We take your privacy seriously, and we will only use your personal information to administer your account and provide the products and services you request from us.
(Note that “you” here means a person or company developing apps with Anvil. We refer separately to people who use the apps you build with Anvil, but we’re careful with their privacy too. You also have responsibilities to your users – see below.)
What information do we collect, and why?
When you sign up for Anvil (or our mailing list), we require an email address. This is used to identify your account and get in touch with you.
While you use Anvil, we collect data to record how you use the product. This includes pages you visit and actions you perform (such as creating, editing and running Anvil Apps). We do this in order to improve the product (for example, identifying where people get stuck), and to identify active and inactive accounts.
We record IP addresses of both you and the users of your app, to record the approximate (city-level) location of Anvil users so we can manage and scale our infrastructure, and to prevent abuse. We don’t record anything else about your app users.
When you open marketing emails, we track when you open them (if you have image loading enabled). We do this to see what is and isn’t interesting to our customers, and avoid spamming people with emails they’re not interested in. You can opt out of marketing emails at any time by clicking “Unsubscribe” at the bottom of any email from us.
We store your app itself: its source code, and the data stored in your data tables. When your app runs and produces log output, we store it so that you can access it via the App Logs interface.
To help us manage our systems, we keep diagnostic logs. These may incidentally include information like email addresses or what is happening in our systems (which could be used to work out what you were doing). We use these logs for managing and debugging our software and services, and we delete them after 90 days.
We also store backups of all this information (apart from the diagnostic logs), to help with disaster recovery.
You can choose not to provide this information (or to ask us to delete it), but without it we will not be able to provide you with the Anvil service.
Who do we share your information with?
We share your email address with our email provider (SendGrid), as part of sending email to you. If you use the live chat feature on the Anvil website, we send your email address and chat messages through our chat provider (Drift). We do use Google Analytics (on the Anvil website, not for visitors to your apps), but no personally identifying information is shared with them.
Who are we?
Anvil is a product from The Tuesday Project Ltd, a UK-registered company. Our company number is 09704308 and our registered address is 185 Green End Road, Cambridge, UK, CB4 1RJ. If you need to get in touch with us about privacy or data protection, please email firstname.lastname@example.org.
Your data protection rights
Under European data protection rules, you have the following rights. You can learn more about them from the UK Information Commissioner’s Office. To summarise:
Information - You should know what we’re collecting, and why. This page is about explaining this.
Access and Portability - You should be able to get a copy of data we hold about you, in a machine-readable format so you can move it to another service. We try hard to make it easy to download your apps and data from the Anvil editor. For any other enquiries, email email@example.com.
Rectification - If any information we hold about you is incorrect, you have the right to correct it.
Erasure or Restriction - Upon request, we will delete all information about you from our database for which we don’t have a good reason to keep using it (eg abuse prevention). For technical reasons, it’s infeasible to remove your information from our historical backups – instead, we’ll store the fact that you’ve requested erasure, and make sure to immediately delete that data if we ever need to restore those backups.
Objection - You can object to our keeping or processing your data.
Again, firstname.lastname@example.org is the place to send any of these requests.
Your responsibility to your users
You, however, might collect more. Whether you store this information in Anvil’s Data Tables, App Logs or with an external service, you need to comply with the appropriate data protection rules. As author of an app that collects personal data, you are the “data controller” under European data protection laws; we are a “data processor”. If you or your users are in the European Union, you are also responsible for providing the rights mentioned above to your own users.