Skip to content
← Anaptu

Privacy Policy

Effective: March 26, 2026 | Last updated: March 26, 2026

1. Who We Are

Anaptu ("we", "us", "our") is an AI-powered learning platform operated by AgentSOX Ltd., based in Israel. This policy explains how we collect, use, and protect your personal data when you use our service at anaptu.com.

AgentSOX Ltd.
Israel

AgentSOX has not appointed a Data Protection Officer as we do not currently meet the thresholds requiring mandatory appointment under GDPR Article 37 or Israel's Privacy Protection Law Amendment 13. For all privacy inquiries, contact us at atlas@agentsox.com.

EU/EEA Representative: We have not yet appointed an EU/EEA representative under GDPR Article 27. If you are located in the EU/EEA and wish to exercise your data protection rights, please contact us directly at atlas@agentsox.com. We will appoint an EU representative as our EU user base grows.

2. What We Collect

When you use Anaptu, we collect the following categories of personal data:

  • Account information: Your name, email address, and profile picture from Google OAuth. We do not store your Google password.
  • Age: We ask for your age to personalize the teaching experience and comply with children's privacy laws.
  • Learning data: Topics you study, compass plans (structured learning outlines), chat messages with the AI tutor, quiz responses, and progress data.
  • Usage data: Pages visited, features used, session duration, and device/browser information.
  • Preferences: Language, theme (light/dark), and locale settings stored in cookies.

3. Google User Data

Anaptu uses Google OAuth to authenticate your account. We access your Google account name, email address, and profile picture solely to create and maintain your Anaptu account.

Anaptu's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, transfer it to third parties (except as necessary to provide the Service), or use it to train AI/ML models.

We process your personal data based on the following legal grounds:

  • Contract performance (GDPR Art. 6(1)(b)): Processing necessary to provide the Anaptu learning service you signed up for.
  • Legitimate interest (GDPR Art. 6(1)(f)): Analytics and service improvement using aggregated, anonymized data.
  • Consent (GDPR Art. 8): For users under 16, we process data based on parental/guardian consent. You may withdraw consent at any time.
  • Israel Privacy Protection Law: As an Israeli company, we comply with the Protection of Privacy Law, 5741-1981, including Amendment 13, which governs the collection, storage, use, and transfer of personal data in Israel.

5. How We Use Your Data

  • Personalization: We use your learning history, age, and preferences to tailor lessons, adjust difficulty, and recommend topics.
  • AI tutoring: Your messages are sent to AI language model providers to generate teaching responses (see Section 6).
  • Service improvement: We analyze aggregated, anonymized usage patterns to improve the platform.
  • Communication: We may send important service updates to your email. We will never send marketing emails without your explicit consent.

6. AI and Your Data

Anaptu uses artificial intelligence to generate teaching content. When you send a message in a learning session, your message is sent to our AI provider (currently AWS Bedrock) to generate a response.

  • We do not use your data to train AI models. Our AI provider (AWS Bedrock) does not retain your messages or use them for model training. Messages are processed in real-time and not stored by the provider.
  • Your messages are transmitted to our AI provider over encrypted connections (TLS). Conversation history is stored in our database to maintain session continuity.
  • AI-generated responses may contain errors or inaccuracies. Anaptu is not a substitute for professional education or certified teaching.
  • We do not use AI to make automated decisions that produce legal or similarly significant effects on you.
  • AI-generated conversations may be monitored by automated safety systems to detect and prevent harmful content. Flagged content may be reviewed by authorized personnel.

7. Data Sharing and Sub-processors

We do not sell your personal data. We do not share your data for advertising purposes.

Service Providers

We share data only with the following service providers who process data on our behalf:

ProviderPurposeLocation
AWS BedrockAI language model processingUS (Virginia)
Google OAuthAuthenticationUS
VercelFrontend hostingUS / Global CDN
AWS (EC2/RDS)Backend hosting, databaseUS / EU
LangfuseAI observability (anonymized)EU (Germany)
Polar.shBilling (future)EU

In addition to the sub-processors listed above, your data may be accessed by AgentSOX employees and contractors who need access to perform their duties, subject to confidentiality obligations. We do not share data with any other categories of recipients.

Legal Disclosure

We may disclose your personal data when required by law, in response to valid legal process (such as a subpoena, court order, or government request), or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Third-Party Links

The Service may contain links to third-party websites or resources. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and Israel. For transfers from the EU/EEA, we rely on:

  • EU adequacy decisions (Israel has a partial adequacy decision from the European Commission)
  • Standard Contractual Clauses (SCCs) with our US-based sub-processors

9. Data Retention

  • Account data: Retained as long as your account is active.
  • Learning sessions and chat history: Retained for 24 months from last activity, then automatically deleted.
  • Usage analytics: Retained in aggregated, anonymized form indefinitely.
  • Deleted accounts: All personal data is permanently deleted within 30 days of account deletion request.

10. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Request export of your data in a machine-readable format.
  • Restriction: Request that we limit processing of your data.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Withdraw consent at any time (for processing based on consent).
  • Automated decision-making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Anaptu does not currently make such decisions.

To exercise any of these rights, contact us at atlas@agentsox.com. We will respond within 30 days (or sooner as required by applicable law).

Supervisory Authorities

EU/EEA users: You also have the right to lodge a complaint with your local data protection supervisory authority.

Israeli users: You may lodge a complaint with the Privacy Protection Authority (PPA) at www.gov.il/en/departments/the_privacy_protection_authority.

California residents (CCPA): We do not sell personal information. You have the right to know, delete, and correct your personal information. We will not discriminate against you for exercising these rights.

11. Cookies

We use only essential cookies required for the service to function:

  • Authentication cookie: Session token to keep you signed in.
  • Locale cookie: Stores your language preference (English/Hebrew).
  • Theme cookie: Stores your visual theme preference (light/dark/palette).

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Because we use only strictly necessary cookies, we do not require cookie consent under the ePrivacy Directive.

Do Not Track: Because we do not use tracking or advertising cookies, the Service operates the same way whether or not a Do Not Track signal is received.

12. Children's Privacy

Anaptu is designed for learners of all ages, including children. We take children's privacy seriously and comply with the U.S. Children's Online Privacy Protection Act (COPPA) and GDPR provisions for minors.

  • Users under 13 (COPPA): We require verifiable parental consent before collecting any personal data from children under 13. A parent or guardian must create and approve the account.
  • Consent mechanism: To verify parental consent, we use an email-plus method: the parent receives an email with a link to confirm consent via a follow-up verification step. Parents can withdraw consent at any time by contacting atlas@agentsox.com.
  • Users 13-15 (GDPR): In EU/EEA countries where the digital age of consent is 16, we require parental consent for users under 16.
  • Data minimization: We collect only the minimum data necessary to provide the learning service for minors.
  • No behavioral profiling: We do not use children's data for advertising, behavioral profiling, or any purpose other than providing the learning service.
  • AI disclosure: Parents should be aware that children's messages are processed by our AI provider (AWS Bedrock) to generate teaching responses. This data is not retained by the AI provider.
  • Parental visibility: Parents or guardians of users under 13 may request access to their child's chat history and learning activity at any time by contacting atlas@agentsox.com.
  • Parental rights: Parents can review, request deletion of, or refuse further collection of their child's data at any time.

13. Security

We implement appropriate technical and organizational measures to protect your personal data, including: encrypted data transmission (TLS), encrypted data at rest, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and Israel's Privacy Protection Law.

15. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of Anaptu after changes constitutes acceptance of the updated policy.

16. Contact

For privacy questions, data requests, or complaints, contact us at: atlas@agentsox.com

AgentSOX Ltd.
Israel