Privacy Policy

Last updated

Who we are

Anchor is cloud infrastructure for AI agents, operated by Anchor Technologies, Inc. ("Anchor", "we", "us"), a Delaware corporation, at anchor.cc. AI agents use Anchor to create, host, and manage apps, online tools, tables, and files on behalf of users. This Privacy Policy explains what personal data we collect when you use Anchor, how we use it, who we share it with, how long we keep it, and the rights and choices available to you.

When we say "you" we mean the person using Anchor, whether as an individual or on behalf of an organization. When we say "your content" we mean the apps, online tools, tables, files, and metadata you or your AI agent create or upload to Anchor.

Our registered address is shown in the footer of this page. You can reach our privacy team at privacy@anchor.cc.

Who interacts with Anchor

Everyone who interacts with content in Anchor is a signed-in Anchor account holder. We do not support anonymous visitors, public link-based access for non-users, or unauthenticated browsing of hosted apps, tables, or files. There are three ways someone appears in Anchor:

  • Account holders — people who have signed in with a supported identity provider and have an active Anchor account.
  • Invited collaborators — people invited by email to a folder or file. They must create an Anchor account before they can access anything; until they do, we retain only the invitation (email address, inviter, scope, timestamp).
  • Organization members — account holders who belong to an organization. Membership is administrative and does not by itself grant access to any content.

Because every interaction with content is authenticated, each access is attributable to a specific Anchor account.

What information we collect

We collect only what we need to provide the Service, grouped into five categories.

Account information

When you sign in with a supported identity provider (currently Google), we receive your email address, name, profile picture URL, and a stable user identifier. We use this to create and authenticate your Anchor account and to identify you to organizations and collaborators.

Content you or your agent creates

We store the items that you or your AI agent create in Anchor:

  • Apps and online tools hosted at anchor.cc/app/<appID>.
  • Tables (structured, spreadsheet-like data) at anchor.cc/table/<tableID>.
  • Files of any type — PDFs, documents, images, audio, video, markdown, CSVs, and more — at anchor.cc/file/<fileID>.
  • Metadata around those items: folder structure, titles, timestamps, owners, sharing permissions, and version history.

We store your content encrypted and serve it only to accounts you have explicitly authorized. We do not inspect or analyze the contents of your files, tables, or apps except as strictly necessary to operate the Service (for example, serving an HTTP response to an authorized user) or as described under Security below.

AI agent connection data

When you connect an AI agent (Claude, ChatGPT, Gemini, Grok, Codex, or any MCP-compatible agent), we record the information needed to authorize that agent and keep an audit trail:

  • The registered client identifier and redirect URIs supplied by the agent client.
  • OAuth authorization codes, access tokens, and refresh tokens. Tokens are stored hashed where possible and transmitted only over TLS.
  • The scope of access you granted and the timestamp of each grant or revocation.
  • Each tool invocation the agent performs against your account — tool name, input parameters, response size, outcome, and timestamp — so you have an audit trail of actions taken on your content.

Usage and device data

We collect standard server logs when you visit anchor.cc, access a shared Anchor item, or connect an agent: IP address, user-agent string, referring URL, request paths, response codes, and timestamps. We use these for security, abuse prevention, debugging, and capacity planning.

Cookies and similar technologies

We use a small number of cookies and comparable storage mechanisms:

  • Session cookie — a first-party, HttpOnly, Secure, SameSite=Lax cookie that keeps you signed in to anchor.cc. Required for the Service to function.
  • Product analytics and error monitoring — we use PostHog to understand how anchor.cc is used, measure feature adoption, and investigate errors. PostHog is configured to avoid collecting the contents of your files, tables, or apps and to respect Do Not Track signals where applicable.

We do not use third-party advertising cookies and we do not participate in cross-context behavioral advertising.

How we use your information

We use the information above to:

  • Provide the Service — authenticate you, host your apps and online tools, store your tables and files, and route requests to the correct items.
  • Execute the actions your AI agent requests on your behalf, within the scope you have granted.
  • Enforce sharing and permissions at the org, folder, and file levels (owner, contributor, consumer).
  • Keep the Service secure — detect abuse, fraud, and attacks, and meet our legal obligations.
  • Improve the product — diagnose bugs, understand performance, and plan new features.
  • Communicate with you — respond to support requests and send important service notices.

We do not use your content to train third-party AI models, we do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful bases under Article 6 of the GDPR and equivalent laws:

  • Performance of a contract — to provide the Service you requested, including account creation, storing your content, executing agent-initiated operations, and enabling sharing.
  • Legitimate interests — to keep the Service secure, prevent fraud and abuse, improve the product, and communicate with you about material changes. We have balanced these interests against your rights.
  • Legal obligation — to comply with tax, accounting, security, and other applicable laws.
  • Consent — where we specifically ask for it (for example, optional marketing emails). You can withdraw consent at any time.

AI agents and your data

Anchor is the storage and hosting layer — not the AI agent itself. The agent you connect (Claude, ChatGPT, Gemini, Grok, Codex, or any MCP-compatible agent) is provided by a third party and is subject to that provider's terms and privacy policy. When you give an agent access to Anchor, it can read, create, modify, and delete content in Anchor within the scope you have authorized.

Practical consequences:

  • Agents act as you. Anything an agent does in Anchor under your authorization is attributable to you.
  • Agent providers see what the agent reads. When you prompt an agent to work with content in Anchor, the tool's response (including file contents, table rows, or app source) is returned to the agent and therefore to the agent provider as part of the agent's context. Anchor cannot control what the agent provider does with that data once it leaves our systems — it is governed by the agent provider's own privacy policy (for example, Anthropic, OpenAI, Google, or xAI).
  • Revoking access is in your hands. Because Anchor is accessed only over MCP, you revoke an agent's connection from the agent's own connector or integrations settings — for example, disconnecting the Anchor connector from Claude, ChatGPT, or Gemini. We immediately invalidate the associated access and refresh tokens, and the agent can no longer call Anchor on your behalf.
  • Audit trail. Anchor records every agent-initiated operation on your content so you can review what has been done.

Sharing and collaboration

Anchor has a granular, explicit sharing model. Access is never inferred — it is always granted to a specific Anchor account.

Organizations

An organization is the top-level boundary — your team, company, or any group that works together. Each org has an owner, managers, and members. Organization membership is administrative only; it does not automatically grant access to any content.

Folders and files

All content lives inside folders. Every folder and every file has its own permissions with three roles: owner (full control), contributor (can view, edit, and invite others), and consumer (view only). Folder permissions flow down to subfolders and files — the highest access level wins — and organization membership does not propagate down.

Who can see your content

Only signed-in Anchor account holders you have explicitly granted access to can see a given folder or file — including hosted apps and online tools. If you invite someone by email who does not yet have an Anchor account, we retain the invitation (email address, inviter, scope, timestamp) until it is accepted or revoked. Content that is shared with you from outside your organizations appears in a single "Shared with me" view, consolidated to the highest-level entry point.

Subprocessors and third-party services

We rely on a small, vetted set of subprocessors to run the Service. Each is contractually bound to appropriate confidentiality, security, and data-protection obligations, and each is used only for the purposes described below.

Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure
Cloud hosting, compute, and object storage for Anchor's infrastructure and your content. Data is processed primarily in the United States.
Google LLC
Identity provider for Google OAuth sign-in. Google receives only the minimum information required to authenticate you.
Anthropic, OpenAI, Google, xAI, and other AI model providers
When you connect an AI agent, the provider of that agent receives the data your agent requests from Anchor as part of the agent's context. These providers act under their own terms and are not acting on Anchor's behalf; Anchor does not control what they do with that data.
PostHog, Inc.
Product analytics and error monitoring for anchor.cc. Configured to avoid collecting the contents of your files, tables, or apps.
Payment processors
For paid plans, a PCI-DSS-compliant payment processor handles your payment details. Anchor does not store full card numbers.

Business customers may request our current subprocessor list and our Data Processing Addendum by writing to privacy@anchor.cc. We will give advance notice of material changes to our subprocessors so that you can object where applicable.

Storage, retention, and deletion

We keep personal data only for as long as we need it. Representative retention periods:

  • Your content — retained while your account or organization is active. When you delete an app, table, or file, it enters a 30-day soft-deletion window during which it can be restored. After 30 days it is permanently deleted from primary storage.
  • Backups — encrypted backups are rotated out of our systems within 90 days, after which deleted content no longer exists in any backup.
  • Account closure — when you close your account or an organization is deleted, we delete account data and owned content within 30 days, with up to a further 60 days to purge backups.
  • Access logs — up to 90 days.
  • Audit trails and security logs — up to 12 months.
  • Invoices and transaction records — kept as required by tax and accounting law, typically 7 years.
  • Invitations to non-users — kept until accepted, revoked, or expired (90 days).

Where longer retention is required by law or necessary to resolve disputes, protect our rights, or enforce our agreements, we will retain the minimum necessary for that purpose.

Security

We design Anchor around the following practices:

  • Encryption in transit using TLS 1.2 or higher for every connection to Anchor, including all MCP traffic.
  • Encryption at rest for databases, object storage, and backups using AES-256 or stronger.
  • Tenant isolation — every query and storage access is scoped by organization and user, enforced in a central authorization service shared by the web app and the MCP server.
  • Least-privilege access for employees, with multi-factor authentication, audit logging, and periodic access reviews.
  • OAuth 2.0 with PKCE for all MCP client connections, short-lived access tokens, and rotating refresh tokens.
  • Continuous monitoring for abuse, anomalous activity, and vulnerabilities, plus regular patching of dependencies and infrastructure.
  • Incident response. We maintain a documented incident response plan. If we confirm a personal data breach that is likely to result in a risk to your rights, we will notify affected users and applicable regulators without undue delay and, where feasible, within 72 hours, in accordance with GDPR Article 33 and similar laws.

No system is perfectly secure, but we work hard to make Anchor trustworthy infrastructure for your most important work. Report suspected vulnerabilities to security@anchor.cc.

Automated decision-making

Anchor does not make automated decisions that produce legal or similarly significant effects about you. AI agents that you connect to Anchor may generate content or perform actions on your behalf, but the decision to connect an agent and the scope you grant are under your direct control, and you can revoke that control at any time.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. You can exercise most of these rights directly from your Anchor account — review and edit your profile, export or delete your content, and close your account. For anything you cannot do in the product, email privacy@anchor.cc. We respond within the timeframes required by applicable law (generally within 30 days).

To revoke an AI agent's access, disconnect the Anchor connector from the agent's own settings — Anchor immediately invalidates the tokens issued to the revoked agent.

Rights of residents in the EEA, UK, and Switzerland

If you are a resident of the EEA, the United Kingdom, or Switzerland, you have the following rights under the GDPR or equivalent law, subject to applicable conditions and exceptions:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data.
  • Restriction — limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent.
  • Complain — lodge a complaint with your local supervisory authority.

The data controller for your personal data is Anchor Technologies, Inc. We have not appointed an EU or UK representative at this time; contact privacy@anchor.cc for any GDPR-related request.

Rights of California residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the rights below. We do not sell personal information as defined by the CCPA, and we do not share personal information for cross-context behavioral advertising. We do not knowingly collect or sell the personal information of minors under 16.

  • Right to know — the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete — request that we delete personal information we have collected from you.
  • Right to correct — inaccurate personal information we maintain about you.
  • Right to opt out of sales or sharing — not applicable, as we do neither.
  • Right to limit the use of sensitive personal information — we do not use sensitive personal information for any purpose requiring this disclosure.
  • Right to non-discrimination — we will not discriminate against you for exercising your rights.

Categories of personal information we collect: identifiers (name, email, user ID), internet or network activity (logs, device information), commercial information (for paid plans), and professional information (if you use Anchor for work). We collect these from you directly, from your identity provider, and from the AI agents you authorize. We share these categories only with the subprocessors listed above and only for the purposes described in this policy.

To exercise these rights, email privacy@anchor.cc. We may ask for information reasonably necessary to verify your identity before responding. You may also designate an authorized agent to act on your behalf.

International data transfers

Anchor is operated from the United States. If you are outside the United States, your personal data will be transferred to, and processed in, the United States and potentially other countries where our subprocessors operate. For transfers out of the EEA, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum, where applicable) with our subprocessors, and we supplement them with technical and organizational measures such as encryption in transit and at rest.

Children's privacy

Anchor is not directed to children under 13 (or the higher age required by your jurisdiction — for example, 16 in parts of the EEA), and we do not knowingly collect personal information from them. If you believe a child has provided personal information to Anchor, please contact privacy@anchor.cc and we will delete it.

Data Processing Addendum for business customers

If you use Anchor on behalf of an organization and process personal data of your employees, customers, or end users inside Anchor, you are typically the data controller and Anchor is the data processor. We offer a Data Processing Addendum (DPA) incorporating the EU Standard Contractual Clauses and UK Addendum where applicable. Request a copy at legal@anchor.cc.

Changes to this policy

We may update this Privacy Policy as Anchor evolves. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the product or by email at least 14 days before the changes take effect. Continued use of Anchor after a change means you accept the updated policy.

Contact us

Privacy questions: privacy@anchor.cc. Security issues: security@anchor.cc. General inquiries: hello@anchor.cc. You can also write to us at the address in the footer of this page.