Anya

Anya — Privacy Policy

Last updated: March 29, 2026

1. What Anya Does

Anya is an AI-powered app that lets you create fully functional mini apps (Anyapps) simply by describing what you want in a conversation. All code is generated by AI — users do not write or edit code directly. You can use Anya for free with a generous quota, or bring your own API key for unlimited usage.

2. Our Commitment to Your Privacy

We designed Anya with privacy at its core. All sensitive information is encrypted at rest using industry-standard AES-256-GCM encryption. All communication between your device and our servers is protected with HTTPS/TLS. We do not sell, share, or monetize your data in any way.

3. Information We Collect

3.1 Account Information

• Email Address — if you create an account with email. Used for login, password reset, and email verification. Your password is hashed with bcrypt and never stored in plain text.
• Google or Apple Sign-In — if you choose to sign in with Google or Apple, we receive a unique identifier and email from the provider. We do not receive or store your Google or Apple password.
• Device Identifier — if you use the free mode without creating an account, a random device identifier is generated and stored locally on your device to associate your data. This is not a hardware identifier and cannot be used to track you across apps.
• Display Name & Avatar — optionally provided for your profile and community features.

3.2 API Keys

• LLM API Keys — if you add your own API key (Anthropic, Together AI, or a custom provider), it is encrypted at rest (AES-256-GCM) and used solely to make AI requests on your behalf. Keys are looked up by cryptographic hash, never stored or logged in plain text, and never shared with any third party.
• Third-Party API Keys — if you add API keys for agent skills (e.g. Brave Search), they are encrypted at rest (AES-256-GCM) and used exclusively to run the tools you configure.

3.3 Your Anyapps

• App Data — the Anyapps you create (source code, app data, and conversation history) are stored securely on our server so your work is preserved across sessions. Only you can access your Anyapps.
• Build Logs — when an Anyapp is built, a snapshot of the generated files is stored for version history and debugging. Build logs are stored in a private repository and are not publicly accessible.
• Scheduled Tasks — if your Anyapp uses background tasks or notifications, task configurations are stored on our server to execute on your behalf.

3.4 Usage Data

• Token Usage — we track how many AI tokens are used per request to enforce free tier quotas and display usage information. This includes the model used and token counts, but not the content of your messages.
• App Events — we log basic app lifecycle events (app created, opened, closed, build started, build completed) to understand usage patterns and improve the service. No message content or personal data is included in these events.

3.5 Device Information

• Push Notification Token — if you enable notifications, your Apple device token is stored solely to deliver alerts from your scheduled tasks. This token cannot be used to identify you personally and is used only for delivering the notifications you configure.

3.6 Optional Integrations

• OAuth Tokens — if you connect services like Google (Gmail, Calendar, etc.), tokens are encrypted at rest and used only for the features you explicitly enable. You can disconnect at any time.

4. Device Permissions

Anyapps you create may request access to device features. Each requires your explicit permission through standard iOS prompts:

• Location — only when an Anyapp requests it (e.g. a weather app). Location data is processed in real time and is not stored on our servers.
• Camera & Photo Library — only when an Anyapp requests it (e.g. a photo editor). Images are processed locally unless the Anyapp explicitly uploads them.

No device permissions are granted without your explicit consent. You can revoke permissions at any time in iOS Settings.

5. AI Data Processing

When you chat with Anya to create or modify Anyapps, the following data is sent to a third-party AI service:

• Your chat messages and prompts — sent each time you send a message
• App source code — sent when building or updating an Anyapp
• Conversation history — sent to provide context for AI responses

Who receives your data:

• Anthropic (Claude models: Sonnet, Haiku, Opus) — if you select a Claude model. See Anthropic's Privacy Policy.
• Together AI (Qwen and other open-source models) — if you select a non-Claude model. See Together AI's Privacy Policy.
• Custom Provider — if you configure a custom API provider, your data is sent to the base URL you specify. You are responsible for reviewing that provider's privacy practices.

Only one provider receives your data for any given request, determined by which model you have selected. Your data is never sent to multiple AI providers simultaneously.

• Neither Anthropic nor Together AI use API inputs for model training.
• You provide explicit consent for AI data sharing when you first use the app. You must accept this consent before any data is sent.
• Free mode users' requests are made using our platform API keys. The same privacy protections apply.

6. Advertising

Free mode users may optionally watch rewarded video ads to earn additional tokens. Ads are served by Google AdMob. When you watch an ad:

• Google may collect device information and advertising identifiers as described in Google's Privacy Policy.
• Ad viewing is entirely optional — you are never required to watch ads to use the app.
• We do not share any of your personal data, Anyapp data, or conversation content with Google AdMob.

7. Community Features

If you choose to publish Anyapps to the community:

• Your display name, avatar, and Anyapp content become visible to other users.
• You can unpublish your Anyapps at any time.
• Users can report inappropriate content.
• We review reported content and may remove Anyapps that violate our guidelines.

8. Information We Do NOT Collect

• No hardware device identifiers or fingerprinting
• No behavioral tracking or profiling across other apps
• No data is sold, shared with, or disclosed to any third party for advertising or marketing purposes

9. Third-Party Services

Anya integrates with the following third-party services. Each provider maintains their own privacy policy and provides protections for your data as described in their respective policies:

• Anthropic (Claude) — AI model provider. Your conversations and prompts are sent to generate AI responses. Anthropic does not use API inputs for model training. Privacy Policy
• Together AI (Qwen) — AI model provider. Your conversations and prompts are sent to generate AI responses. Together AI does not use API inputs for model training. Privacy Policy
• Google AdMob — optional rewarded ads for free users. Privacy Policy
• Google Sign-In — optional sign-in method. Privacy Policy
• Apple Sign-In — optional sign-in method. Privacy Policy
• Google Maps — location and mapping features within Anyapps. Privacy Policy
• Google OAuth — only if you connect Google services (Gmail, Calendar, etc.). Tokens are encrypted and used solely for features you enable. You can revoke access from your Google account settings.

10. Data Retention & Deletion

Your data is retained only while you actively use the app. You have full control:

• Delete an Anyapp — long-press any Anyapp on the home screen to delete it and all its associated data.
• Delete your account — go to Settings > Account > Delete Account to permanently remove your account and all associated data from our servers. This action is immediate and cannot be undone.

11. Security

• All sensitive data encrypted at rest with AES-256-GCM
• All network communication encrypted with HTTPS/TLS
• Passwords hashed with bcrypt (12 rounds)
• No plain-text storage of keys, tokens, or passwords
• Per-user data isolation — users cannot access each other's data
• Per-user isolated execution environments for app builds
• API keys looked up by cryptographic hash, never by the key itself
• Rate limiting on authentication endpoints

12. Children's Privacy

Anya is not directed at children under 13. We do not knowingly collect information from children. If you believe a child has provided us with data, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the app or on this page. Continued use of Anya after changes constitutes acceptance of the updated policy.

14. Contact

Questions or concerns about your privacy? Contact us at [email protected] or visit our support page.