Privacy Policy for Paradox

Effective Date: October 7, 2025

Operated by: Anomaly LLC-FZ

1. Introduction

Privacy and user sovereignty are deeply embedded in our ethos.

This Privacy Policy explains how we handle, protect, and minimize data while providing a high-performance creative environment. We collect only what is necessary for functionality and never for profiling, advertising, or exploitation.

2. Our Privacy Philosophy

  • Collect less, process locally, encrypt where possible.
  • Never sell, rent, or trade data.
  • Always prioritize user sovereignty.
  • Transparency is non-optional.

3. Information We Collect

a) Account Data

When you create an account, we collect:

  • Your email address (for login, billing, or support)
  • Password (encrypted)
  • Subscription details (tier, usage, billing status)

We may offer anonymous login via Bionic in the future. When available, this will allow pseudonymous accounts without requiring personal identifiers.

b) Content You Create

The text, notes, images, and other materials you create ("Content") remain your intellectual property. We process this Content solely to provide functionality (saving versions, search, refinement, exports, etc.). Your Content is not used for model training, profiling, or third-party analytics.

c) AI Processing

When you request AI assistance (e.g., writing, refinement, analysis), your content and relevant context are transmitted to one or more model providers:

  • OpenAI (United States)
  • Anthropic (Claude) (United States)
  • Alibaba/Qwen (Singapore)
  • Deepseek (Singapore/China region)
  • Google (Gemini) (United States)

We transmit only the data required for the specific request. These providers process the input transiently to generate a response; they do not retain it for training or analysis beyond their published retention policies. All communication with these models is encrypted (TLS 1.2+).

d) Usage & Diagnostic Data

To maintain and improve performance, we collect minimal, anonymized usage metrics such as:

  • Feature usage frequency
  • Error or crash reports
  • Load times and server response metrics

Third-party analytics may be introduced over time. We will try to integrate privacy-friendly options to the extent they are available and feasible, and configure them to minimize cookies and personal identifiers where possible.

4. Cookies and Tracking

Paradox does not use advertising cookies, tracking pixels, or fingerprinting technologies. Session cookies are used solely for authentication and expire automatically. We do not track you across other sites, and we do not embed social media scripts or trackers.

5. Data Storage and Residency

All primary data is hosted with DigitalOcean in its Singapore (SGP) region, including:

  • PostgreSQL databases (encrypted at rest)
  • Spaces object storage (for media, exports, backups)
  • CDN delivery for assets (cached globally)

Notifications are delivered through Upstash (global Redis-based infrastructure). Email communication (verification, password reset, billing alerts) is handled via AWS Simple Email Service (SES). Payments are processed securely by Stripe and the Apple App Store (for iOS/macOS purchases).

We select infrastructure partners based on security, privacy commitments, and regulatory compliance.

6. Data Security

We implement:

  • End-to-end encryption for data in transit (TLS 1.2+)
  • Encryption at rest for databases and file storage
  • Strict internal access control and audit logging
  • Regular security patching and system hardening
  • No plaintext password storage — all credentials are hashed with industry-standard algorithms

If an offline version of Paradox is used (when available), your data remains on your device unless explicitly exported.

7. Data Retention and Deletion

We retain data only for as long as necessary to provide the Service or comply with legal obligations.

  • You can delete your account at any time within the app or by contacting [email protected].
  • Upon deletion, your content and associated data are permanently erased from active systems within 30 days.
  • Backup copies are automatically purged within 90 days.
  • Inactive trial accounts may be deleted after 6 - 12 months of inactivity, or at our discretion.

8. Payment Information

Payments and subscriptions are processed by Stripe and Apple App Store. Anomaly LLC-FZ never stores your credit card or banking details. Stripe and Apple are fully PCI-DSS compliant and use their own encryption and tokenization systems. You can review their policies here:

9. Data Sharing and Disclosure

We do not sell, rent, or trade personal information. We share data only with subprocessors necessary to operate the product:

Purpose Provider Location
Infrastructure & storage DigitalOcean Singapore
CDN DigitalOcean Global
Email delivery AWS SES Global (primarily EU/US)
Notifications Upstash Global
Payments Stripe, Apple App Store Global
AI processing OpenAI, Anthropic, Alibaba/Qwen, Deepseek, Google Regional (US/SGP/CN)

Each partner is contractually bound to privacy and data protection standards consistent with GDPR principles.

10. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access the data we hold about you
  • Correct inaccuracies
  • Request deletion ("Right to be Forgotten")
  • Object to processing (where applicable)
  • Withdraw consent for non-essential processing
  • Request a copy of your data in a portable format

You may exercise these rights by contacting [email protected]. We will verify your identity before processing any request.

11. International Data Transfers

Because our infrastructure and providers operate globally, your data may be processed outside your home country. Where transfers occur, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions (for recognized jurisdictions)
  • Encryption and limited retention to maintain safety and privacy

12. SEO, Analytics, and Marketing

We do not run advertising or behavioral marketing. We may use privacy-focused analytics and SEO optimization tools solely to measure traffic and improve discoverability. These tools will always operate in compliance with this Policy and never use personally identifiable tracking, if possible.

13. Children's Privacy

Paradox is not directed toward users under 16. If we learn that a child's data has been submitted, it will be deleted immediately upon verification.

14. Policy Updates

We may revise this Privacy Policy as our technology evolves or regulations change. All updates will be posted with an updated "Last Revised" date, and significant changes will be communicated within the app or via email. Our commitment to privacy will never be weakened.

15. Contact Us

Anomaly LLC-FZ

The Meydan Hotel, Grandstand, 6th Floor

Meydan Road, Nad Al Sheba,

Dubai, United Arab Emirates

Email: [email protected]

16. Data Processing and Residency Addendum (DPA)

For enterprise customers and regulators:

  1. Data Controller: Anomaly LLC-FZ
  2. Data Processor: As applicable, DigitalOcean (SGP), AWS SES, Upstash, Stripe, Apple, and model providers listed above.
  3. Data Residency: Singapore (primary), with secure cross-border transfers under contractual safeguards.
  4. Data Retention: Operational data (30 days post-deletion); backups (≤90 days).
  5. Subprocessor Review: Conducted semi-annually; any changes will be reflected on the official policy page.
  6. Incident Response: Security incidents are reported within 72 hours to affected users and, where applicable, to relevant authorities.