Privacy Policy

Introduction

AnieLab ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at anielab.app (the "Platform").

By using the Platform, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please do not use our services.

Information We Collect

Account Information

When you create an account, we collect: - Email address - Display name (optional) - Password (hashed using argon2id — we never store plain-text passwords) - Passkey credentials (public key only) if you choose to use passkey authentication

Profile Information

You may optionally provide: - Avatar image - Biography - Social media links - Portfolio or project samples

Project & Content Data

We store the content you create, upload, or collaborate on, including: - Project files, assets, and descriptions - Comments and communications - Task assignments and team memberships

Authentication Data

When you use authentication features, we collect: - Two-factor authentication (2FA) configuration - Recovery codes (stored as hashes) - Login attempt records (for security monitoring) - Session activity logs - OAuth provider information (if you sign in with Google)

Technical Data

We automatically collect: - IP address - Browser type and version - Device information - Pages visited and interactions - Time and date of visits - Referring website addresses

How We Use Your Information

We use the collected information to:

  • Operate, maintain, and improve the Platform
  • Process your account registration and authentication
  • Send transactional emails (verification codes, password resets, security alerts)
  • Enable collaboration features between users
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Communicate with you about platform updates and changes

We do NOT: - Sell your personal information to third parties - Use your content for advertising purposes - Share your data with data brokers

Data Storage & Security

We implement industry-standard security measures to protect your data:

  • Passwords are hashed using argon2id with salt
  • Session tokens are encrypted
  • Data is transmitted over HTTPS
  • Database connections are restricted to authorized services
  • Access logs are monitored for suspicious activity

Your data is stored on our secure servers. File assets may be stored on Backblaze B2 and delivered via BunnyCDN. Email services are handled by Brevo (formerly Sendinblue).

Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your data enters a 30-day grace period during which you can restore your account
  • After 30 days, we permanently delete your personal data and project files
  • Content you contributed to shared projects may remain accessible to other team members after deletion
  • Login attempt records are retained for 90 days for security analysis

We may retain certain data as required by law or for legitimate business purposes.

Third-Party Services

We use the following third-party services:

  • Brevo (Sendinblue) — Transactional email delivery
  • Backblaze B2 — File storage
  • BunnyCDN — Content delivery network
  • Google OAuth — Optional sign-in integration
  • Meilisearch — Search functionality
  • MinIO — Development file storage
  • PostgreSQL — Database
  • Redis — Session and cache management

Each service provider has its own privacy policy governing the use of your data. We select providers who maintain strong privacy and security standards.

Cookies & Tracking

We use essential cookies for:

  • Authentication and session management
  • CSRF protection
  • Theme preference (dark/light mode)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can control cookie settings through your browser preferences. Disabling essential cookies may affect platform functionality.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Restrict or object to processing of your data
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@anielab.app or use the Settings page to manage your data.

Children's Privacy

The Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal data, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or through the Platform. Changes take effect immediately upon posting. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

The most current version of this policy will always be available on this page.

Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@anielab.app Platform: https://anielab.app

We will respond to your inquiry within 30 days.

2026 © AnieLab