Privacy Policy

Updated: September 2025

I. INTRODUCTION

At Theanna, Inc., doing business as Theanna (“us”, “we”, “our” or the “Company”) we value your privacy and the importance of safeguarding your data. This Privacy Policy (the “Policy”) describes our privacy practices for the activities set out below. As per your rights, we inform you how we collect, store, access, and otherwise process information relating to individuals. In this Policy, personal data (“Personal Data”) refers to any information that on its own, or in combination with other available information, can identify an individual.

We are committed to protecting your privacy in accordance with the highest level of privacy regulation. As such, we follow the obligations under the below regulations:

  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the applicable provincial legislations
  • Quebec Law 25
  • the EU's General Data Protection Regulation (GDPR)
  • Brazil's Data Protection Legislation (LGPD)
  • California's Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) and California Online Privacy Protection Act (CalOPPA)
  • Colorado Privacy Act (CPA)
  • Utah Consumer Privacy Act (UCPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • South Africa's Protection of Personal Information Act (POPIA)

1 — Scope

This policy applies to the Company's websites, domains, applications, services, and products (collectively, the “Sites”). By visiting the Sites, you are consenting to the information collection, use, and sharing practices described in this Policy, as modified from time to time by us. If, for any reason, you do not agree with the content of this Policy, you should discontinue using the Sites and services immediately.

This Policy does not apply to third-party applications, websites, products, services or platforms that may be accessed through links that we may provide to you, or integrated into our services. These sites are owned and operated independently from us, and they have their own separate privacy and data collection practices.

2 — Processing Activities

This Policy applies when you interact with us by doing any of the following:

  • Make use of our application and services as an authorized user
  • Visit any of our websites that link to this Privacy Statement
  • Participate in our online community forums, post or share user-generated content, or engage with AI-driven features
  • Receive any communication from us including newsletters, emails, calls, or texts / SMS

II. PERSONAL DATA WE COLLECT

As the Company, Sites, and any services offered are not intended to be used by anyone under eighteen years old, we do not knowingly collect any personal information about children.

1 — What Personal Data We Collect

We may collect the following categories of Personal Data, depending on your interactions with us:

  • Account Information such as your name, email address, and password
  • Payment Information such as your billing address, phone number, credit card, debit card or other payment method
  • Demographic Data including age, gender
  • Purchase and Transaction Information
  • Mobile device specific identifiers such as make and model, IMEI and phone number
  • Location Data
  • Business information such as company name, company url, and company description
  • Team information such as team size, location, fundraising status, cofounder count, personal goals, and employee count
  • Activity data such as posts, saved posts and articles, milestones tracked and achieved, startup status and traction
  • Community participation data, including forum posts, comments, milestones, business updates, and interactions with AI-powered tools
  • Feedback, such as customer support or product reviews
  • User Generated Content, such as posts, comments, audio, or documents

Sensitive Data Disclaimer: We do not intentionally collect “Sensitive Personal Data.” If you choose to share such data in our community or services, you explicitly consent to its processing as described in this Policy.

2 — How We Collect Your Personal Data

A — From You. You may give us information by filling in forms, using our products or services, entering information online or by corresponding with us.

B — Automated technologies or interactions: As you interact with our website, we may automatically collect Device Data about your equipment, Usage Data about your browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies.

C — Third parties: We may receive Personal Data about you from various third parties, including analytics providers, social media platforms, and payment providers.

D — Service integrations: We may also receive limited Personal Data from integrated service providers (such as AWS, Google Workspace, and Anthropic) where necessary to provide hosting, authentication, analytics, or AI-powered features.

3 — Device and Usage Data

When you visit a Company website, we automatically collect and store information about your visit using browser cookies. This information may include: Device IDs, Login information, IP Address, Time stamps, Authentication records, Location information, and other operational data.

5 — Purpose and Legal Basis for Processing

We collect and use your Personal Data only where we have a lawful basis, which may include consent, contractual necessity, compliance with legal obligations, or our legitimate interests. These purposes include:

  • To deliver your product or service
  • Building a safe and secure environment
  • Providing, developing, and improving our products and services
  • To communicate with you about the products and services
  • Organize and deliver advertising and marketing
  • For research and development
  • Complying with the law, legal process, or enforceable government request

6 — Third Party Tools

We use these third party tools to store your information:

  • Customer.io
  • Amazon Web Services (AWS)
  • Google Workspace
  • Anthropic AI+
  • Stripe

7 — International Data Transfer and Storage

Where possible, we store and process data on servers within the general geographical region where you reside. Your Personal Data may also be transferred to, and maintained on, servers residing outside of your jurisdiction. For transfers outside the EEA, UK, or other regions with data protection requirements, we rely on Standard Contractual Clauses, adequacy decisions, or other approved safeguards.

8 — Sharing and Disclosure

We will share your Personal Data with third parties only in the ways set out in this Policy or at the point when the Personal Data is collected. We also use Google Analytics to help us understand how our customers use the site.

11 — Email Marketing

We will only send you newsletters, promotional emails, or other marketing communications if you have provided your explicit consent. You may withdraw your consent at any time by clicking the “unsubscribe” link in any marketing email.

III. COOKIES

A cookie is a small file with information that your browser stores on your device. We use the following types of cookies:

  • Strictly Necessary: Required for core functionality
  • Preference: Help us remember the way you like to use our service
  • Personalization: Help personalize content and community engagement
  • Analytics: Collect analytics about the types of people who visit our site
  • Marketing: Shared with third party advertisers and/or partners

IV. RETENTION & DELETION

We will hold your personal information on our systems only for as long as required to provide you with the services you have requested. In some circumstances you can ask us to delete your data (see ‘Your Rights’ below), or we may anonymize your Personal Data for research or statistical purposes.

V. MERGER OR ACQUISITION

If we are involved in a merger, acquisition or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different Policy.

VI. HOW WE KEEP YOUR DATA SAFE

We have appropriate organizational safeguards and security measures in place to protect your Personal Data. We use industry-standard measures including encryption, access controls, monitoring, and contractual requirements for third parties. No system can be guaranteed 100% secure. In the unfortunate event of a Personal Data breach, we will notify you and any applicable regulator as required by law.

VII. CHILDREN'S PRIVACY

The services are not intended for anyone under eighteen years old. We do not knowingly collect Personal Data from children under the age of eighteen years.

VIII. YOUR RIGHTS FOR YOUR PERSONAL DATA

Depending on your geographical location and citizenship, your rights may include:

  • Right to Access: Learn whether we are processing your Personal Data and request a copy
  • Right to Rectification: Have incomplete or inaccurate Personal Data rectified
  • Right to be Forgotten: Request that we delete Personal Data we process about you
  • Right to Restriction of Processing: Restrict our processing of your Personal Data under certain circumstances
  • Right to Portability: Obtain Personal Data we hold about you in a structured, electronic format
  • Right to Opt Out: Opt out of targeted advertising, sale of Personal Data, and/or profiling
  • Right to Objection: Object to processing based on legitimate interest
  • Nondiscrimination: Not be denied service for exercising your rights

IX. FAIR INFORMATION PRACTICES

Should a data breach occur, we will notify the users via in-site notification within seven (7) business days. Where required by law, we will notify affected individuals and regulators without undue delay.

X. CAN SPAM ACT

We comply with the CAN-SPAM Act. To unsubscribe from receiving future emails, email support@theanna.io or follow the unsubscribe instructions at the bottom of an email from us.

XI. CHANGES

We may modify this Policy at any time. If we make changes, we will post an updated version on this website. Where required by law or where changes are material, we will notify you directly.

XII. CONTACT US

To request a copy of your information, unsubscribe from our email list, request for your data to be deleted, or ask a question about your data privacy, please email support@theanna.io.

Write to us at:
Data Privacy Officer of Theanna
2606 Hilliard Rome Rd Unit #V251, Hilliard, Ohio, 43026