Privacy Policy

AnimeLegends.ai (“we,” “us”) is a small AI-native anime studio. We collect the minimum amount of personal data required to run the site, the community, and the template store. We do not sell your data. We do not share it with advertisers.

1. Data you give us directly

• Email address. When you subscribe to the newsletter or create a Path account.
• Display name and optional bio. If you join as a Vault Keeper or submit Atlas entries.
• Payment metadata. For paid tiers and template purchases — last-four digits of card, billing country, invoice line items. Full card data is handled by our payment processors and never touches our servers.
• Content you submit. Atlas entries, comments, showcase posts, application forms.
• Communications. Support tickets, DMCA notices, legal correspondence.

2. Data collected automatically

• Analytics events. Page views, referrer, anonymized IP country, device category. Collected via Plausible (cookie-free by default) or PostHog (with strict EU data residency).
• Server logs. Standard HTTP access logs (IP, user-agent, timestamp, URL). Retained for 30 days for security and debugging, then rotated.
• Error telemetry. Client-side error reports via Sentry, scrubbed of personal fields and stack trace payloads where possible.

3. Data we receive from integrations

• Gumroad / Lemon Squeezy. Purchase records, customer email, refund status.
• Discord. Server membership, role assignments, and display name when you use the OAuth-linked Keeper application flow.
• GitHub. Public profile data when you contribute to the Forge repository.

We use the data we collect for the following purposes only:

• Operate the site, the Atlas, the community, and the template store.
• Send the weekly newsletter and account-related transactional email (purchase receipts, DMCA notices, membership changes).
• Attribute Atlas entries to their Keepers and compute revenue-share payouts.
• Detect abuse, enforce the Terms of Service, and respond to legal obligations.
• Improve the product — aggregate usage patterns, never individual behavior profiles.

We will never use your data to train a third-party model. We will never sell your data. We will never rent email lists.

We rely on a short, intentional list of vendors. Each one is a data processor acting on our written instructions.

Data Processing Addenda are on file with each vendor. EU users benefit from Standard Contractual Clauses (SCCs) wherever a transfer is involved.

We use cookies in two categories only:

• Strictly necessary. Session cookies for logged-in accounts, CSRF tokens, cart state. These do not require consent.
• Analytics (optional). When using PostHog, a first-party cookie is set to deduplicate visits. Plausible is cookie-free by default. You can opt out via the “Do not track” browser signal — we honor it.

We do not use advertising cookies, retargeting pixels, or cross-site tracking. There is no Facebook Pixel, no Google Ads tag, no TikTok Pixel on this site.

• Account data: kept while your account is active. Deleted or anonymized within 30 days of account closure.
• Purchase records: retained for 7 years (tax law requirement in most jurisdictions), then anonymized.
• Server logs: 30 days, then rotated.
• Analytics: aggregate retention of 24 months, individual events purged at 90 days.
• Email list: kept until you unsubscribe, then soft-deleted and purged after 90 days.
• Atlas entries: retained indefinitely under their Keeper’s attribution; if an entry is retracted via DMCA, the original text is removed but the metadata (date, Keeper ID, reason for retraction) is retained for legal defense.

Regardless of where you live, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated personal data, subject to legal retention requirements.
• Export your data in a portable, machine-readable format (JSON).
• Object to specific uses (e.g., ask us to stop processing for marketing purposes).
• Opt out of sale. We don’t sell your data, but for CCPA clarity: you have this right, and we permanently decline to exercise it.

Email privacy@animelegends.ai to exercise any of these rights. We respond within 30 days (GDPR standard). EU residents can also lodge a complaint with their local supervisory authority.

AnimeLegends.ai is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If we learn that we have inadvertently done so, we will delete it.

We use industry-standard security practices: TLS 1.3 everywhere, encrypted at rest for databases and object storage, least-privilege access on all infrastructure, and 2FA required for all operator accounts.

If we discover a breach involving your personal data, we will notify you within 72 hours (GDPR standard) and inform the relevant supervisory authority as required.

When we materially change this policy, we will update the “Last updated” date at the top, post a notice in the newsletter and on Discord, and — for significant changes — email account holders directly. Minor clarifications (typos, reformatting) may be published without a notice.

Privacy questions: privacy@animelegends.ai
General legal: legal@animelegends.ai
DMCA notices: dmca@animelegends.ai

Related documents: Terms of Service · DMCA Policy · Vault Legal Posture · Forge IP Carve-Out