Skip to content
hey annahey anna
Your data stays yours

Work with confidence.
Your data stays private.

Sensitive work deserves real protection. Here's exactly how I handle your data.

Three promises I keep.

Private by default

Your workspace stays private unless you choose to share.

Never used for training

Your data never trains AI models. Not mine, not the providers I use.

You control sharing

Reports stay private until you publish. Published links are random and secret.

Questions you're probably asking.

I'd ask them too. Here are straight answers.

Can anyone at hey anna see my data?

Your account and files are protected with authentication and access controls. Your workspace is private by default.

What happens when I ask Anna a question?

Anna reads your data directly to give accurate answers — that’s how she catches patterns a summary would miss. Your conversation is private to your workspace, and your data is never used for AI training.

What if I share a report?

A shared link shows the report you chose to publish. It does not open your private workspace or source file.

Where does my data actually live?

Encrypted cloud storage, tied to your account. Anna accesses your data when you ask a question — the same way a human analyst would open your spreadsheet. Nothing is shared outside your workspace, and nothing is used for training.

What I'll never do.

Some things are off the table. Period. No exceptions, no asterisks.

Sell or share your data with third parties
Use your data to train AI models
Expose your workspace unless you choose to share
Keep your data after you delete it

Here's what actually happens.

When you upload a file or ask me a question, this is the journey.

1

Upload

Your file goes to encrypted cloud storage tied to your account.

2

Analyze

Anna reads your data to answer accurately — the same way a human analyst would. Your data stays in your workspace and is never used for training.

3

Share (optional)

If you publish a report, it gets a random, secret link. You can unpublish anytime.

For your IT team.

The technical detail your security review needs.

Infrastructure

Edge compute

Application logic runs on Cloudflare Workers — distributed across 300+ data centers, no single origin server.

Data storage

Metadata in Cloudflare D1 (SQLite at edge). Files in Cloudflare R2 (S3-compatible object storage). All data encrypted at rest.

Analysis sandbox

Python runs client-side in a WebAssembly sandbox. Your data stays in the browser for computation.

AI processing

Questions are sent to the Anthropic Claude API for analysis. Anthropic does not train on API inputs per their commercial terms.

Authentication & Access Control

Passwords hashed with bcrypt
Short-lived JWT access tokens
Refresh tokens: httpOnly, secure, rotated, stored hashed
Rate-limited authentication endpoints
Schema-based input validation at every API boundary
Payload size and row-count limits enforced server-side

Published Reports

Sanitized and size-limited before storage
Random, unguessable IDs — not sequential
Stored separately from workspace data
Unpublish instantly — removal is immediate

Questions about our security posture? security@heyanna.studio

For a full walkthrough of our architecture, read Where Your Data Actually Goes

Ready to see what's in your data?

Your data stays private. Your analysis stays powerful.