility. We do not run third-party advertising trackers or analytics scripts on the marketing site.
- Cookies. The marketing site sets one optional first-party analytics cookie, and only if you accept the cookie banner — see Section 2 for exactly what it is and does. Individual products that require sign-in set a session cookie scoped to that product's subdomain. Session cookies are
HttpOnly,Secure, andSameSite=Lax.
2. Cookies & site analytics
When you first visit, a banner asks whether we can use cookies to understand visits. Here's exactly what each choice means:
2.1 What we set, and only if you accept
ae_vid— a single first-party cookie containing a random visitor ID (a UUID — no name, no email, nothing about you personally). It lasts 180 days and is only readable by our own site. We set it only after you click Accept. If you click Decline, no analytics cookie is ever set and the banner won't come back.
2.2 What we log
If you accepted, each page you visit sends us a small record: the visitor ID, the page path, the referring site (if any), and any campaign tags in the link you clicked (UTM parameters). That's the whole list. No third-party trackers, no advertising pixels, no cross-site anything.
2.3 Why we log it
Two reasons: to understand which pages people actually find useful, and — if you later contact us through a form or the site chat — to see which pages you looked at so we can follow up on the thing you were actually interested in. The visitor ID is attached to your inquiry only when you submit one.
2.4 First-party only, never sold
This data stays with us. It is first-party, goes only to our own systems, and is never sold, rented, or shared with third parties for their marketing.
2.5 Opting out
Click Decline on the banner, or use the
Cookie preferences link in the footer at any time
to change your choice — declining also deletes the
ae_vid cookie. To have the visit records tied to your
visitor ID deleted, email
privacy@anomalistenterprise.com.
3. Where your information goes
We use a small, deliberately chosen set of subprocessors. We do not sell, rent, or trade information about you.
- Cloudflare — hosting, edge delivery, DNS, D1 database storage. Data processed at the edge and stored in Cloudflare's US regions by default.
- Resend — transactional email delivery (contact responses, beta invite magic links, account notifications).
- Anthropic — for products that include AI features (e.g., Berea's research replies), prompts and conversation context are sent to Anthropic's Claude API to generate the response. Per Anthropic's API terms in effect at the time of writing, API customer data is not used to train Anthropic's models.
- OpenAI — used by select products for specific narrow features (e.g., Berea's text-to-speech). Subject to OpenAI's API terms, which similarly state API data is not used to train models.
We add or change subprocessors only when there's a real need. If a change materially affects how your data is handled, we'll update this list and the effective date above.
4. AI features and your data
Some Anomalist Enterprise products use generative AI. When you interact with one of those features, the content you send (your message, the surrounding conversation, and any relevant context the product retrieves on your behalf) is transmitted to the model provider listed above so a response can be generated. We do not fine-tune third-party models on your data, and we do not provide your data to model providers for their own training purposes.
AI responses can be wrong, incomplete, or out of date. We design our products to show their sources and let you verify the work. Don't rely on an AI output for medical, legal, financial, or safety-critical decisions without independent verification.
5. Beta products
Berea, Atlas/MentorForge, Compass, Delta, and any other product we label "private beta" are still under active development. That means:
- Features may change, regress, or be removed.
- Data you store in a beta product (sessions, journal entries, account history) could be lost during migrations or schema changes. We do our best to avoid this. We don't guarantee against it.
- Beta access is non-transferable and may be revoked at our discretion.
- Beta accounts and their associated data can be deleted by you at any time — contact us or use the in-product control if available.
6. Retention
- Contact form messages. Up to 24 months from last correspondence, then deleted.
- Beta applications. Pending applications: kept while pending. Approved: kept while the beta is active. Rejected: kept up to 12 months for fraud-prevention and audit, then deleted.
- Product data. Kept for as long as your account is active in that product. Deleted on request — see Section 8.
- Server logs. Standard short retention windows at the edge provider (Cloudflare default), typically days to weeks.
7. Children
The marketing site and products are intended for users 18 or older, and we don't knowingly collect information from anyone under 13 via this site. If a product later opens to younger users under a parental account, it will ship its own privacy notice specific to family use, including parental controls and age-appropriate data minimization.
8. Your rights and choices
You can ask us to:
- Show you what information we hold about you.
- Correct anything that's wrong.
- Delete your information (subject to limited retention for legal or fraud-prevention reasons).
- Stop further communication from us.
Send the request from the email address associated with your account or application to privacy@anomalistenterprise.com. We'll respond within a reasonable timeframe — typically within 30 days.
9. Security
We use encryption in transit (HTTPS everywhere), scoped session cookies, HMAC-signed magic-link invites, and least-privilege access to internal admin tooling. No system is unbreakable. If we ever discover a breach that affects your data, we'll notify affected people without unreasonable delay.
10. International users
Anomalist Enterprise operates from the United States. By using this site, you understand that your information will be processed in the US, which may have different data-protection standards than your home country. If you're a resident of the EU/UK and you'd like to exercise rights under GDPR, contact us and we'll handle the request manually.
11. SMS & text messaging (insurance outreach)
Anomalist Enterprise LLC operates an insurance outreach program in which our licensed insurance agents — and the agency brands they operate under — contact consumers who requested information about Medicare, life, or supplemental insurance and consented to be contacted by phone and text. These terms govern that program.
11.1 How we obtain your consent
We text you only if you provided your phone number and agreed to be contacted by phone and text on an insurance quote or inquiry form — either on a site we operate or a lead form completed with one of our licensed lead providers. For each contact we retain the opt-in language, the date, and the source of consent. We do not text a number for which we cannot evidence consent.
11.2 We do not share your mobile information
No mobile information (your phone number or SMS opt-in / consent data) will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing limited to subcontractors that help us deliver our own messages (for example, our messaging provider) is permitted, and those parties may use it only to deliver our messages on our behalf. Text-messaging opt-in data and consent are never sold or shared with any third party for their own use.
11.3 Frequency, rates, and opt-out
- Message frequency varies based on your interaction with us.
- Message and data rates may apply. We don't charge for messages; your carrier's standard rates apply.
- Reply STOP to any message to opt out at any time — we honor opt-outs immediately and permanently. Reply HELP for help, or email support@anomalistenterprise.com.
- Consent to receive messages is not a condition of any purchase.
11.4 Medicare
Our text and email outreach about Medicare is general only. We do not offer every plan available in your area; any information we provide is limited to the plans we offer. To review all of your options, contact Medicare.gov or 1-800-MEDICARE. Specific plan details and enrollment happen with a licensed agent — never by text.
11.5 No health information by text or email
We do not request, collect, or transmit health conditions, medications, or other protected health information through our text or email outreach. Any health-related discussion happens with a licensed agent through a secure, compliant channel.
12. Changes to this policy
We update this page when something material changes about how we handle data. The effective date at the top reflects the most recent change. Continued use of the site or our products after an update constitutes acceptance of the revised policy.
13. Contact
Privacy questions, requests, or complaints: privacy@anomalistenterprise.com.
Anomalist Enterprise LLC · Evansville, Indiana · United States.