Privacy Policy

• Account & profile data — your name, email address, a hashed password, and the workspace, role, and team you belong to.
• Content you create — the accounts, contacts, deals, tasks, notes, meetings, and other records you enter or import into your workspace.
• Prospect & contact data — business contact information about third parties (names, job titles, business email and phone, employer, and public professional profiles) that you import or that we enrich from third-party data providers, for business-to-business sales purposes.
• Connected accounts — when you connect an integration (such as HubSpot, Salesforce, Gmail, Slack, or Gong), we access data from that service according to the permissions you grant.
• Usage & device data — log data, IP address, browser type, and product-analytics events describing how you use the app.

• To provide, operate, and secure the service, and to authenticate you.
• To sync, organize, and enrich the records in your workspace.
• To generate AI-assisted research, drafts, plans, and recommendations.
• To analyze and improve the product, and to debug and prevent abuse.
• To send you transactional messages (invitations, password resets, and service notices).

Anchoruses AI models (including Anthropic’s Claude) to generate research summaries, email drafts, account plans, and chat responses based on the data in your workspace. Where the provider supports it, we request zero-data-retention so your prompts and outputs are not retained to train their models. AI output can be inaccurate or incomplete — you are responsible for reviewing it before acting on it.

We rely on the following service providers (subprocessors) to operate Anchor. Each processes data only as needed to provide its function:

• Supabase — database, authentication, and storage of your workspace data.
• Vercel — application hosting and delivery.
• Anthropic — AI processing.
• PostHog — product analytics.
• Sentry — error monitoring.
• Resend — transactional email delivery.
• Data enrichment providers — used to enrich business records: ZoomInfo, Apollo, People Data Labs, Clearbit, Wiza, BuiltWith, Sumble, Exa, and Gravatar.
• Integrations you connect — data flows according to the access you authorize: HubSpot, Salesforce, Google (Gmail and Calendar), Microsoft (Outlook), Slack, Gong, Granola, WordPress, and Glean.

• We do not sell your personal information.
• Within your workspace, your data is visible to other members of your organization according to their roles.
• With the service providers listed above, under contract and only to provide the service.
• When required by law, or as part of a merger, acquisition, or sale of assets (you will be notified of any change in ownership).

We retain your workspace data while your account is active and as needed to provide the service. You can delete individual records at any time. When you delete your account or workspace, we delete or de-identify the associated data within a reasonable period, subject to legal obligations and routine backup cycles.

Each workspace’s data is isolated by row-level security, access is governed by role-based permissions, integration credentials are encrypted at rest, and data is encrypted in transit (TLS). No method of storage or transmission is completely secure, but we work to protect your information using industry-standard safeguards.

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. Under the GDPR (EEA/UK) these include access, rectification, erasure, restriction, portability, and objection; under the CCPA (California) these include the right to know, to delete, and to opt out of the “sale” of personal information (we do not sell it). To exercise any of these rights, contact us at privacy@your-domain.com.

If you are a business contact whose information appears in a customer’s workspace, that customer is the controller of your data. Contact us and we will route your request to them.

Your information may be processed in the United States and other countries where our service providers operate. Where required, we rely on appropriate safeguards for these transfers.

Anchor is a workplace tool and is not directed to children. We do not knowingly collect personal information from anyone under 16.

We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, provide a more prominent notice.

Questions about this policy or your data? Reach us at privacy@your-domain.com.