This Privacy Policy explains how Anomaly Marketing Co (“Anomaly,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use the Anomaly OS mobile application and related services (collectively, the “App”). By using the App, you agree to this Policy.

If you use the App on behalf of a business (for example, as an employee of one of our clients), that business is typically the data controller for customer records inside the App, and Anomaly acts as a service provider/processor. Where we act as processor, we process personal data under our agreement with the business and its instructions.

If you do not agree with this Policy, do not use the App.

1) Who we are & how to contact us

Controller/Provider: Anomaly Marketing Co
Website: https://www.betheanomaly.io
Email: support@betheanomaly.io

2) Information we collect

A. Information you provide

• Account & Profile: name, business name, email, phone, job title, password or SSO tokens.
• Business Records: contacts/leads, notes, tasks, opportunities, pipeline values, invoices, bookings, custom fields.
• Communications Content: messages, emails, call logs, voicemails, SMS/MMS (including media, if you attach it), and responses.
• Media & Files (optional): photos, videos, documents you upload to contacts, conversations, funnels, posts, etc.
• Calendar & Scheduling (optional): calendar events, availability, meeting details if you connect a calendar.
• Payment & Billing (optional): invoice details, partial card data handled by our payment processor (we do not store full card numbers).
• Support: information you include in support requests or feedback.

B. Information collected automatically

• Device & App Data: device model, operating system, app version, language, time zone, mobile network.
• Identifiers: device identifiers (e.g., IDFA/GAID where permitted), IP address, user/account IDs.
• Usage & Diagnostics: feature usage, taps, performance logs, crash data, and in-app events.
• Approximate Location (optional): if enabled by your OS settings, used for features like region formatting, security, or geo-relevant functions. The App does not collect precise GPS location unless you explicitly grant it for a location-based feature.

C. Information from integrated services (optional)

If you connect third-party services, we receive data from:

• Email & Calendar providers (e.g., Google/Microsoft) for syncing messages and events you choose.
• Payments (e.g., Stripe) for invoice/payment processing.
• Telephony/SMS (e.g., Twilio) for calling and texting features.
• Analytics/Crash reporting (e.g., Firebase/Google Analytics) for performance and product improvement.
• File Storage/CDN (e.g., AWS) to store files you upload.

We process only the data necessary to provide the connected feature and according to each provider’s permissions.

3) How we use information

We use the information described above to:

• Provide the App: authenticate you; sync, display, and manage your CRM, messaging, pipelines, bookings, payments, and other features you use.
• Communicate with you: send service, security, and transactional notices; respond to support; optionally send product updates and tips (you can opt out of non-essential emails/SMS).
• Improve & secure the App: monitor performance; debug; analyze aggregate usage; prevent fraud, spam, or misuse.
• Comply with law & enforce terms: meet legal obligations; protect our rights and users.

We do not sell your personal information.

4) Legal bases for processing (EEA/UK)

Where GDPR/UK GDPR applies, our legal bases include:

• Contract necessity (to deliver the App and features you request),
• Legitimate interests (e.g., product security, improvement, fraud prevention),
• Consent (for optional features like push notifications or precise location), and
• Legal obligations.

When we act as a processor for a business customer, that customer is responsible for establishing a legal basis for personal data it controls.

5) How we share information

We share information only as needed to operate the App or as required by law:

• Service Providers/Processors: cloud hosting (e.g., AWS), analytics/crash reporting (e.g., Firebase), email/SMS/voice (e.g., Mailgun/SendGrid/Twilio), payments (e.g., Stripe), customer support tools, push notification providers, and similar vendors bound by confidentiality and data-processing terms.
• Business Customer (your employer/client): If you use the App as part of an organization, your admins/teammates may see your activity and data consistent with the account’s settings and permissions.
• Legal & Safety: to comply with legal requests, enforce our terms, or protect rights, property, and safety.
• Business Transfers: in connection with a merger, acquisition, or asset sale (we will notify you if required by law).

We do not allow service providers to use your data for their own advertising or marketing.

6) International transfers

We may process and store information in the United States and other countries. Where required, we implement appropriate safeguards (e.g., standard contractual clauses) for cross-border transfers.

7) Data retention

We retain information for as long as your account is active or as needed to provide the App, comply with legal obligations, resolve disputes, and enforce agreements. Business customers may set their own retention practices for data they control. We may anonymize and retain non-personal data for analytics.

8) Your rights & choices

A. App/OS permissions

You can control access to contacts, camera, photos, microphone, notifications, and location through your device settings. Disabling permissions may limit certain features.

B. Communications preferences

You can opt out of non-essential emails/SMS by using unsubscribe links or replying “STOP” to SMS (where available). Service and transactional messages are still sent as needed.

C. Privacy rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict certain processing of your personal information.

• California/CPRA: You may request access, deletion, and to opt out of “sale” or “sharing.” We do not sell or share personal information for cross-context behavioral advertising.
• EEA/UK: You may object to processing based on legitimate interests and withdraw consent where processing is based on consent.

To exercise rights, contact support@betheanomaly.io. If your data is controlled by a business customer, please direct your request to that business; we will support them in fulfilling it.

9) Security

We implement administrative, technical, and physical safeguards designed to protect information (e.g., encryption in transit, access controls, logging). No method of transmission or storage is 100% secure; you are responsible for maintaining the secrecy of account credentials and for using up-to-date devices and OS versions.

10) Children’s privacy

The App is not directed to children. We do not knowingly collect personal information from children under 13 (or under 16 where applicable). If you believe a child has provided personal information, contact us to request deletion.

11) Third-party services & links

The App may link to or integrate with third-party services (e.g., Google, Microsoft, Stripe, Twilio). Your use of those services is governed by their own terms and privacy policies. We are not responsible for their practices.

12) Do Not Track

Your browser or device may offer a “Do Not Track” setting. At this time, we do not respond to DNT signals. Where required by law (e.g., CPRA), we honor opt-out preferences through applicable mechanisms.

13) Changes to this Policy

We may update this Policy from time to time. The “Last updated” date shows when changes were made. If changes are material, we will provide additional notice as required (e.g., in-app notice or email).

14) Contact

Questions or requests about this Policy or your data?
Email: support@betheanomaly.io
Website: https://www.betheanomaly.io

App Store / Play Store disclosures (summary)

Data collected (may be linked to your identity depending on account setup):

• Contact Info: name, email, phone.
• Identifiers: user ID, device IDs, IP address.
• User Content: messages, notes, media you upload.
• Contacts (optional): if you import/sync contacts.
• Calendar (optional): if you connect a calendar.
• Financial Info (optional): invoices, payment status (card data handled by Stripe).
• Usage Data & Diagnostics: product interaction, crash logs, performance.
• Location: approximate, only if enabled.

Purposes: App functionality, account management, communications (SMS/email/calls), analytics, fraud prevention, security, and customer support.
Data sharing: with service providers only to operate the App.
Data linked to you: account/profile, contact info, identifiers, content associated with your account.
Tracking: We do not use third-party advertising SDKs for cross-app tracking.

Tip for your store listings: in Apple’s “App Privacy” and Google Play’s “Data safety” forms, mirror the categories above (and disable “precise location” unless you truly use it).

Data Processing Addendum (business users)

If you are a business customer that requires a DPA, please email support@betheanomaly.io. Where Anomaly acts as processor, we will process personal data on your documented instructions, implement appropriate security measures, assist with data subject requests, and flow down processor obligations to sub-processors.