Requesting Privacy Policy + more info on data security

First off, phenomenal app! Thank you to the Anytype team for all of their efforts! Same to the amazing test user group submitting bug reports and feature requests. I love the look and feel of Anytype and have found it super useful!

Anytype is supposed to be offline first, with data privacy at the core of its application. I think we all agree that this is exactly what we wish there was more of on the market. To me, data privacy means anything I choose to put into Anytype can be seen by only me. Not by Anytype, not by anyone else.

The more I use Anytype, the more my concern around data privacy in such a new app starts to nag at me. Specifically:

  • Currently, Anytype syncs 100% of user data to Anytype’s (or third-party) servers with zero code visibility. Why is this even done??
  • Anytype claims that, though everything is syncing to the ‘backup node’ server, only end-users can view their data because Anytype does not have access to the keychain phrases. Can any proof be provided that this is true? Is the data encrypted during transit? Is it encrypted at rest? Am I missing why maybe this shouldn’t be a concern at all due to the technology being used? If this is the case, is there proof?

I want SO much to love this app and to be a huge evangelist for it. I’m feeling incredibly nervous about the security of my data, though. I could literally manage my whole life and company within the thing. It really would be a great ‘OS for life.’ It doesn’t seem wise to let it become that without any guarantee that someone won’t end up with accidental or purposeful access to my personal and professional data, though.

Anytype doesn’t even have a publically available privacy policy. The “Privacy Policy” link on the website links to the Terms and Conditions doc; I read through the terms. They do not include any information on privacy or the use of user data; the terms only reference the non-existent Privacy Policy. Copied from the terms: “Any personal information submitted in connection with your use of the Service is subject to our Privacy Policy, which is hereby incorporated by reference into these Terms.”

Anytype- can you please update your website to link to an actual Privacy Policy?

Anytype or someone more technologically-minded than me- Can you please offer reassurance that user data is, indeed, secure? Is there any way to not allow the sync to Anytype’s server? Why is this needed at all for an off-line first app?

Thank you so much for any information you can provide!

3 Likes

Your concern has been posted by others, though no reaction accordingly yet as far as I know.

Thanks for the response, Jeroen.

Maybe I’ll read up more on encryption keys to understand how they work. I feel like there’s something here that I’m just not understanding about the platform that is either (1) a huge red flag, or (2) no big deal at all. :woman_shrugging:

At this point, if Anytype could just provide a basic Privacy Policy, that’d go a long way to make the platform feel less sketchy.

1 Like

Two weeks later, we still can’t get a basic privacy policy. This doesn’t look good, Anytype.

1 Like

@jen we are working on a detailed document to provide all our users with a very through explanation about the alpha program, data storage and the analytics being collected during the alpha, also the future plans we have. It will take a little longer but we will have it ready in this week.

5 Likes

Hello,
Any update on this documentation and privacy policy ?

4 Likes

@sambouwer yes the privacy policy has been detailed, written and is a final drafting stage. Hope to add it to the app in the next week or so. Most likely without an announcement, it’ll just be hanging around all of a sudden. :sloth:

2 Likes