Privacy Policy for Anvil
Last Updated: 18 November 2025
1. Introduction
Welcome to Anvil ("we," "our," or "us"). This Privacy Policy explains how we handle information when you use our mobile application ("App").
We are committed to protecting your privacy. This policy describes our practices regarding data collection, use, and disclosure.
2. Data Collection
Anvil collects the following types of data:
2.1 Personal Information
- Email Addresses: Collected when you sign in using Google Sign-In (OAuth). This is required for account creation and authentication. Your email is stored by Firebase Authentication and is used solely for account management purposes.
2.2 Usage Analytics
- App Activity Data: We collect anonymous usage analytics through PostHog, including:
- Screen views and navigation patterns
- Feature usage (button presses, interactions)
- Session duration and app lifecycle events
This data is anonymous and does not include personal information or the content of your reading insights.
2.3 Crash Reports
- Error Logs: We collect anonymous crash reports and error logs through Firebase Crashlytics to help us identify and fix bugs. These reports do not include personal information or user content.
2.4 User Content
- Reading Insights ("Ingots"): All reading insights, categories, and app preferences you create are stored locally on your device only. This content is never transmitted to our servers or third parties.
Important: Your reading insights and personal notes are stored exclusively on your device and are never transmitted over the internet or shared with third parties.
3. Account Creation
Anvil supports account creation through:
- OAuth (Google Sign-In): You can create an account by signing in with your Google account. This uses Firebase Authentication and requires your Google email address.
The app does not support traditional username/password authentication.
4. Data Storage
All data entered into Anvil is stored as follows:
- User Content (reading insights, categories, preferences): Stored locally on your device using Android's standard app-specific storage mechanisms. This data is never transmitted over the internet or stored on external servers.
- Email Address: Stored by Firebase Authentication (Google's service) for account management.
- Analytics Data: Stored by PostHog in anonymized form.
- Crash Reports: Stored by Firebase Crashlytics in anonymized form.
5. Data Sharing
Anvil shares data with the following third-party service providers:
5.1 PostHog Analytics
- Purpose: To understand app usage and improve the app experience
- Data Shared: Anonymous usage analytics (screen views, feature usage, session data)
- Personal Information: None
- User Content: None
- Privacy Policy: https://posthog.com/privacy
5.2 Firebase (Google)
When you export insights as PDF or share content via Android's native share sheet, you have complete control over what is shared and with whom. The app does not facilitate sharing through its own servers or services.
6. Data Security
6.1 Encryption in Transit
All data transmitted over the internet is encrypted in transit using HTTPS/TLS:
- PostHog Analytics uses HTTPS for all data transmission
- Firebase services use HTTPS by default
- All network traffic is encrypted
6.2 Data at Rest
User content stored locally on your device is protected by:
- Android's file system encryption
- Your device's security measures (screen lock, device encryption, etc.)
- App-specific storage directory (isolated from other apps)
7. Account and Data Deletion
How to Delete Your Account and Data
You can request deletion of your account and associated data in the following ways:
7.1 In-App Deletion (Recommended)
You can delete your account and all associated data directly from within the app:
- Open the Anvil app
- Go to Settings
- Scroll to the Account section
- Tap Delete Account
- Confirm the deletion (you will be asked to confirm twice)
What gets deleted:
- Your Firebase Authentication account (email)
- All local app data (reading insights, categories, preferences)
- Analytics user identity (reset in PostHog)
What may be retained:
- Anonymous analytics data in aggregated form (cannot be linked to you)
- Anonymized crash reports (cannot be linked to you)
7.2 Contact Us for Deletion
If you prefer, you can also request account deletion by contacting us at:
Please include your email address associated with the account in your request. We will process your deletion request within 30 days.
7.3 Alternative Methods
You can also delete all app data by:
- Uninstalling the app (this removes all local data from your device)
- Clearing app data from Android Settings → Apps → Anvil → Storage → Clear Data
Note: These methods will delete local data but may not delete your Firebase Authentication account. For complete account deletion, use the in-app deletion feature or contact us.
7.4 Partial Data Deletion
The app does not currently support partial data deletion (deleting some data while keeping your account). However, you can:
- Delete individual reading insights ("ingots") from within the app
- Delete categories (which removes associated insights)
For complete data deletion, you must delete your account.
8. Permissions
Anvil requires no special permissions. The app uses:
- Standard Android storage mechanisms for local data persistence (no permission required on Android 10+)
- Google Sign-In authentication (uses standard Android authentication flows)
If you choose to export insights as PDF or share content via Android's native share sheet, you have complete control over what is shared and with whom.
9. Children's Privacy
Anvil is suitable for users of all ages. We do not knowingly collect personal information from anyone, including children under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.
10. Your Rights
You have the following rights regarding your data:
- Access: You can access all your data through the app. Your reading insights are stored locally and accessible at any time.
- Deletion: You can delete your account and all associated data using the methods described in Section 7.
- Export: You can export your reading insights as PDF using the app's export feature.
- Correction: You can edit or delete individual insights and categories within the app.
11. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The "Last Updated" date at the top of this policy will reflect any changes.
We encourage you to review this policy periodically to stay informed about how we handle your information. Continued use of the app after changes to this policy constitutes acceptance of those changes.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
We will respond to your inquiry within 30 days.
13. Consent
By using Anvil, you consent to this Privacy Policy. If you do not agree with this policy, please do not use the app.
If you have already created an account and no longer agree with this policy, you can delete your account using the methods described in Section 7.
This privacy policy is effective as of 18 November 2025 and applies to all versions of the Anvil app.