Privacy Policy

To run the service we collect:

• Workspace metadata you provide — name, members, fiscal year, currency.
• Provider API keys for the connectors you enable, encrypted at rest with AES-256 before they reach the database.
• Routing traffic metadata — model requested, model routed to, token counts, decision, latency, cost.
• Financial documents you upload (bank statements, invoices) and the rows we parse from them.
• Standard product telemetry — sign-in events, page views, feature use.

We do not capture the content of your LLM requests or responses. The routing engine forwards prompts to your chosen provider unchanged and never logs the body — only the metadata above. Your prompts and the model's replies are not stored on ANVX servers.

All workspace data lives in Supabase Postgres with row-level security keyed to your workspace, so one workspace can never read another's rows. Provider credentials are AES-256 encrypted before insert; the decryption key never leaves the routing engine's environment. Backups are encrypted in transit and at rest. Files you upload are stored in Supabase Storage with the same workspace-scoped policies.

ANVX uses a small number of trusted vendors to deliver the product:

• Clerk — authentication and workspace membership.
• Stripe — billing and subscription management.
• Resend — transactional email (close pack delivery, alerts).
• PostHog — product analytics. Distinct IDs are scoped per user.
• Sentry — error tracking. Secrets and request bodies are scrubbed before send.
• Supabase — primary database and file storage.

You can delete your workspace at any time from Settings. When you do, we permanently remove all associated data — provider keys, usage records, uploaded documents, and parsed transactions — within 30 days. Backups age out and are overwritten on a 30-day cycle.

Questions, takedown requests, or data-export requests: privacy@anvx.io.