Privacy Policy

1. Overview

This Privacy Policy describes how Anchor Cyber Security LLC ("we", "us", "our") collects and uses information in connection with BitDrip — our self-hosted AI privacy protection software — and the portal.bitdrip.app registration and licensing portal.

2. What We Collect

We collect only the data strictly necessary to fulfill your license and operate the portal.

Registration data — when you create an account at portal.bitdrip.app:

• Full name
• Email address
• Organisation name

Payment data — when you purchase a subscription:

• Payment is processed entirely by Stripe, Inc. We never see, store, or handle your card number, CVV, or full payment details.
• We receive only a transaction confirmation and the associated Stripe customer ID so we can link your payment to your license.

License validation fingerprint — once BitDrip is running in your environment:

• The software periodically contacts portal.bitdrip.app to confirm the license is active. Each request includes: a deployment fingerprint (a SHA-256 hash derived from your server hostname, organisation ID, a random seed, and a hardware identifier), the server hostname, and your license JWT in the Authorization header.
• The fingerprint is a one-way identifier used solely to count distinct deployments against your license limit — it cannot be reversed to reveal user activity, prompts, or policy data.
• The hostname is used for deployment tracking. No user names, AI prompts, responses, violations, or audit log contents are ever transmitted.

3. What We Do NOT Collect

To be explicit, the following data is never transmitted to us and never leaves your infrastructure:

• Conversation content — prompts sent to AI services and their responses
• Detected violations or the content that triggered a policy rule
• Employee names, user accounts, or any user data managed inside your BitDrip deployment
• Audit logs generated by your BitDrip installation
• Network topology or internal IP addresses
• Any data processed by the self-hosted policy engine, API gateway, or dashboard

4. How We Use Your Information

• Issue and manage your BitDrip license file
• Send you download links, product updates, and your license renewal notices
• Process your subscription payment via Stripe
• Respond to your support requests
• Verify that an active license is associated with a given installation (via the fingerprint hash)
• Comply with legal obligations

We do not sell your personal data. We do not use your data for advertising or behavioural profiling.

5. Third-Party Processors

We share data with the following sub-processors, each engaged under a data processing agreement:

6. Data Retention

• Registration data (name, email, organisation): retained while your license is active, and deleted within 30 days after license cancellation or expiry, unless we are required by law to retain it longer.
• License fingerprints: retained for 12 months from the date of each check-in for license audit purposes, then deleted.
• Payment records: retained by Stripe per their data retention obligations; we retain transaction confirmation records for 7 years to satisfy accounting and tax requirements.

You may request earlier deletion of your registration data at any time (see Section 7).

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request erasure of your data (subject to legal retention requirements)
• Portability — receive your data in a structured, machine-readable format
• Objection / Restriction — object to or restrict certain processing activities
• Opt out of sale — we do not sell personal data; this right is satisfied by our business model

To exercise any of these rights, email privacy@anchorcybersecurity.com. We will respond within 30 days. We may need to verify your identity before acting on a request.

8. Security

• In transit: All data transmitted to and from portal.bitdrip.app is protected with TLS 1.3.
• At rest: Portal database records are encrypted with AES-256.
• Infrastructure: The portal backend runs on Railway's SOC 2 Type II certified infrastructure.
• Access control: Portal access is restricted to authorised Anchor Cyber Security LLC personnel with role-based access controls and MFA.

While we take these precautions, no transmission over the internet is guaranteed to be 100% secure. Please report security concerns to privacy@anchorcybersecurity.com.

9. Children

BitDrip is enterprise software intended for use by organisations and their employees. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us at the address below and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes — such as collecting new categories of data or sharing data with new third parties — we will notify registered users by email at least 14 days before the change takes effect. The "Last Updated" date at the top of this page will always reflect the most recent revision. Continued use of the portal after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions, data subject requests, or to report a concern: