At Anara, safeguarding your data is our highest priority. We’ve designed our platform with security and privacy at its core. Below, you’ll find information on how we protect your data, our compliance efforts, and answers to common security questions.

We encourage responsible disclosure of any security vulnerabilities. Please send reports to security@anara.com, and our team will acknowledge and investigate promptly.

Compliance

SOC 2 (in progress)

We are actively working with an audit partner to achieve full SOC 2 Type 2 compliance. This ensures that Anara’s controls around security, availability, processing integrity, confidentiality, and privacy meet rigorous, industry-recognized standards.

CCPA

CCPA (California Consumer Privacy Act): California residents have rights to access, delete, and opt out of the sale of their personal information. Refer to our Privacy Policy for details on exercising these rights.

Model Training

Anara employs advanced language models to surface insights from your research materials.

  • No Third-Party Model Training: We never allow third-party AI providers (like OpenAI and Anthropic) to train their models on your private or proprietary data.
  • No Internal Model Training: Your data is never used to train any AI models within Anara. We do not use your information for internal model development.

Data Encryption

Encryption at Rest

Our data security measures include multiple layers of encryption: our primary database uses AES-256 (or equivalent) encryption for all user and application data, which is hosted in US-based data centers. Uploaded files and media are protected in encrypted object storage buckets with server-side encryption, also located in US regions. Additionally, we employ managed in-memory data stores for caching and session data, all of which remains encrypted at rest using industry-standard algorithms.

Encryption in Transit

All data transmitted to and from Anara is protected using industry-standard encryption protocols. We enforce TLS 1.2 or higher across our entire infrastructure, including web app access, API calls, database connections, object storage, CDN delivery, and internal service communications. This ensures that all data remains private and secure while in transit, with automatic rejection of any non-encrypted connection attempts.

Access Control

Role-Based Access

We implement strict role-based access controls (RBAC) at both the application and infrastructure levels. Only authorized personnel have the minimum permissions required to perform their jobs. Database credentials, API keys, and production secrets are stored in encrypted secret-management services with fine-grained access policies.

Multi-Factor Authentication (MFA)

All Anara employees with access to production systems are required to use MFA (with hardware tokens or authenticator apps). For organizations using Anara’s Enterprise tier, we offer Single Sign-On (SSO) via SAML 2.0 or OAuth2, integrating seamlessly with popular identity providers. MFA is enforced at the identity provider level.

Data Retention

  • Data Deletion: You have full control over your data. At any time, you can delete individual folders, files, or your entire account. Once deleted, content is purged from our database and object storage within 30 days.
  • Data Export: To request an export of your files, folders and library data, email support@anara.com. We’ll prepare a downloadable ZIP containing your raw files and database exports.
  • Retention Policies:
    • Active Data: Stored indefinitely until you choose to delete.
    • Backups: Daily encrypted backups of your database are retained for 30 days, after which they’re permanently deleted.
    • Logs: Application logs and audit trails are stored for 90 days and then automatically purged or aggregated.

Frequently Asked Questions (FAQ)

Additional Resources

If you have further questions or need clarification about our security practices, please reach out to our Security team at security@anara.com. We’re here to ensure that your research environment is not only powerful, but also secure and trustworthy.