Last updated: July 11, 2026
This policy explains what personal data anota collects, why, and what rights you have. It covers both account holders (people who build forms) and respondents (people who fill them out).
When you submit a form built on anota, your answers are delivered to the form's owner — they control what is asked and how your data is used. On their behalf we store the submission, a hashed (not raw) IP address for spam protection, and technical metadata such as browser type. If a form collects payments, the payment is processed by Stripe under the form owner's Stripe account.
To provide and secure the Service, enforce plan limits, send transactional email (notifications, receipts, account messages), and comply with legal obligations. We do not sell personal data, and we do not use form submissions for advertising or to train AI models.
Only the processors needed to run the Service: Microsoft Azure (hosting and storage), Stripe (payments and billing), and Azure Communication Services (email delivery). Each is bound by its own data protection commitments.
Form submissions are kept until the form owner deletes them or their account closes. Closed accounts are retained for 30 days for export, then deleted. Backups age out within 35 days.
You may access, correct, export, or delete your personal data. Account holders can do most of this self-service; for anything else write to privacy@anota.cloud. If you submitted data through someone else's form, contact that form's owner first — we will assist them in honoring your request.
Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to personnel who need it, and passwords are stored using modern one-way hashing.
We will announce material changes to this policy by email or in-app notice at least 14 days before they take effect.