Privacy Policy

Last updated: April 1, 2026 · Effective: April 1, 2026 · SEENINTL Company d/b/a ANIMA
The short version: ANIMA processes biometric signals in-browser and discards them immediately. We never store raw biometric data, never set tracking cookies, and never sell any data. No consent banner is required because we do not trigger GDPR Article 4 for end users.

1. Who We Are

SEENINTL Company d/b/a ANIMA operates the human verification platform at animaid.to. We are the data controller for developer account data and the data processor for verification events. Contact: privacy@animaid.to.

2. Two Types of Users

Developers (you, our customer) — you create an account, manage API keys, and pay for our service. We collect your name, email, and billing information to operate the platform.

End Users (your users) — people who interact with the ANIMA widget on your site. We do not collect personal information from end users.

3. What We Collect From Developers

DataPurposeRetention
Name & emailAccount management, support, billingUntil account deletion + 30 days
Password (bcrypt hash)AuthenticationUntil account deletion
Payment dataBilling (processed by Lemon Squeezy — we never see card numbers)Per Lemon Squeezy policy
API key usage countsPlan enforcement, analyticsUntil account deletion
Session tokensAuthentication30 days or until logout

4. What We Collect From End Users

DataHow ProcessedStored?
Drawing tremor patternIn-browser JavaScript — converted to confidence scoreNever — discarded immediately
Tap rhythm intervalsIn-browser JavaScript — converted to confidence scoreNever — discarded immediately
Word association latencyIn-browser JavaScript — converted to confidence scoreNever — discarded immediately
Mouse movement patternIn-browser JavaScript — converted to confidence scoreNever — discarded immediately
IP address (hashed)One-way SHA-256 + salt. Used for abuse prevention only24 hours then auto-deleted
User agent (hashed)One-way SHA-256. Used to detect automation tools24 hours then auto-deleted

We do not use cookies for end users. We do not set persistent identifiers. We do not fingerprint devices. We do not build profiles.

5. Legal Bases for Processing (GDPR)

6. Your Rights (GDPR / UK GDPR)

EU and UK residents have the right to: access their data, correct inaccurate data, delete their data ("right to be forgotten"), restrict processing, data portability, and object to processing. To exercise any right, email privacy@animaid.to. We respond within 30 days.

7. Your Rights (CCPA — California)

ANIMA does not sell personal information. California residents may request disclosure of any data we hold by emailing privacy@animaid.to. We will respond within 45 days as required by CCPA.

8. Children

ANIMA is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child's data has been collected, email privacy@animaid.to and we will delete it within 72 hours.

9. Data Transfers

Our servers are located in the United States. If you are in the EU/EEA, your data is transferred to the US under Standard Contractual Clauses (SCCs) as approved by the European Commission. Email legal@animaid.to to request a copy of our SCCs.

10. Third Parties

We do not share your data with advertisers, data brokers, or any third party for marketing purposes.

11. Security

We use industry-standard security: TLS 1.3 for all data in transit, bcrypt for passwords, HMAC-SHA256 for API token signing, PostgreSQL encryption at rest. API keys are hashed and the plaintext Secret Key is never stored after creation.

12. Changes to This Policy

We will notify developers by email at least 14 days before material changes. The current version is always at animaid.to/privacy.html.

13. Contact

Data Protection / Privacy: privacy@animaid.to
Legal: legal@animaid.to
SEENINTL Company d/b/a ANIMA · 5016 Watercrest Rd Apt 6204, Killeen, Texas 76549, United States