Privacy Policy

Last Update: February 3rd, 2026

Introduction

We’re committed to protecting your privacy with care and transparency. This Privacy Policy explains how Serus collects, uses, shares, and safeguards information when you use our websites, applications, APIs, and related services (collectively, the “Services”).


This Privacy Policy is incorporated into our Terms of Service and should be read together with our Cookie Policy, Acceptable Use Policy, and (where applicable) our Data Processing Addendum (“DPA”).

1. Who We Are

The Services are operated by ANON AI Labs, Inc., a Delaware corporation (United States) (“Serus,” “ANON,” “we,” “us,” or “our”).


Contact

Support: support@serus.ai

Privacy/DPO: dpo@serus.ai

Support portal: https://www.serus.ai/support

2. Scope: Who This Policy Applies To

This Privacy Policy applies to:


  • visitors to our websites (including serus.ai and related domains we operate), and

  • customers, users, and authorized representatives who access or use the Services (including via the platform, API, integrations, or white-label deployments).


If you use the Services through an organization (for example, an employer), your organization may control and administer your account as described in our Terms of Service.

3. Roles: Controller vs. Processor

Depending on how you use the Services, Serus may act as either:

a data controller (for example, when we process account information, billing, and website analytics for our own purposes), and/or

a data processor/service provider (for example, when a business customer submits personal data into the Services and instructs us to process it on their behalf).

Where we act as a processor for business customers, our processing is governed by our DPA and the customer’s instructions. If you submit third-party data (e.g., for monitoring or removal requests), you are responsible for ensuring you have a lawful basis to do so.

4. Information We Collect

We collect information in three main ways: (1) you provide it, (2) we collect it automatically when you use the Services, and (3) we receive it from third parties as part of the Services.

4.1 Information you provide

Account information: name, email, login credentials (or authentication tokens), organization name (if applicable).

Billing information: billing address, payment status, subscription details. (Payment card details are typically processed by our payment processor, not stored by us.)

Customer content / Customer Data: information you submit to the Services, such as:

  • search inputs and queries (e.g., names, emails, usernames),

  • monitoring targets you configure (e.g., emails, phone numbers),

  • removal request details you provide (e.g., URLs, identifiers, supporting data),

  • outputs you save/export (where the product supports saving).

Support and communications: messages to support, survey responses, feedback, or other communications.

4.2 Information collected automatically

Usage data: feature usage, timestamps, clickstream events, session logs, error logs, performance metrics, diagnostic data.

Device and connection data: IP address, browser type, operating system, device identifiers, language settings, approximate location derived from IP.

Cookies and similar technologies: described in our Cookie Policy (https://www.serus.ai/cookies).

4.3 Information from third parties

Subprocessors and service providers: authentication providers, hosting providers, analytics providers, payment processors, customer support tools (see our Subprocessors list).

Third-party sources used for OSINT features: publicly available web sources and third-party datasets (including breach/dark web datasets) that we do not own or control. The Services may display results derived from these sources.

Important

We do not provide OSINT results from another customer’s private account data, and we do not disclose other customers’ queries or stored content to you.

5. Sensitive Information and Exposed Credentials

Certain features may allow you to view unredacted high-risk data (for example, exposed passwords, tokens, or similar information) (“Sensitive Information”).

Sensitive Information may be redacted by default and require an affirmative action (for example, a confirmation checkbox) before you can view unredacted content.

You may use Sensitive Information only for lawful, authorized security and privacy purposes (for example, securing accounts you own or are authorized to manage).

We may restrict, monitor, suspend, or terminate access to Sensitive Information where we reasonably believe use violates our Terms, AUP, or applicable law.

We do not guarantee the accuracy, completeness, or continued availability of any Sensitive Information or third-party sources.

6. How We Use Information

We use information for the following purposes:

6.1 To provide and operate the Services

create and manage accounts, authenticate users, and provide customer support

process searches, monitoring, alerts, and reports

process and transmit removal requests to third parties when you use removal features

administer subscriptions, billing, and plan entitlements

maintain audit logs for security and abuse prevention

6.2 To secure, protect, and improve the Services

detect, prevent, and investigate fraud, abuse, and security incidents

enforce our Terms and Acceptable Use Policy

debug, test, and improve performance and reliability

develop new features and improve user experience

6.3 To communicate with you

send service-related communications (transactional emails, alerts, security notifications)

respond to inquiries and provide support

send updates about changes to the Services or policies

6.4 Marketing and advertising (where permitted)

If permitted by applicable law and your settings, we may send marketing communications or serve advertising. You can opt out of marketing emails at any time. For cookies and similar technologies, see our Cookie Policy.

6.5 To comply with legal obligations

comply with applicable laws, regulations, and lawful requests

protect rights, safety, and property of Serus, our users, and others

7. Legal Bases for Processing (EEA/UK)

Where the GDPR/UK GDPR applies, we process personal data under one or more of these legal bases:

Contractual necessity (to provide the Services you request)

Legitimate interests (to secure and improve the Services, prevent abuse, and protect users), balanced against your rights

Consent (for non-essential cookies and certain optional features where required)

Legal obligation (to comply with laws and lawful requests)

Where we act as a processor for business customers, the customer determines the appropriate legal basis and provides instructions under the DPA.

8. How We Share Information

We do not sell your personal information in the traditional sense. We share information only as described here:

8.1 Subprocessors and service providers

We share information with vendors that help us operate the Services (hosting, analytics, payments, support tools, security). These vendors are bound by contractual obligations to protect data.

See: Subprocessors (https://www.serus.ai/subprocessors)

8.2 Removal requests and third parties

If you use removal features, we may transmit information you provide (such as URLs and identifiers) to relevant third parties (e.g., website operators or platforms) on your behalf.

8.3 Legal and safety reasons

We may disclose information when we believe it is necessary to:

comply with law or legal process,

protect rights, safety, and security,

investigate abuse or enforce our agreements.

8.4 Business transfers

If we’re involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

9. International Data Transfers

Because we operate globally, personal data may be processed in countries other than where you live, including the United States


Where required, we use appropriate safeguards for international transfers (such as Standard Contractual Clauses) and additional measures described in our DPA.


See: DPA (https://www.serus.ai/dpa)

10. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.


Typical retention factors include:

  • maintaining your account and providing the Services,

  • complying with legal obligations (e.g., accounting, tax, security),

  • resolving disputes and enforcing agreements,

  • preventing abuse and maintaining security logs.


Where supported by the Services, you can delete certain Customer Data through your account or by contacting support.

11. Security

We maintain reasonable administrative, technical, and organizational measures designed to protect personal data. No system is 100% secure, and you are responsible for maintaining the confidentiality of your credentials and securing your devices


If required by law, we will provide breach notifications to affected users and regulators.

12. Your Privacy Rights

Depending on your location, you may have rights such as:

  • access, correction, deletion

  • restriction and objection

  • data portability

  • withdrawing consent (where processing is based on consent)

12.1 EEA/UK

You may also have the right to lodge a complaint with your local data protection authority.

12.2 California (CCPA/CPRA)

California residents may have rights to:

  • know what personal information we collect/use/disclose

  • request deletion

  • correct inaccurate personal information

  • opt out of certain “sharing” for cross-context behavioral advertising (where applicable)

  • not be discriminated against for exercising rights


We do not “sell” personal information for money. We may “share” information for cross-context behavioral advertising depending on your cookie choices and settings.


Under some U.S. state privacy laws, certain advertising-related disclosures may be considered ‘sharing’ for cross-context behavioral advertising.

13. How to Exercise Your Rights

To submit a request, contact: dpo@serus.ai or https://www.serus.ai/support.


We may need to verify your identity and/or authority (for example, if you request deletion or submit removal requests as an agent). If you act as an authorized agent, we may request proof of authorization.

14. Cookies and Tracking

We use cookies and similar technologies for essential functionality, analytics, and advertising (where permitted). You can manage your preferences through cookie banners and browser settings.

See: Cookie Policy (https://www.serus.ai/cookies)

15. Children’s Privacy

The Services are not intended for children under 18, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on our website or within the Services and update the effective date. If changes are material, we will provide additional notice where required by law.

17. Contact

For questions about this Privacy Policy or our data practices:

Support: support@serus.ai

Privacy/DPO: dpo@serus.ai

Support portal: https://www.serus.ai/support


ANON AI Labs, Inc.

A Delaware corporation, United States