Privacy Policy
Privacy Policy
Last updated: February 24, 2026
1. Introduction
Annot ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws.
2. Who We Are
Annot is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us at hello@annot.io.
3. What Data We Collect
We collect and process the following categories of personal data:
Account data. When you create an account, we collect your name, email address, and password.
Usage data. We collect information about how you use the Service, including pages visited, features used, and actions taken within the platform.
Content data. We store the comments, annotations, and file attachments you submit through the Service.
Guest data. When a guest accesses a shared project, we may collect their name if provided and any comments they submit.
Technical data. We collect your IP address, browser type, device information, and operating system for security and performance purposes.
Communication data. If you contact us directly, we retain records of that correspondence.
4. How We Use Your Data
We use your personal data for the following purposes and on the following legal bases:
To provide the Service. Processing is necessary for the performance of our contract with you.
To manage your account. Processing is necessary for the performance of our contract with you.
To improve the Service. Processing is based on our legitimate interest in developing and improving Annot.
To communicate with you. Processing is based on our legitimate interest in keeping you informed about the Service, or your consent where required.
To ensure security. Processing is based on our legitimate interest in protecting the Service and our users.
To comply with legal obligations. Processing is necessary to comply with applicable EU and national law.
5. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small text files stored on your device.
Essential cookies. These are necessary for the Service to function and cannot be disabled.
Analytics cookies. These help us understand how users interact with the Service. These are only placed with your explicit consent.
Preference cookies. These remember your settings and preferences. These are only placed with your explicit consent.
6. Data Retention
We retain your personal data only for as long as necessary to provide the Service or as required by applicable law. Specifically, account data is retained for the duration of your account and deleted within 30 days of account closure, content data such as comments and attachments is retained for the duration of the relevant project and deleted upon project deletion, and technical and usage data is retained for a maximum of 12 months.
7. Data Sharing
We do not sell your personal data. We may share your data with the following categories of third parties solely for the purpose of providing the Service:
Service providers. Third-party providers who assist us in operating the Service, such as cloud hosting and analytics providers, who are bound by data processing agreements.
Legal authorities. Where required by law or to protect the rights and safety of our users or the public.
We require all third parties to respect the security of your data and to treat it in accordance with applicable law.
8. International Data Transfers
Where personal data is transferred outside the European Economic Area ("EEA"), we ensure appropriate safeguards are in place in accordance with GDPR requirements. These safeguards include Standard Contractual Clauses approved by the European Commission, or transfers to countries deemed to provide an adequate level of protection by the European Commission.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of access. You can request a copy of the personal data we hold about you.
Right to rectification. You can request that we correct any inaccurate or incomplete data.
Right to erasure. You can request that we delete your personal data where there is no legitimate reason for us to continue processing it.
Right to restriction. You can request that we restrict the processing of your data in certain circumstances.
Right to data portability. You can request that we transfer your data to you or a third party in a structured, machine-readable format.
Right to object. You can object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent. Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at hello@annot.io. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.
10. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or destruction. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.
11. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent. If you believe we have inadvertently collected data from a child under 16, please contact us at hello@annot.io and we will delete it promptly.
12. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.
13. Changes to This Policy
We may update this Privacy Policy from time to time.The date at the top of this page will always reflect the most recent version.
14. Contact
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: hello@annot.io
1. Introduction
Annot ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws.
2. Who We Are
Annot is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us at hello@annot.io.
3. What Data We Collect
We collect and process the following categories of personal data:
Account data. When you create an account, we collect your name, email address, and password.
Usage data. We collect information about how you use the Service, including pages visited, features used, and actions taken within the platform.
Content data. We store the comments, annotations, and file attachments you submit through the Service.
Guest data. When a guest accesses a shared project, we may collect their name if provided and any comments they submit.
Technical data. We collect your IP address, browser type, device information, and operating system for security and performance purposes.
Communication data. If you contact us directly, we retain records of that correspondence.
4. How We Use Your Data
We use your personal data for the following purposes and on the following legal bases:
To provide the Service. Processing is necessary for the performance of our contract with you.
To manage your account. Processing is necessary for the performance of our contract with you.
To improve the Service. Processing is based on our legitimate interest in developing and improving Annot.
To communicate with you. Processing is based on our legitimate interest in keeping you informed about the Service, or your consent where required.
To ensure security. Processing is based on our legitimate interest in protecting the Service and our users.
To comply with legal obligations. Processing is necessary to comply with applicable EU and national law.
5. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small text files stored on your device.
Essential cookies. These are necessary for the Service to function and cannot be disabled.
Analytics cookies. These help us understand how users interact with the Service. These are only placed with your explicit consent.
Preference cookies. These remember your settings and preferences. These are only placed with your explicit consent.
6. Data Retention
We retain your personal data only for as long as necessary to provide the Service or as required by applicable law. Specifically, account data is retained for the duration of your account and deleted within 30 days of account closure, content data such as comments and attachments is retained for the duration of the relevant project and deleted upon project deletion, and technical and usage data is retained for a maximum of 12 months.
7. Data Sharing
We do not sell your personal data. We may share your data with the following categories of third parties solely for the purpose of providing the Service:
Service providers. Third-party providers who assist us in operating the Service, such as cloud hosting and analytics providers, who are bound by data processing agreements.
Legal authorities. Where required by law or to protect the rights and safety of our users or the public.
We require all third parties to respect the security of your data and to treat it in accordance with applicable law.
8. International Data Transfers
Where personal data is transferred outside the European Economic Area ("EEA"), we ensure appropriate safeguards are in place in accordance with GDPR requirements. These safeguards include Standard Contractual Clauses approved by the European Commission, or transfers to countries deemed to provide an adequate level of protection by the European Commission.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of access. You can request a copy of the personal data we hold about you.
Right to rectification. You can request that we correct any inaccurate or incomplete data.
Right to erasure. You can request that we delete your personal data where there is no legitimate reason for us to continue processing it.
Right to restriction. You can request that we restrict the processing of your data in certain circumstances.
Right to data portability. You can request that we transfer your data to you or a third party in a structured, machine-readable format.
Right to object. You can object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent. Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at hello@annot.io. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.
10. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or destruction. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.
11. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent. If you believe we have inadvertently collected data from a child under 16, please contact us at hello@annot.io and we will delete it promptly.
12. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.
13. Changes to This Policy
We may update this Privacy Policy from time to time.The date at the top of this page will always reflect the most recent version.
14. Contact
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: hello@annot.io
1. Introduction
Annot ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws.
2. Who We Are
Annot is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us at hello@annot.io.
3. What Data We Collect
We collect and process the following categories of personal data:
Account data. When you create an account, we collect your name, email address, and password.
Usage data. We collect information about how you use the Service, including pages visited, features used, and actions taken within the platform.
Content data. We store the comments, annotations, and file attachments you submit through the Service.
Guest data. When a guest accesses a shared project, we may collect their name if provided and any comments they submit.
Technical data. We collect your IP address, browser type, device information, and operating system for security and performance purposes.
Communication data. If you contact us directly, we retain records of that correspondence.
4. How We Use Your Data
We use your personal data for the following purposes and on the following legal bases:
To provide the Service. Processing is necessary for the performance of our contract with you.
To manage your account. Processing is necessary for the performance of our contract with you.
To improve the Service. Processing is based on our legitimate interest in developing and improving Annot.
To communicate with you. Processing is based on our legitimate interest in keeping you informed about the Service, or your consent where required.
To ensure security. Processing is based on our legitimate interest in protecting the Service and our users.
To comply with legal obligations. Processing is necessary to comply with applicable EU and national law.
5. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small text files stored on your device.
Essential cookies. These are necessary for the Service to function and cannot be disabled.
Analytics cookies. These help us understand how users interact with the Service. These are only placed with your explicit consent.
Preference cookies. These remember your settings and preferences. These are only placed with your explicit consent.
You can manage or withdraw your consent for non-essential cookies at any time through your account settings or browser settings. Please note that disabling certain cookies may affect the functionality of the Service.
6. Data Retention
We retain your personal data only for as long as necessary to provide the Service or as required by applicable law. Specifically, account data is retained for the duration of your account and deleted within 30 days of account closure, content data such as comments and attachments is retained for the duration of the relevant project and deleted upon project deletion, and technical and usage data is retained for a maximum of 12 months.
7. Data Sharing
We do not sell your personal data. We may share your data with the following categories of third parties solely for the purpose of providing the Service:
Service providers. Third-party providers who assist us in operating the Service, such as cloud hosting and analytics providers, who are bound by data processing agreements.
Legal authorities. Where required by law or to protect the rights and safety of our users or the public.
We require all third parties to respect the security of your data and to treat it in accordance with applicable law.
8. International Data Transfers
Where personal data is transferred outside the European Economic Area ("EEA"), we ensure appropriate safeguards are in place in accordance with GDPR requirements. These safeguards include Standard Contractual Clauses approved by the European Commission, or transfers to countries deemed to provide an adequate level of protection by the European Commission.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of access. You can request a copy of the personal data we hold about you.
Right to rectification. You can request that we correct any inaccurate or incomplete data.
Right to erasure. You can request that we delete your personal data where there is no legitimate reason for us to continue processing it.
Right to restriction. You can request that we restrict the processing of your data in certain circumstances.
Right to data portability. You can request that we transfer your data to you or a third party in a structured, machine-readable format.
Right to object. You can object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent. Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at hello@annot.io. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.
10. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or destruction. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.
11. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent. If you believe we have inadvertently collected data from a child under 16, please contact us at hello@annot.io and we will delete it promptly.
12. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page will always reflect the most recent version.
14. Contact
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: hello@annot.io