Last updated: June 25, 2026
This Privacy Policy (the “Policy”) explains how Tzory Properties LLC (“Company,” “Anymark,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards personal information when you (“User,” “you,” or “your”) access or use our web-based application, related websites, mobile experiences, and any associated services (collectively, the “Service”). We are a limited liability company organized under the laws of the State of Ohio, United States.
By using the Service, you acknowledge you have read and understood this Policy. If you do not agree, please refrain from accessing or using the Service.
Data Controller. Tzory Properties LLC, 37939 Vine St, Willoughby, OH 44094, United States, is the data controller for personal data processed via the Service. Contact: hi@anymark.co.
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, Google OAuth ID | Create and secure your account |
| Business Details | Company description, industry, target audience | Generate name ideas, logos, and brand strategy outputs |
| Payment Information | Tokenized payment identifiers (full card data is processed by Stripe and never stored by us) | Process purchases, prevent fraud, comply with tax and accounting laws |
| Generated Assets | Logo files, selected names, brand playbooks | Store for future downloads and user reuse |
| Support & Feedback | Help-desk messages, survey responses | Troubleshoot and improve the Service |
We may also create aggregated and anonymized statistics about generated names and logos to improve our algorithms and methodologies. These data sets cannot identify you or your business and are not subject to this Policy.
We do not collect sensitive personal information (“SPI”) as that term is defined under the California Consumer Privacy Rights Act (“CPRA”), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, or comparable laws, except for account credentials and tokenized payment identifiers used to process transactions, which are handled by Stripe.
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide, maintain, and improve the Service | Performance of contract (Art. 6(1)(b)) |
| Process payments and detect fraud | Performance of contract; legitimate interests in fraud prevention (Art. 6(1)(f)) |
| Store your generated logos, names, and playbooks for future access | Performance of contract |
| Respond to inquiries and provide support | Performance of contract |
| Send service-related emails arising from your activity (e.g., when you generate a logo or start a project) | Performance of contract (Art. 6(1)(b)) |
| Conduct analytics to understand usage and improve the Service | Legitimate interests (Art. 6(1)(f)) |
| Improve automated logo / name suggestions and brand-strategy outputs (using aggregated and anonymized data) | Legitimate interests |
| Comply with legal obligations (tax, accounting, regulatory requests) | Legal obligation (Art. 6(1)(c)) |
| Send marketing, promotional, product-update, onboarding, or feature-update emails | Legitimate interests in promoting the Service to existing users where opt-out marketing is permitted (Art. 6(1)(f)); consent where required by law (Art. 6(1)(a)) |
| Deliver and measure marketing or retargeting ads | Consent (Art. 6(1)(a)) |
Service emails. We send transactional and service-related emails (account confirmations, password resets, receipts, file delivery, and notifications tied to specific actions you take in Anymark, such as generating a logo or starting a project) on the basis of contract performance. You cannot opt out of these without closing your account.
Marketing emails. We send marketing, promotional, product-update, onboarding, and feature-update emails about Anymark and similar services. Where your jurisdiction permits direct marketing to existing users on an opt-out basis (for example, the United States under the CAN-SPAM Act), we send these on the basis of our legitimate interest in promoting the Service, and you may opt out at any time using the “unsubscribe” link in every email or by contacting us (see Section 13). Where applicable law requires prior consent (including the EEA, the United Kingdom, and Canada), we send marketing emails only with your prior opt-in consent, which you may withdraw at any time. Opting out or withdrawing consent does not affect the lawfulness of processing carried out beforehand, and we honor such requests promptly. We comply with the CAN-SPAM Act (U.S.), the GDPR and PECR (EEA/UK), and CASL (Canada).
We do not sell or rent your personal information. We share data only as described below:
| Recipient | Purpose |
|---|---|
| Stripe, Inc. | Payment processing. We never store full card numbers or CVC codes. Stripe’s use of information is governed by its own privacy policy. |
| Supabase Inc. | Managed PostgreSQL database and object storage |
| Replit Inc. | Application hosting and execution |
| Google LLC | Authentication (Google Sign-In) and reCAPTCHA security |
| Anthropic, OpenAI, and similar AI providers | AI-assisted generation of logos, names, and brand-strategy outputs, where you submit prompts or business information |
| Unsplash Inc. (a Getty Images company) | Stock photography sourcing for the Brand Photos feature. Search queries and brand brief excerpts are transmitted to the Unsplash API to retrieve relevant photographs. Unsplash's use of data is governed by its own privacy policy at unsplash.com/privacy. |
| Analytics & ad partners | Google Analytics, Hotjar, Meta Pixel, X/Twitter Pixel, Reddit Pixel for site analytics, ad attribution, and cross-context behavioral advertising. For conversion measurement, a hashed version of your email along with event and device data (such as IP address) may also be shared server-to-server with Google (Enhanced Conversions), Meta (Conversions API), and X/Twitter (Conversions API) to match conversions. These technologies operate only after consent where required. |
| Service providers | Error logging, email delivery, customer-support tooling |
| Authorities or legal advisors | When required by law, valid legal process, or to protect rights, property, or safety |
| Successors in interest | In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and to this Policy |
All service providers are bound by contractual obligations to keep data confidential and to use it only for specified purposes. A current list of sub-processors is available on request at hi@anymark.co; we will provide reasonable advance notice of material changes where required by law.
Under the CPRA and similar state laws, the placement of third-party advertising pixels may constitute “sharing” for cross-context behavioral advertising. We provide a “Do Not Share My Personal Information” link in the footer of our site that allows you to opt out of such sharing. We also honor recognized opt-out preference signals such as the Global Privacy Control (GPC) for users we can identify as covered by applicable state law.
Personal data may be stored or processed in the United States or other jurisdictions. For transfers from the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and the UK Addendum or International Data Transfer Agreement (IDTA), as applicable. We conduct Transfer Impact Assessments (TIAs) where required and apply supplementary measures (such as encryption in transit and at rest, access controls, and contractual restrictions) where appropriate to address risks identified in such assessments. You may request a summary of the safeguards in place by contacting us at hi@anymark.co.
We retain personal information only as long as necessary for the purposes described in this Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. Indicative retention periods are:
| Data Type | Retention Period |
|---|---|
| Account data (profile, login) | Life of account + 30 days following deletion request |
| Generated logos, names, and brand playbooks | Life of account + 12 months, after which assets may be deleted unless required by law |
| Payment and transaction records | 7 years after the relevant transaction (tax, accounting, and audit obligations) |
| Marketing consent records | 3 years following withdrawal of consent (to evidence compliance) |
| Support tickets and correspondence | 24 months after closure |
| Server logs (security, debugging) | 12 months |
| Aggregated / anonymized data | Indefinite (no longer identifies you) |
If you request deletion, we will delete or anonymize your data within 30 days of verification of your identity, except where we are legally required (or permitted under applicable law) to retain it longer (for example, for tax records, fraud prevention, or pending legal claims).
We set analytics and advertising cookies only after you give explicit consent in our cookie banner where required by applicable law. You can withdraw or change consent at any time via “Cookie Settings” in the footer. Strictly necessary cookies (those required to deliver the Service you have requested) are set without consent.
We use cookies and similar technologies to:
We honor the Global Privacy Control (GPC) signal for users we can identify as covered by applicable state laws. Most browsers also offer a “Do Not Track” setting; because there is no consensus on how to interpret it, we do not currently respond to DNT signals beyond honoring GPC and our cookie-consent controls.
8.1 EEA / UK / Switzerland (GDPR / UK GDPR)
You may request access, rectification, erasure, restriction, portability, or object to processing of your personal data, and withdraw consent at any time. You also have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see Section 9). We will respond within 30 days (extendable by up to 60 days for complex requests, with notice). You may lodge a complaint with your local Data-Protection Authority; contact details are available at https://edpb.europa.eu/about-edpb/board/members_en or, for UK residents, with the Information Commissioner’s Office (ICO).
8.2 California Residents (CCPA / CPRA)
You may request to know, correct, delete, limit the use of sensitive personal information, or opt out of “sale” or “sharing” of your personal data. You may also designate an authorized agent to make a request on your behalf. We will respond within 45 days (extendable by an additional 45 days with notice). We will not deny goods or services, charge different prices, or provide a different level of quality if you exercise any CPRA rights. Categories of personal information we have collected, disclosed, or shared in the preceding 12 months are described in Section 1; we have not “sold” personal information for monetary consideration.
8.3 Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, and Other U.S. State Privacy Laws
If your state has enacted a comprehensive privacy law, you may exercise rights consistent with that law, including the right to access, correct, delete, port, and opt out of targeted advertising, sale, or profiling that produces legally or similarly significant effects. We will respond within the period required by your state’s law (generally 45 days). You may have the right to appeal a denial; appeals can be sent to hi@anymark.co.
8.4 Other Jurisdictions
We honor additional rights granted by applicable privacy laws (including, where applicable, Brazil’s LGPD, Canada’s PIPEDA, Australia’s Privacy Act, and Israel’s Privacy Protection Law).
To exercise these rights, please contact us (see Section 13). We may need to verify your identity before fulfilling a request.
Our tools generate logo, name, and brand-strategy suggestions automatically. These processes do not produce legal or similarly significant effects on you. You may request human review of any output by contacting hi@anymark.co. Where the EU AI Act, GDPR Article 22, or analogous laws require additional disclosures, those disclosures will be provided in-product or in this Policy.
We use industry-standard safeguards, including TLS in transit, encryption at rest, access controls, and logging. No system is 100% secure, and we cannot guarantee absolute security.
If we become aware of a personal-data breach likely to result in a risk to your rights and freedoms, we will (i) notify the applicable supervisory authority within 72 hours where required by law, and (ii) inform affected individuals without undue delay, as required by applicable law.
The Service is intended for users 18 years of age or older. We do not knowingly collect personal data from individuals under 16, and we do not knowingly create accounts for or process purchases from individuals under 18. If we become aware that we have collected personal data from a child in violation of applicable law, we will delete it promptly. Parents or guardians who believe their child has provided personal data may contact us at hi@anymark.co.
We may revise this Policy periodically. The updated version will have a new “Last updated” date. Material changes will be communicated via the Service or by email at least 14 days before they take effect, where required by law. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.
Our representative in the EEA pursuant to Article 27 GDPR is Labor Arti UG (haftungsbeschränkt), Mühlenstr. 8a, 14167 Berlin, Germany. Contact: gdpr@anymark.co (forwarded to our representative). EEA data subjects may contact our representative directly on any matter related to the processing of their personal data.
If we are required to designate a UK representative under the UK GDPR, contact details will be made available here. UK data subjects may, in any event, contact us directly at hi@anymark.co or lodge a complaint with the ICO.
If you have questions or would like to exercise your privacy rights, contact us:
Privacy Officer
Tzory Properties LLC
37939 Vine St
Willoughby, OH 44094
United States
Email: hi@anymark.co
EEA GDPR matters: gdpr@anymark.co