AnyChatBack to app

Privacy Policy

Last Updated: May 20, 2026

1. Introduction

QUANTUM95 LLC ("QUANTUM95," "we," "us," or "our") operates AnyChat, a multi-model AI chat aggregator service available at https://anychats.ai (the "Service" or "Services"). This Privacy Policy ("Policy") explains how we collect, use, disclose, retain, and protect personal information when you visit our website, create an account, use our Services, communicate with our support team, or otherwise interact with QUANTUM95. This Policy is intended to comply with applicable privacy and data-protection laws, including without limitation the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the "CCPA"), together with the regulations of the California Privacy Protection Agency including the automated-decisionmaking-technology, risk-assessment, and cybersecurity-audit regulations effective January 1, 2026; the General Data Protection Regulation (Regulation (EU) 2016/679) and the United Kingdom General Data Protection Regulation as incorporated into UK law (collectively, the "GDPR"); the EU AI Act, Regulation (EU) 2024/1689; the Federal Trade Commission Act and Restore Online Shoppers' Confidence Act (ROSCA); and other applicable state, federal, and international privacy laws.

For the purposes of the GDPR, QUANTUM95 LLC is the "controller" of personal data processed in connection with the Services, except where we act as a processor on behalf of an organizational customer. For the purposes of the CCPA, QUANTUM95 LLC is the "business." If you do not agree with the practices described in this Policy, do not access or use the Services.

2. Information We Collect

We collect personal information from and about you in the following categories:

(a) Account Information. When you register for an account, we collect identifiers such as your name (or display name), email address, country of residence, time zone, password (stored as a salted hash), and, if you use single sign-on, the unique identifier and basic profile information returned by your identity provider. You may optionally provide additional profile information.

(b) Billing Information. When you subscribe to a paid plan, purchase an Additional Package, or enter your Trial, we (through our payment processors) collect payment-instrument details such as cardholder name, billing address, the last four digits of your card, expiration date, card brand, payment-method token, and transaction history. We do not store full card numbers, CVV codes, or full bank-account numbers on our systems.

(c) User Submissions and Chat Inputs. When you use the Services, we collect the prompts, messages, instructions, files, images, audio, system prompts, Projects content, Group Chats messages, Web Search queries, Deep Research workflows, and any other input you provide (collectively, "Inputs"), as well as the corresponding AI-generated Outputs, and metadata such as the Underlying Model selected, timestamps, conversation identifiers, token counts, and feature usage. Inputs and Outputs may contain personal information about you or about third parties; you are responsible for any personal information of third parties that you submit.

(d) Support Records. When you contact support@anychats.ai or otherwise engage with our customer-support channels, we collect the content of your communications, your contact details, any screenshots or logs you provide, and the resolution history.

(e) Device and Technical Information. We automatically collect information about the devices and browsers you use to access the Services, such as device type, operating system, browser type and version, screen resolution, language settings, device identifiers, application version, and crash logs.

(f) Usage Data. We collect information about how you interact with the Services, including pages or screens viewed, features used, buttons clicked, conversation counts, model-selection patterns, click-through events, scroll depth, in-product errors, and the date, time, and duration of your interactions.

(g) Log Data. Our servers automatically record log data including your Internet Protocol (IP) address, request paths, response codes, referring URLs, user agents, and event timestamps.

(h) Geolocation. We infer approximate (city-level or region-level) location from your IP address for purposes such as fraud prevention, regional compliance (for example, applying GDPR or CCPA rules), tax determination, and localization. We do not collect precise GPS location unless you affirmatively grant such permission on a mobile device.

(i) Cookies and Similar Technologies. We and our service providers set cookies, pixels, web beacons, software development kits, local storage, and similar tracking technologies. The specific cookies are described in our Cookie Policy.

(j) Third-Party Sources. We may receive information about you from third parties, such as identity providers (when you use single sign-on), payment processors, marketing and advertising partners (including click identifiers used to attribute conversions), analytics providers, anti-fraud and security vendors, customer-relationship-management platforms, and publicly available sources.

(k) Aggregated and De-identified Data. We create aggregated, anonymized, or de-identified information from the categories above. Such data is not personal information when it cannot reasonably be linked to you, and we commit to maintain de-identified data in de-identified form and not to attempt re-identification except as permitted by law (for example, to test the de-identification controls).

We do not knowingly collect personal information from children under 18, as described in Section 13.

3. How We Use Your Information

We use personal information for the following purposes:

(a) To provide the Services, including authenticating your account, routing your Inputs to the relevant Underlying Models, returning Outputs, storing your conversation history, enabling Projects/Share Chats/Group Chats/Chat Search/Web Search/Deep Research/Image Generation, applying usage caps, and maintaining the technical integrity of the Platform.

(b) To improve and optimize the Services, by analyzing performance, debugging, A/B testing features, evaluating model quality on a de-identified basis, and refining our routing logic, prompts, and content-safety classifiers.

(c) To process payments, manage subscriptions, deliver invoices and receipts, manage Trial conversion, prevent payment fraud, and resolve disputes and chargebacks.

(d) To communicate with you, including transactional messages (e.g., billing notifications, trial-conversion reminders consistent with state automatic-renewal laws and ROSCA, security alerts), customer-support communications, surveys, and, where permitted, marketing messages from which you can opt out at any time.

(e) To provide customer support, investigate inquiries, and improve our support workflows.

(f) For security, abuse prevention, and trust and safety, including detecting, investigating, and preventing fraud, account takeover, payment-card abuse, automated scraping, prompt-injection attacks, generation of prohibited content (such as CSAM, non-consensual intimate imagery, terrorism content, or malware), and other violations of our Terms.

(g) For AI improvement using de-identified data only. Where we use Inputs and Outputs to improve our service-level features (such as routing logic, prompt templates, safety classifiers, evaluation suites, abuse-prevention systems, and aggregated analytics), we use de-identified data only, and we do not use identifiable Inputs or Outputs to train third-party foundation models. Our agreements with Underlying Model providers prohibit those providers from using AnyChat traffic for the training of their generally available models, to the extent each provider offers such a no-training commitment under its API-tier terms.

(h) For legal compliance and enforcement, including responding to lawful requests from public authorities, complying with tax, accounting, sanctions, and consumer-protection laws, exercising or defending legal claims, and enforcing our Terms.

(i) With your consent, for any other purpose disclosed to you at the time of collection or for which you provide explicit consent.

We do not use your personal information for automated decisions that produce legal or similarly significant effects without human involvement. We do not sell or license your personal information to third parties.

4. Purpose of Processing (GDPR Article 6 Legal Bases)

For Users in the European Economic Area, the United Kingdom, and Switzerland, we rely on the following legal bases under Article 6(1) of the GDPR:

(a) Performance of a contract (Art. 6(1)(b)) — to provide the Services you have subscribed to, process payments, deliver Outputs, and maintain your account.

(b) Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the Services; to prevent fraud and abuse; to conduct first-party analytics; to communicate with existing customers about similar services; and to defend against legal claims. We have balanced these interests against your rights and freedoms; you may object as described in Section 9.

(c) Consent (Art. 6(1)(a)) — for cookies and similar technologies that are not strictly necessary, for marketing emails where consent is required, for processing of special-category data you voluntarily submit, and for any other processing for which we ask your consent. You may withdraw consent at any time.

(d) Legal obligation (Art. 6(1)(c)) — to retain transaction records, respond to lawful requests, and comply with applicable laws.

(e) Vital interests (Art. 6(1)(d)) — in rare cases, to protect the vital interests of you or another person.

For Microsoft Clarity specifically, we rely on the Microsoft Clarity Consent Mode for visitors originating from the EEA, the UK, and Switzerland; Clarity will not set cookies or process behavioral data from these visitors unless and until they grant consent through our consent-management platform.

5. How We Share Your Information

We do not sell your personal information in the colloquial sense (cash for data), and we do not sell or share Chat Inputs or Outputs for cross-context behavioral advertising. We disclose personal information in the following limited circumstances:

Service Providers and Processors. We disclose personal information to vendors that perform services on our behalf under written contracts that restrict their processing to our instructions and that include security and confidentiality commitments. These include cloud infrastructure providers (compute, storage, content-delivery), Underlying Model providers (for routing your Inputs to the model you select), payment processors, email/communications providers, customer-engagement platforms (such as Customer.io), product-analytics providers (such as PostHog), web-analytics providers (such as Google Analytics), behavior-analytics providers (such as Microsoft Clarity), error-monitoring providers, advertising and conversion-measurement partners (Google Ads, Meta/Facebook, Pinterest, TikTok), tag-management providers (Google Tag Manager), identity-verification and anti-fraud vendors, and professional advisors (legal, accounting, audit).

Microsoft Clarity. We use Microsoft Clarity to record sessions and generate heatmaps. Clarity collects mouse movements, clicks, scroll depth, page-navigation events, and similar interactions, with built-in masking of common sensitive fields. Clarity is operated by Microsoft Corporation; please review the Microsoft Privacy Statement for more information. Clarity's default retention is 30 days for session recordings, with retention extended to 13 months for any session that is labeled or favorited, and heatmaps data is retained for 13 months.

Underlying Model Providers. When you select an Underlying Model, your Inputs (and, where applicable, conversation context and uploaded files) are transmitted to that model's provider for inference under that provider's API-tier terms. We use enterprise/business API tiers where available so that data is not used by the provider to train its generally available models.

Legal Requirements. We may disclose personal information when we have a good-faith belief that disclosure is required by law, regulation, court order, or other legal process, or is necessary to protect the rights, property, or safety of QUANTUM95, our Users, or others, including to prevent or address fraud or security concerns.

Business Transactions. If QUANTUM95 is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal information may be transferred to a successor or affiliate as part of that transaction. The successor will be bound by terms at least as protective as this Policy.

With Your Direction or Consent. When you publish a Shared Chat, invite participants to a Group Chat, or otherwise direct us to share information, we share accordingly.

6. Use of AI Technologies and Training

We have designed AnyChat with the following commitments concerning AI training:

(a) No use of identifiable Inputs for third-party foundation model training. We do not transmit your Inputs or Outputs to any Underlying Model provider for use in training that provider's foundation models. We rely on the no-training commitments offered by Underlying Model providers under their enterprise/API-tier terms, and we configure our integrations accordingly.

(b) Temporary processing only for inference. Inputs are processed only as long as needed to generate the requested Output and for short retention windows used by Underlying Model providers for safety review and abuse prevention (typically thirty (30) days or less, depending on the provider's policy).

(c) De-identified data only for product improvement. Where we use chat content to improve AnyChat itself (for example, to evaluate routing quality, fine-tune safety classifiers, or measure feature performance), we use de-identified data — content from which direct identifiers have been removed and to which we apply technical and organizational measures designed to prevent re-identification.

(d) No personal information for third-party model training. We do not sell, license, or otherwise provide identifiable personal information for the training of any third party's AI model.

(e) Transparency. In accordance with Article 50 of the EU AI Act, we inform you that you are interacting with an AI system and that Outputs are AI-generated.

7. Cookies and Tracking

We use cookies, pixel tags, web beacons, local storage, SDKs, and similar technologies to operate the Services, remember your preferences, analyze usage, secure the Platform, and (with your consent where required) deliver and measure advertising. Categories include strictly-necessary cookies, functional cookies, analytics/performance cookies, and targeting/advertising cookies. Third-party analytics and advertising partners may include Google Analytics, Google Tag Manager, Google Ads, Meta (Facebook), Pinterest, TikTok, PostHog, Customer.io, and Microsoft Clarity. We honor recognized opt-out preference signals where required by law, including the Global Privacy Control (GPC). Most browsers transmit a "Do Not Track" signal, but there is no industry consensus on how to respond to it; we treat GPC as the operative signal for opt-out of sale/sharing under the CCPA. For complete details, see our Cookie Policy.

8. Your Rights and Choices

Subject to applicable law, you have the following rights regarding your personal information:

(a) Access — to confirm whether we process your personal information and to obtain a copy.

(b) Correction (Rectification) — to correct inaccurate or incomplete personal information.

(c) Deletion (Erasure) — to request deletion of personal information, subject to legal exceptions.

(d) Restriction — to restrict processing in certain circumstances.

(e) Portability — to receive certain personal information in a structured, commonly used, machine-readable format, and to transmit that information to another controller where technically feasible.

(f) Objection — to object to processing based on legitimate interests, including profiling.

(g) Withdraw Consent — at any time, without affecting the lawfulness of prior processing.

(h) Lodge a Complaint — with a supervisory authority in your jurisdiction (for EEA/UK Users) or with the California Privacy Protection Agency or California Attorney General (for California residents).

To exercise these rights, contact us at support@anychats.ai or use the in-product privacy controls. We will respond within the timelines required by applicable law (generally 30 days under the GDPR and 45 days under the CCPA, extensible where permitted). We may need to verify your identity. We will not discriminate against you for exercising these rights.

9. Account Deletion

You may delete your account through the Help Center at https://anychats.ai/help or by emailing support@anychats.ai. Deletion is irreversible: your conversations, Projects, Shared Chats, Group Chat memberships, and settings will be removed. Encrypted backups containing your data are retained for a limited period (typically up to 90 days) before being overwritten in the ordinary backup rotation, after which they will be irretrievably deleted or rendered de-identified. We may retain certain records as required or permitted by law (for example, transaction and tax records, fraud-prevention records, audit logs evidencing the deletion request itself, and aggregated or de-identified data).

10. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data category and purpose. As an indicative summary: account data is retained for the life of the account plus a limited tail for legal and operational purposes; billing data is retained for the period required by applicable tax and accounting law (typically up to 7 years); chat content is retained until you delete the conversation or your account, subject to the backup window noted above; security and abuse-prevention logs are retained for a limited operational window.

Microsoft Clarity session recordings are retained for 30 days by default, with labeled or favorited sessions retained for 13 months, and Clarity heatmaps are retained for 13 months, as published by Microsoft.

11. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including Transport Layer Security (TLS) for data in transit; encryption at rest for sensitive data; access controls based on least-privilege principles and role-based access; network firewalls and intrusion-detection systems; logging, monitoring, and alerting; secure software-development practices including code review and dependency scanning; periodic third-party penetration testing; employee security training and confidentiality obligations; vendor due-diligence; and incident-response procedures.

In the event of a personal-data breach that meets the notification threshold under applicable law (for example, GDPR Articles 33–34, CCPA Cal. Civ. Code § 1798.82, or applicable state breach-notification laws), we will notify affected individuals and supervisory authorities within the required timelines. No system is perfectly secure, and we cannot guarantee absolute security.

12. Children’s Privacy

The Services are not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information. Parents or guardians who believe a child under 18 has provided us with personal information may contact us at support@anychats.ai.

13. International Users

QUANTUM95 LLC is established in the United States. If you access the Services from outside the United States, personal information may be transferred to, stored in, and processed in the United States and other countries that may not provide the same level of data protection as your country of residence. For transfers from the EEA, the UK, or Switzerland to the United States or other "third countries" without an adequacy decision, we rely on the Standard Contractual Clauses adopted by the European Commission, specifically Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679, supplemented by the UK Information Commissioner's Office International Data Transfer Addendum or the UK International Data Transfer Agreement for transfers from the UK, and by the corresponding Swiss instruments.

Where the recipient is certified under the EU-U.S. Data Privacy Framework, we may rely on that certification. We conduct transfer-impact assessments and apply supplementary measures (such as encryption and access controls) where appropriate.

14. California Residents

If you are a California resident, the CCPA gives you the following rights, all of which are summarized below and described in greater detail in this Policy:

(a) Right to Know — to know what categories and specific pieces of personal information we have collected, the sources, the business or commercial purposes for collection, and the categories of third parties to whom we have disclosed it.

(b) Right to Delete — to request deletion of personal information, subject to statutory exceptions.

(c) Right to Correct — to request correction of inaccurate personal information.

(d) Right to Opt-Out of Sale or Sharing — we do not sell personal information for monetary consideration. We may "share" certain identifiers with advertising partners for cross-context behavioral advertising, and you may opt out via our cookie banner, the "Do Not Sell or Share My Personal Information" link on our website, or by sending a Global Privacy Control signal.

(e) Right to Limit Use of Sensitive Personal Information — to direct us to use sensitive personal information only for purposes permitted by the CCPA.

(f) Right to Non-Discrimination — we will not deny services, charge different prices, or provide a different level of quality because you exercise a CCPA right.

To exercise these rights, email support@anychats.ai or use our online request form. We may need to verify your identity. You may use an authorized agent; we will require proof of authorization.

15. Third-Party Links

The Services may contain links to third-party websites, services, or content (including links produced in Web Search results, Deep Research outputs, or Shared Chats). Those third parties operate independently of QUANTUM95, and their privacy practices are governed by their own policies. We are not responsible for third-party practices.

16. Changes to This Policy

We may update this Policy from time to time. We will post the revised Policy at https://anychats.ai and update the "Last Updated" date. Material changes will be communicated by reasonable means; continued use of the Services after the effective date of the revised Policy constitutes acceptance.

17. Contact Us

Email: support@anychats.ai

Address: QUANTUM95 LLC (mailing address available at https://anychats.ai)