Effective Date: December 2, 2025
Last Updated: December 2, 2025
Company: Anso (operated by Bright Idea Sparks, LLC)
Contact: privacy@ideasparks.io
Anso ("we," "our," or "us") provides an AI-powered enterprise intelligence platform that conducts strategic interviews with employees, analyzes organizational workflows, and delivers transformation insights. We are committed to protecting the privacy and security of all individuals whose data we process — including our clients, their employees, and visitors to our website.
This Privacy Policy explains what information we collect, how we use it, and the choices available to you when you use our website, platform, and services (collectively, "Services").
Scope: This Privacy Policy applies when Anso acts as a data controller (e.g., website visitors, prospective clients) and when Anso acts as a data processor on behalf of enterprise clients. Where Anso acts as a data processor, the client organization is the data controller and their own privacy policies govern the collection and use of their employee data. In those cases, this policy describes the processing Anso performs on the client's behalf.
When you visit tryanso.com, we may collect:
When an enterprise client engages Anso, we collect:
Our AI interview platform collects data from employees who participate in interviews on behalf of a client organization:
Important: Employee participation is arranged by and through the client organization. Anso acts as a data processor on behalf of the client (the data controller). Employees should consult their employer's internal privacy notices for details on the basis for participation.
For clients who engage Anso's Workflow Intelligence services:
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Conduct AI interviews and produce deliverables | Voice recordings, transcripts, organizational context | Legitimate interest / Contract performance |
| Analyze workflows and identify inefficiencies | Behavioral metadata, interview insights | Legitimate interest / Contract performance |
| Generate client reports and transformation roadmaps | Aggregated and synthesized interview and workflow data | Contract performance |
| Support ongoing Intelligence Base subscriptions | Transcripts, validated workflows, anonymized behavioral patterns | Contract performance |
| Improve our platform and AI capabilities | Aggregated, de-identified usage patterns only | Legitimate interest |
| Communicate with prospects and clients | Contact information | Consent / Legitimate interest |
| Comply with legal obligations | As required | Legal obligation |
| Prevent fraud and ensure platform security | Technical information, usage data | Legitimate interest / Legal obligation |
We do not:
Anso's platform uses third-party AI services to power our interview engine, analysis capabilities, and report generation. These providers process data under contract as subprocessors acting on Anso's instructions. Our current AI subprocessors are:
| Provider | Role | Data Processed |
|---|---|---|
| ElevenLabs | Voice synthesis for AI interview conversations | Voice audio, conversation content |
| Anthropic (Claude API) | Interview analysis and synthesis | Interview transcripts, organizational context |
| OpenAI (GPT API) | Report generation and analysis support | Interview transcripts, organizational context |
A current list of all subprocessors is available upon request.
Anso has contractually ensured that no client data is used to train third-party AI models. Specifically:
None of these providers retain client data beyond what is necessary to process the immediate request, subject to their respective data retention and safety obligations described in Section 4.4.
Our AI subprocessors may review or flag content that their automated systems identify as potentially violating their usage policies (e.g., content involving illegal activity, fraud, or safety concerns). This monitoring is limited to policy enforcement and safety purposes. In rare cases:
These safety-related reviews are standard across enterprise AI providers and are limited to detecting misuse — they do not involve general-purpose data mining or model training on client content.
Anso employs anonymization and aggregation throughout our process:
We maintain and use de-identified information in de-identified form and will not attempt to re-identify it, unless required by law.
We may share data with the following categories of recipients:
We require all third-party processors to maintain security standards consistent with our own commitments. We do not sell personal data to any third party.
Voice recordings from AI-conducted interviews are retained for 90 days following completion of the relevant interview session. This period allows for quality assurance, transcript verification, and resolution of any client questions. After 90 days, voice recordings are automatically deleted from Anso's systems and from our voice synthesis provider (ElevenLabs).
Interview transcripts are retained for the duration of the client service relationship. Transcripts support ongoing intelligence services, including the Anso Intelligence Base subscription. Upon termination of the service agreement, transcripts are deleted within 90 days unless the client requests earlier deletion or extended retention.
For Intelligence Base subscribers, transcripts are retained as part of the active subscription and deleted upon termination plus a 90-day wind-down period.
Behavioral and workflow metadata is retained only for the duration of active analysis. It is deleted or returned to the client upon engagement completion.
Analytics data is retained for up to 24 months. Contact information is retained until you unsubscribe or request deletion.
Retained for the duration of the business relationship plus any legally required retention period.
While Anso enforces the retention periods above for data within our control, our AI subprocessors may retain limited data pursuant to their own safety, security, and legal obligations:
You or your organization may request deletion at any time by contacting us at the address in Section 14. We will process deletion requests within 30 days and coordinate with subprocessors to ensure data removal across systems.
We implement appropriate technical and organizational security measures to protect personal data, including:
We are pursuing SOC 2 Type II certification and support industry-specific compliance requirements (HIPAA, FINRA, PCI-DSS) through configurable deployment options.
No internet transmission or electronic storage is completely secure. While we strive to protect personal data, we cannot guarantee absolute security.
Our website uses cookies to operate and secure our Services.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly necessary | Authentication, session management, and security | Session-based |
We use only strictly necessary cookies to enable user authentication and maintain secure sessions through Supabase. These cookies are essential for the platform to function and do not require consent under applicable privacy laws.
We do not use analytics, marketing, or tracking cookies. You can manage cookie preferences through your browser settings, though disabling authentication cookies will prevent you from using authenticated features of the platform.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
For interview participants (client employees): Because your employer is the data controller for interview data, rights requests related to that data should be directed to your employer in the first instance. We will cooperate with your employer to fulfill such requests.
To exercise your rights as a website visitor or direct contact, email us at privacy@ideasparks.io.
We will respond to verified requests within 30 days (or as required by applicable law). We may request reasonable information to verify your identity before fulfilling a request. We will not discriminate against you for exercising your privacy rights.
Anso's AI interview platform uses voice synthesis technology provided by ElevenLabs. When employees participate in AI-conducted interviews, their voice recordings are processed to conduct and transcribe the conversation. This Voice Data — including characteristics of an individual's voice — may constitute biometric data under certain state and national laws, including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act, and similar legislation.
How we handle biometric data:
Consent: Where required by applicable biometric data laws, consent for the collection and processing of biometric data is obtained by the client organization (as data controller) from participating employees prior to interview participation. Anso provides clients with template consent language and supports compliance workflows.
Anso is based in the United States. Your data may be transferred to and processed in the following jurisdictions:
| Jurisdiction | Reason |
|---|---|
| United States | Anso platform hosting, Anthropic API processing, OpenAI API processing, ElevenLabs processing |
| Netherlands | ElevenLabs cloud infrastructure |
| Singapore | ElevenLabs cloud infrastructure |
For transfers from the EEA, UK, or Switzerland, we rely on:
For clients requiring data residency, we offer deployment options that keep data within specified geographic boundaries where feasible.
Anso's services are designed for enterprise use and are not directed at individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe we may have inadvertently processed such data, please contact us at privacy@ideasparks.io.
If you have questions about this Privacy Policy or our data practices:
Anso (Bright Idea Sparks, LLC)
Email: privacy@ideasparks.io
Address: 1259 El Camino Real, Unit #1492, Menlo Park, CA 94025
Website: tryanso.com
You may also have the right to lodge a complaint with a supervisory authority in your country of residence or place of work.
We may update this Privacy Policy from time to time. Material changes will be communicated via our website and, where appropriate, by direct notice to clients. The "Last Updated" date at the top reflects the most recent revision. Previous versions are available upon request.
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information.
To exercise California-specific rights, contact us at privacy@ideasparks.io. We will verify your identity before processing requests and will not discriminate against you for exercising your rights.
Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Utah, Oregon, Montana, and Texas) may have additional rights similar to those described in Section 10. To exercise state-specific rights, contact us at privacy@ideasparks.io.
Enterprise clients may request a Data Processing Addendum (DPA) that governs the processing of personal data under GDPR, CCPA, or other applicable frameworks. DPAs are available upon request and form part of the master services agreement. Our DPA includes standard contractual clauses for international data transfers and details on subprocessor management.
This privacy policy is provided for informational purposes and does not constitute legal advice. Anso recommends that organizations consult qualified legal counsel regarding data protection compliance.