Privacy Policy for Anytype App
We, Any Association (“Any Association” or “we”), believe that privacy is a fundamental human right. We respect your privacy and are committed to protecting it through our compliance with this policy.
This policy describes:
- The types of information we may collect or that you may provide when you download, install, register with, access, or use Anytype app on your mobile device or desktop (the “App”).
- Our practices for collecting, using, protecting, and disclosing that information.
This policy does not apply to information that we collect on our website. To read our website privacy statement, please visit https://anytype.io/website_privacy
Any Association is the data controller in respect of your personal information in accordance with applicable laws. If you want to contact us directly, you can find our contact details in the Section “Contact Us” below.
Contents:
- Summary
- 1. What We Collect and How We Collect It
- 2. How We Use Your Information
- 3. Disclosure of Your Information
- 4. Your Rights
- 5. Security of Your Information
- 6. Where We Store Your Information
- 7. How Long We Store Your Information
- 8. Children’s Privacy
- 9. Changes
- 10. Contact Us
Summary
- Our principle is to collect minimum personal information.
- We do not sell your information. We do not share your information with third parties for them to market or advertise their products to you.
- There is no code or tracking from Google in the App.
- We use anonymized analytics to improve the App.
- Any content created by you within the App is encrypted by the key generated on your device. We do not have any technical ability to read your content.
1. What We Collect and How We Collect It
A. Information You Provide to Us
- Personal Profile: when you create an account, you will be asked to provide your username (so-called “Soul”). Once registered, you will be assigned a unique identifier known as Anytype ID which consists of a string of numbers and letters that cannot personally identify you. The Anytype ID is a digital representation of the public key created locally on your device. It enables us to recognize your account without disclosing any personally identifiable information.
- Uploaded Content: any content you create in the App is protected by a private encryption key generated on your device, also known as your Recovery Phrase. Your Recovery Phrase is generated locally on your device at the time of account creation, and is not stored anywhere on our servers. When your data is stored on our backup nodes (“Anysync Nodes”), your data is E2E encrypted and we do not have the technical ability to read any content stored there.
- Your Communications with Us: if you contact us for troubleshooting, support or with request of information or feedback we may collect your Anytype ID and information you choose to provide to allow us to assist you (for example, your email if you would like to receive a reply from us) and information in relation to your request.
- Surveys: our App may ask you to participate in the surveys. Information we collect from you varies depending on the survey, but we typically ask your opinion about our product and services. Surveys in our App are anonymized - we do not link them with your Anytype ID.
- Blogs and Forums: our App provides a link to our community forum, community.anytype.io. Any information you include in a comment on our forum may be read, collected, and used by anyone. If your personal information appears in our community and you want it removed, please contact us at support@anytype.io.
B. Automatic Information Collection
Our App does not collect real-time information about the location of your device. Neither does the App use cookies. As of June 2023, the data described below is stored on our Anysync Nodes. Future versions of the App will permit self-hosting, in which case none of the below data will be stored on Anysync Nodes.
- Usage Details: when you access and use the App, we may automatically collect certain details of your access to and use of the App, including logs and event information related to account & device activation date, and how and when you use our App.
- Device Information: we may collect information about your device, including the device model, family, memory size, operating system name and version. We may also store your IP address for 7 days after account creation to protect our Anysync Nodes from massive registrations and abuse. Please note that this is necessary to maintain the reliability of our services and not for any other purpose.
- Anytype ID and Device ID (public cryptographic keys): We use this information to confirm that the user's data has not been compromised by other users. These IDs also enable us to recognize the user's account and device without disclosing any personally identifiable information and cryptographically validate that requests were initiated by the user.
- Anytype Object IDs: This allows us to remove all of your Objects (and the data therein) when you request us to do so.
We do not sell your information. We do not share your information with third parties for them to market or advertise their products to you.
We use information that we collect from you to:
- Provide you with the App and its contents, and any other information or services that you request from us.
- Provide you with support and to respond to your requests or complaints.
- To improve the security of and troubleshoot the App.
- Conduct analytics to analyze the use of, and any other interaction or interest in our App.
- Conduct surveys because they help us improve the App.
- To enforce this policy, deter against fraudulent, unauthorized or illegal activity, to resolve disputes.
- For other purposes, for which we obtain your consent.
Our legal grounds for processing your information are as follows:
- Performance of a contract: we use personal data to provide the App to you and thus carry out our obligations under the terms and conditions of the App (e.g. create an account, provide the App in accordance with the description under the terms and conditions).
- Legitimate interests: we handle your personal data to pursue our legitimate business interests provided that your rights and freedoms do not override those interests (e.g. to detect, prevent or otherwise address fraud or security issues in respect of our App; to ensure that our App is safe and secure and used in line with our terms of use).
- Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent.
- Legal compliance: We need to use and disclose personal data to the extent we are required by applicable law.
We may disclose information that we collect or you provide as described in this policy:
- To our affiliates, contractors, service providers we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them and as noted in this policy.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request. We will reply to such requests to the extent we are required by law. If we receive such a request, we will make a reasonable effort to inform you, unless we are legally prevented from doing so. Please note that it is not possible for us to decrypt your encrypted content, no matter who asks for it, as decryption keys are stored on your device.
- For any other purpose with your consent.
Service Providers
We use the following service providers:
- Amplitude Analytics
- Purpose: deliver behavioral and app usage data.
- Opt-out possible: NO
- Information collected: anonymized analytics ID, usage behavior such as: session length, number of sessions, number of Objects, blocks, etc. To secure the privacy of your information, we use a proxy server when interfacing with Amplitude. This ensures that your IP address is not exposed to third parties during the data processing or analytics process, thus further safeguarding your personal information.
- Data processing location: United States
- For more information please refer to Amplitude Privacy Policy
- Sentry
- Purpose: deliver data on crashes and bugs
- Opt-out possible: No
- Information collected: device model, operating system name, anonymized analytics ID
- Data processing location: self-hosted by us in the European Union
- For more information please refer to Sentry Privacy Policy
4. Your Rights
You are entitled to:
- Know what information about you is collected, used, shared and sold (Again: we do not sell your information)
- Access this information in its entirety
- Request erasure or rectification of this data
- Be notified regarding rectification, erasure, or restriction of processing of your personal information
- Request to restrict how and why your personal information is used or processed and for what purpose
- Receive the personal information we hold about you and transmit it to another party
- Not to be subject to a decision based solely on automated processing, including profiling (Although note that we do not use automated processing, including profiling)
- Object to or complain about, the collection and handling of your personal information
- Lodge a complaint with your local supervisory authority
To exercise these rights, please contact us at support@anytype.io.
We have implemented measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure. The safety and security of your information also depends on you. Only you have the encryption keys. No one at Any Association can decrypt your encrypted data. So if you lose your Recovery Phrase, we cannot restore your access.
Anytype may contain some non-encrypted part of data on your disk. We have a prerequisite that the user’s machine is non-compromised and trusted. Basically, if a device is compromised, there are plenty of attack vectors, including RAM scanning and passphrase keylogging. We recommend that you encrypt your data on your disk.
IF YOU BELIEVE YOUR PRIVACY HAS BEEN BREACHED THROUGH USE OF OUR SERVICES PLEASE CONTACT US IMMEDIATELY AT support@anytype.io.
We maintain our Anysync Nodes in Switzerland. However, personal data collected by us may be stored and processed in any other country where we or our service providers operate facilities, including the United States. We will use appropriate safeguards for transferring data outside of the European Union. This includes signing Standard Contractual Clauses that govern the transfers of such data, which may be used in conjunction with additional safeguards. For more information about these transfer mechanisms, please contact us at support@anytype.io.
We store your information for as long as you use our App. In our App, we also give you the option to delete your encrypted data from your account and bin. Please note that we do not retain any of your data after such deletion. So, this data will no longer be accessible through the App and will be deleted from our Anysync Nodes.
8. Children’s Privacy
The App is not intended for children under 13 years of age (or other age as required by local law), and we do not knowingly collect personal information from children under 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child, please contact us at support@anytype.io.
9. Changes
We may update this privacy policy as necessary to comply with relevant regulations and to reflect any new practices. In case of doing so, a notice may be posted on this page along with the updated privacy policy prior to the change becoming effective. We will keep previous versions accessible to you.
Do you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please contact us at the below address and we will be happy to answer:
- Any Association
- Address:
- c/o Sielva Management AG
- Gubelstraße 11
- CH - 6300 Zug
- Switzerland
- Email: support@anytype.io
The designated representative of Any Association in the European Union (for the purpose of art. 27 GDPR) is Anylab Gmbh, Meinekestraße 27, Berlin, 10719, Deutschland, email: anylab@anytype.io