User Emails on Anytype

Hi All,

Here you’ll find some info on user emails, data privacy, security, and anonymity when it comes to Anytype. First we’ll start with some high level points, then we will go into a specific email-related post mortem.

High Level Summary

  • All content inside the app is secure and private; it is not possible for Anytype to access your content, and this is verifiable in our code. There’s no need to trust us—it’s a fact.

  • Data security, privacy, and anonymity are not the same thing, although it’s easy to slip up and use the terms synonymously. In very simple terms, secure means protection from unauthorised access. Private means choice of who has access. Anonymous means traceability to your identity. Naturally, these are on spectrums and are not binary states.

  • For members on free and paid plans on Anytype, content is synced on our nodes—that’s how the app gets updated across devices and shared channels. This inevitably means that user data is transferred to Anytype. Importantly, the data is transferred by our protocol in a way that maintains data security and privacy—user content still cannot be accessed. For self-hosted users, data is not synced to Anytype servers whatsoever.

  • Unfortunately, with data being synced on our nodes, it inevitably means that we cannot guarantee anonymity across the board. A simple example is when a user submits a support request, this can lead to both an email address and Anytype ID being on our system, which is used to communicate and resolve issues.

  • Even in the case when a user’s Anytype account is connected to their email address, which is some loss of anonymity, their content in the app still remains entirely private and secure. What does become possible in this scenario is that we’d be able to trace the user’s abstract product usage data, such as what type of devices, what’s the account age, etc.

  • Product usage data is complex and requires a separate rundown, however the general point is that high level and abstract user activity is tracked and viewed in aggregate. For example, today, we can understand if a user creates a custom type (feature adoption), but we can’t distinguish between custom types and track how many of them are used. And it goes without saying, product usage data does not allow for tracking anything related to the content itself, such as object titles, chat messages, etc.

  • Anytype uses Amplitude and Metabase for product usage data. For email marketing, SendGrid and Loops.so are used. These tools are compartmentalised from each other and there is no linking of user identifiable data between them. That is, emails collected on the website, during in-product onboarding, and newsletter signups go to SendGrid or Loops.so and do not get tied with user accounts on Amplitude or Metabase.

  • As a tangible example, even though we can see all the users who have stopped using Anytype, we are unable to send them a marketing email to engage with them because the data is not linked.

  • Hopefully it goes without saying, all product usage data is not sold on to third parties. It’s used purely to inform product development decisions.

  • Anonymity is a spectrum and in Amplitude and Metabase, we strive to minimise the product usage data we collect that create high risk of inferences. For example, the Anytype app does not share channel IDs with Amplitude, we create a synthetic ID that abstracts the data so correlations cannot be made. This means Anytype is unable to see what kind of activity happened in which space, we can only see users have X number of spaces and they create X number of objects. Again, visibility of abstract product usage data does not compromise the privacy or security of any content in user spaces.

  • Although associating emails to user accounts is the standard practice in cloud products, this is not the standard we strive for. Anytype tries to minimise how much personally identifiable information we collect to minimise anonymity loss. Unfortunately, it is not a simple exercise and must be constantly worked on. We can and will get things wrong, but we will own up to it when we mess up and fix it.

  • Today, Anytype’s account creation process is permissionless with its seed phrase—no email required. Thus, it’s possible to spam create free accounts and fill up our network resources (costing us performance and money). To mitigate this issue, we currently analyse network data to combat suspicious activity. This is a threat vector that we must eventually address as it’s a progressively larger problem each day. Email verification is industry practice for limiting this misuse; however, we are exploring alternative solutions.

  • Importantly, the practice of collecting emails to create user accounts is something that we may choose to do in the future. It’s not completely off the table. However, doing this does not necessarily mean there will be a permanent connection between email and user account—high levels of anonymity can be preserved.

  • Beyond account verification, there are obvious incentives for Anytype to collect the emails of free users to send onboarding and marketing emails to improve product adoption. Again, this also does not necessarily mean there will be a connection of free user emails to user accounts.

  • In summary, users on the Anytype network have high levels of security, privacy, and anonymity—but there is variability across many dimensions. All content inside user spaces is fully private and secure, this we can guarantee with our code. However, we cannot guarantee full user anonymity across the board and don’t optimise for it.

  • For example, your user account is anonymous in creation, but immediately loses anonymity to other users once you start interacting with them because you must share your Anytype ID to be in the same space. Additionally, when users are in email correspondence with us there is also some loss of anonymity. We try our best to minimise this, however it is not prioritised like we treat data privacy and security.

  • To improve anonymity, there are reasonably easy steps that a user can take such as using different email addresses and VPNs. For stronger approaches, looking at self-hosting and other measures is recommended.

Below we will outline a recent conversation in our community that triggered us to review our email collection system. I want to say that it is amazing to have a community of inquisitive, engaged, and conscious people who volunteer their time to not only push our product to be better, but ourselves as well. We have learned a lot throughout this review and have made relevant updates.

Our plan is to take all our learnings from the community’s feedback here, adapt, and then outline these items in a future blog post for better accessibility and persistence.

Email Collection - Post Mortem

Summary

  • A community member pointed out that there was an in-product dialog that was forcing users to provide an email to get a free membership. This was a mistake due to old code being triggered from our new membership system, the reasons outlined in the post-mortem, and has since been fixed. The emails collected were sent to SendGrid, deleted automatically after 24 hours, and was not connected to a user’s Anytype ID.

  • A community member pointed out that we used to collect emails during user onboarding without the possibility to skip. Although this was already changed prior to the most recent conversation, we’ve outlined the reasons in the post-mortem for those who are curious.

  • A community member pointed out that we wrote a blog post in the past that was inaccurate (https://blog.anytype.io/notion-alternative). It stated, "Anytype is fully anonymous as we don’t collect your email or any personally identifiable information which is connected to the contents of your space.” This is was a mistake as ‘fully anonymous’ is too strong of a statement and set too high of an expectation to our community. We’ve temporarily taken it down.

Email Collection Overview

Currently, there are three primary reasons to utilise user emails in Anytype and we will outline our thoughts on them.

  1. Verify legitimate and unique users.

  2. Marketing to users.

  3. Providing user convenience.

Verifying Users

Today, Anytype’s account creation is permissionless with no email required; you can generate a seed phrase entirely offline and use the product. However, for those who aren’t self-hosting, you must connect to Anytype nodes to sync your data (free and paid plans). Once you do that, you consume network resources. It’s possible to spam account creation which would directly impact our finances and performance. There are multiple solutions to address this, email verification is one of them and is a proven approach that helps.

Marketing

Onboarding emails to provide resources, guides, and an open line of communication with new users is a proven strategy to help with product adoption. Anytype is a product and getting users to adopt it is the goal. Additionally, when we release new features, announce town halls, and have relevant information, having a communication channel is helpful. This must be in compliance with consent and GDPR regulations.

User Convenience

A seed phrase is intimidating to the vast majority of users, they expect an email and password when creating an account. Additionally, many users may want single sign-on with their accounts on Google, Apple, etc. A seed phrase may be simple for those familiar and with password managers, but it’s easy to mishandle for the average user—which leads to lost accounts without any means for recovery.

Due to this variety of considerations, email collection is always on the table for Anytype—even if it is not implemented today. This has no effect on the data privacy and security of your spaces, all your content remains safe from external actors. Collection of emails may have varying effects on anonymity, however there are methods to mitigate this. As an example, we disassociate emails addresses from user accounts on our compartmentalised internal systems.

Email Dialog

A community member pointed out that there was an in-product dialog that was forcing users to provide an email to get a free membership. We’ve investigated and here is an outline of what happened:

  • In Feb 2024, there was an idea to have email verification for free plans.

  • This was implemented in the Anytype app, but there was a decision to not launch it widely.

  • In Dec 2025, we released a new membership system with new capabilities such as seats and addons. We also updated our applications to support this new system. As the new app versions have fully refactored membership flow, they didn’t have ‘left-overs’ from the verification flow.

  • We provided backwards compatibility (legacy support), so that users on the older version of the Anytype app should still be able to access the new membership system and upgrade their plan.

  • What was forgotten is the logic surrounding ‘require an email for a free plan’ which was sleeping in the code of older versions of the application. This trigger was sleeping because we hardcoded membership levels IDs the application should ignore (all of those which existed in the previous membership system).

  • Hence, when we released the new membership system with new membership level IDs, the sleeping ‘feature’ in older versions of the app was triggered and displayed to users.

  • Emails collected in this dialog were sent to SendGrid and deleted automatically after 24 hours.

  • We have now removed the verification-related logic from our nodes—submitting an email won’t work anymore. However, the dialog exists in older versions of the Anytype app and will always exist.

What was the reasoning behind this dialog in the first place?

To reduce spam account creation and to collect emails for marketing was its original purpose. However, this membership dialog didn’t fully survive in production because we addressed the initial goals differently—hence why it was not launched widely. To mitigate this malicious account creation, we currently analyse network data to combat suspicious activity. For email marketing, an email collection field was introduced as part of the onboarding flow instead.

How the process logic for this dialog was designed originally:

  • User is prompted for an email in the app.

  • The app sends this email & id to our node. A temporary link between email & id exists.

  • Node creates a verification code.

  • Node adds the email address to SendGrid, triggers the API to send an email with the verification code to the email address. SendGrid does not have the user’s Anytype ID for the email.

  • User enters the verification code in the app.

  • App sends the code to the node.

  • Node verifies the code: if correct, assigns the Anytype ID with explorer membership level.

  • Node removes the email address from the database, no link between email & Anytype ID anymore thereafter. The email address is also removed from SendGrid.

  • Corner Case #1: If the user doesn’t enter the verification code within 24h after it’s requested, the node removes the email address from its database and SendGrid automatically.

  • Corner Case #2: If the user marked that they want to subscribe to our updates & email, the node doesn’t remove the email from SendGrid.

What happened when the dialog reappeared on older versions of the app after we updated the membership system:

  • Before 8th Jan 2026: the node received the email address sent from the app, the node added them to the database and SendGrid for 24 hours, and then removed the email address, because the verification logic was turned off.

  • After 8th Jan 2026: node was updated to the refactored version without membership v1 leftovers, including this SendGrid-related logic. In short, the app can’t trigger the methods it’s looking for and displays an error to the user.

What were our learnings:

  • If we discontinue features or shutdown experiments, we should completely remove it from the code asap.

  • We should have better internal documentation and regular reviews of our systems surrounding emails.

  • Investing time in good process flows is worthwhile. This bug that triggered email collection ultimately did not lead to unnecessary emails being stored in a forgotten database because it was being deleted automatically. Additionally, it avoided having a persistent link between email and Anytype ID on both internal databases and SendGrid.

Email Collection in Onboarding

This is not a ‘bug/fix/mistake’ post-mortem in the traditional sense, however it is a share of our decision making around email collection during account creation and expectations we set to the community.

In April 2025, an update to the onboarding flow on Anytype was made and email collection was updated to be mandatory with the goal to improve product adoption. Importantly, email collection during onboarding was in no way tied to user accounts and had no effect on the privacy or security of our users’ content in Anytype. This decision had some pushback from both the community and our internal team members.

On 11 Dec 2025, one of our engineers reasserted the suggestion that we make email collection less mandatory because a friend of theirs did not like it. Without much deliberation, we decided to remove it. Although not explicitly discussed, the logic is likely that our potential users would more turned off from email collection than the potential gain that email onboarding would provide—especially given our how lacking our email onboarding is today. We didn’t do any deep testing or evaluation on this and probably should have. It was a decision based on intuition. That being said, our basic retention metrics did improve with mandatory email collection on.

Where we messed up: in finding the right balance between vision/marketing statements, matching it to the reality of our product decisions, and communicating accurate expectations for our community. If Anytype is meant to be permissionless, but users are immediately confronted with a mandatory email sign up, this isn’t aligned. If we collect emails mandatorily, we should adjust how permissionless we promote ourselves to be; in other words, we should not have promoted expectations of permissionless account creation.

If there is a decision in the future to add email account collection, then we must better communicate the reasoning and adapt our communications to match.

Inaccurate Blog Post

A community member pointed out that we wrote a blog post that was inaccurate (https://blog.anytype.io/notion-alternative). It stated, “Unlike Notion, Anytype is fully anonymous as we don’t collect your email or any personally identifiable information which is connected to the contents of your space.”

  • This is was a mistake and gave the wrong expectations to our community.

  • We’ve temporarily taken it down, and should edit it to be more accurate. “Unlike Notion, your content in Anytype is fully private and secure, meaning it can only be accessed with your permission.”

  • Internally, we did not properly educate our team members on the difference between privacy, security, and anonymity. Additionally, we did not properly review material before it went out.

  • What did we learn: content we put out sets expectations and we should put more care into communications.

We apologise for the delay of releasing this post-mortem; it took quite some time to dig through the code and tools from years ago to understand the dynamics and decision making surrounding past work. In the future, our communication should be better to quickly alleviate any user concerns around the handling of their emails.

We will have more to share soon on other learnings and updates we’re making to other areas of Anytype. However, we want to provide some space for questions and feedback in the meantime.

Thank you for the write up.

I don’t see it mentioned in the post, but does Anytype also use Graylog for user analytics? Could just be your naming convention is the same, but I see a lot of requests made to graylog.anytype.io.

@kaye that was, most likely, the best team post ever! :+1:
And it was exactly the information I’ve always missed since my first day. This kind of information should have been direct on the website from day 0 on.

I like everything in you post:

  1. The transparency:
    – not only about the the pure facts,
    – but especially also about the background behind the decisions.
  2. The honesty about past mistakes.
  3. The conclusions about what to learn from past mistakes.
  4. The whole structure of your post and the clarity how you present the information.

You are here the true master of communication with the community!
This way of informing users builds and deepens real trust!

Some thinks have always felt a bit fishy, but, finally, you was able to “clean up the table”.
Very very good made!

I hope to read more from you in future! :heart:

Oh, even Donald Trump has something to say about it:

[Trump ON]
“This post was great! REALLY GREAT! You can see it even from the moon!”
[Trump OFF]

Adding another part to this post. Although not directly part of the same conversation, it is another area where we’ve made a change due to internal review:

Paid Users, AnyID, and Emails

  • When a user upgrades their account to a paid plan, they get various feature benefits such as a unique AnyID. After a successful account upgrade, Anytype sends the user a welcome email and addressing them by their AnyID. Unfortunately, this lowers the level of anonymity that users have because we’ve created a stronger link between email address and AnyID. This was a mistake and we have removed it. There has been no recorded breach of data on our systems. Importantly, this has also had no effect on the data and security of the users’ content in Anytype.

  • Why did we do this? We believed it would be a nice touch for the user to be addressed by their chosen AnyID. We still believe it is important to send a welcome email, and ideally it is personalised. However, we will implement this with an alternative field and not use AnyID.

  • Some history: the above product bug and community feedback that catalysed a review of our email systems is where we learned of a process we designed to limit the persistent linking of email to an Anytype ID. With that lens, we then reviewed our other systems to check if we consistently deployed this mindset and process. This is how we discovered this issue and rectified it.

  • This was not a ‘behind the scenes’ mistake per se, as paid users themselves could see that their AnyID was used in the welcome email they received. And although it wasn’t flagged as an issue by anybody, we are changing this process and surfacing this to the community for transparency.

  • What did we learn: that we must constantly be vigilant in our data management processes, even if we’re a startup trying to execute fast. There are always areas for improvement.

“Secure” — I am a bit worried about self hosting. If someone knows my server ip, they can easilly access, right? Because the ports are fixed and there is no requirement for sign-in. Once youre connected, you can create a new identity.

Regarding the Email problem: could you partner with SimpleLogin or something? So a user enters his real email adress, but an alias gets created that is seen by Anytype.

Btw I’d love to opt-in my email (alias) :stuck_out_tongue: Because you’ll probably also enable 2FA then, and this makes it sooo much more secure, which I’d prefer.
*Edit: btw, those who value privacy a lot will use an email-alias anyway – making them anonymous.

And btw, as Code-Jack already said, great post! Honesty and transparency :heart:

Yes, I believe it is for telemetry data. There are many other tools in our infrastructure that are not listed here for brevity. The callout specifically on Amplitude and Metabase was because it more directly relates to the conversation around emails and user tracking concerns, for which they are the primary tools.

Indeed, self-hosting requires that you take security and expertise into your own hands. This maximises your sovereignty, however like all things, it’s a tradeoff on being fully responsible for your own system.

The conversation around email login is much more complicated when we add the dimensions of local-first, peer-to-peer, decentralisation, etc. This is the reason why we have not implemented it yet. It’s a very complicated topic. However, as mentioned, it is on the table and a consideration. And yes, we believe that 2FA, account recovery, etc. are important factors.

Yes, using an email alias is a simple and easy approach that users can take to gain the benefits of a hosted service while preserving anonymity.

@mariusgerome @Code-Jack I very much appreciate the kind words. Truly. We’ll keep making mistakes, but we’ll try to do what we can to adapt. Thank you!

I can’t even imagine how much it must have taken you to write all this in such a uniform, and well-informed manner. :clap: You’ve truly outdone yourself @kaye .

I hope this stands as a reference for all people who had security and privacy related questions.

Greetings! Thank you for a such detailed post!
I think that questions addressed here are very important for a lot of people who chose to use Anytype as the main PKM app.

I see that Anytype team is faithful to Web3 principles which I really appreciate. Also I understand challenges that you face due to such an approach. So I want to leave some comments on reasons for email collection you mentioned here:

Verify legitimate and unique users

I see a possibility of spamming / overloading the network by account creation as a main real problem and vulnerability of the project. I really hope that you find a solution for this without renouncing seed-based approach. Described mechanisms when email doesn’t become a real part of authentication credential for user’s vault but serves only to separate violation behavior seems promising. But also I hope that there are even better solutions.

Marketing to users

Well, this purpose wouldn’t seem justified for a lot of users, I guess, as most of people don’t like disturbing notifications in mail :slight_smile:
However me personally want to take participation in community life - that’s why I’m here)

Providing user convenience

The choice between convenience and security is always a spectrum. I understand that for some users traditional email + password approach is preferable. And I wouldn’t be very against this type of authentication ONLY if it would be an option / choice for users who want to delegate storage of their vault key to Anytype team (with all trades off description). But at the same time it requires implementing in the code a potentially dangerous mechanism of sharing vault’s key that should be generated locally (or even mechanism of its generation on servers). I don’t think that this is a good idea…

Thanks for sharing your thoughts, @Snomstor. Indeed, it’s difficult to balance the different priorities across privacy, security, convenience, etc. In short, not all users value these things equally and inevitably the solutions we chose won’t be able to optimise for everything in the way that all users want.

That being said, we don’t want to make the app difficult or intimidating to use to the average person. We recognise that most people don’t understand seed phrases. Most people don’t use even password managers today and reuse their passwords. So we want to do our best at meeting them where they’re at, while also moving people towards more secure and private setups.

RE: Marketing emails — everything must always be done with consent and inline with GDPR regulations. In short, users can always opt-out/unsubscribe, etc. Nobody likes spam, ourselves included. :slight_smile:

RE: Account creation spam — there are some options we’re looking at but not quite there yet in evaluation.

This makes me think about storage -

what if we could bring our own storage from specific providers that have been approved by Anytype?

this way, you dont have to think about the amount of storage used because it would be up to the user to pay for it.

connect to services like - internxt.com or Ardrive.io or autonomi.com as your storage provider.

this is also permanent storage so you dont have to worry about loosing your data if you missed a payment for whatever reason.
you know what they say, “If you can not access your data with out always having to pay for it again, then you don’t really own it”. the idea is that if you pay once for it, then you own it from there on.

That’s interesting, I haven’t thought about that before. I’m not a developer, so I can’t speak to the complexities on implementation. I imagine it’s not so simple.

Good thing with Anytype is that you can always access you data, no matter what. If you go offline, stop paying, or if Anytype closes down, whatever—you always have access to your data on your device. It’s the awesome benefit of our local first infrastructure. You’re not stuck with a paywall or a cloud authorisation barrier.

yes, i do like that about Anytype!

Just read through the deep dive on the Email vs Anonymity situation. It makes total sense why you’d consider email to stop the “infinite free account” spam that drains network resources

​Since the goal is to stay permissionless, has the team considered Client-Side Proof of Work (PoW) as a middle ground?

​Basically, force the device to solve a background math puzzle (taking ~30-60 seconds of CPU time) during the account creation handshake.

For a human, It’s just a loading bar. No friction

For a bot ,Generating 10,000 keys becomes computationally too expensive (electricity + hardware time) to be worth it.

It seems like this would solve the Sybil attack vector without needing to collect emails or PII. Just a thought!

Yes, we’ve thought about a lot of different solutions. Forcing PoW on a device during sign up just adds friction that might not be good for the user—especially for people on weak/older devices.

But thanks for sharing that idea, always good to think about different ways.

Ah, that is a totally fair point. I didn’t consider how hard that might hit older devices. The gap between a flagship and a budget phone is massive these days.

Definitely don’t want to punish real users or kill their battery just to stop the bots, accessibility has to win there. Thanks for the insight :blush:

Hey everyone,

A while back, I suggested using a Proof of Work (PoW) challenge to stop bots from creating thousands of dummy accounts to exploit the free 100MB sync storage. @kaye replied with a great point: PoW requires heavy CPU math that would freeze older devices, which goes against Anytype’s goal of being accessible to everyone,

That feedback got me thinking. How do we stop these bot attacks without draining user batteries, and without asking for personal data like phone numbers or emails?

Here are two concepts that rely on behavior and community instead of heavy CPU math

Concept 1: Progressive Storage (Trust Over Time)

The Core Idea: Don’t give away the full 100MB on Day 1. Instead, unlock the storage gradually as the account ages and shows normal, human activity.

How it works:

Day 1 (New Account): The user gets 20MB of sync storage. This is plenty of space for a real person to test the app, write notes, and explore.

Day 7 (Active User): If the user naturally creates objects over a few different days, the system unlocks 50MB.

Day 14 (Consistent User): Continued human-like usage safely unlocks 75MB.

Day 30 (Trusted User): After a month of normal, organic usage, the full 100MB is permanently unlocked.

Why it defeats bots,

Botnets rely on instant speed. They want to create 10,000 accounts today and immediately sell or use the storage. If a bot script is forced to stay alive and slowly simulate random text entries for 30 days just to get 100MB, the attack becomes way too slow and economically useless.

Concept 2: The “Web of Trust” (Community Invites)

The Core Idea: Anytype is a peer to peer network. We can use the existing, trusted community to verify new human users and let them skip the 30 day wait.

How it works:

The Baseline: The app remains completely free to download and use locally.

The Instant Sync Unlock: If a new user wants to instantly unlock the full 100MB cloud sync on Day 1, they can enter a singleuse “Trust Code

Where do codes come from? (Day 90): When a user survives the 30-day wait and continues using the app for 90 Days, they become a "Community Builder”,They are granted 3 “Trust Codes” to share with their friends or teammates,

Why it defeats bots,

A bot script cannot automatically generate an invite code. To beat this system, a bot would have to convince thousands of real, trusted Anytype users to hand over their limited invite codes.

I think combining these two ideas using Concept 2 for instant access, and Concept 1 as the automatic fallback for solo users creates a solid defense against bots while keeping the app fast on old device

I’d love to hear what the community and the team think of these approaches!

Definitely interesting approaches, I’m not sure if any of the team has thought about those before. Thanks so much for the suggestions!

Concept 1: while it would put up a hurdle to make it harder for bots to instant spam a network, it’s only a slight hurdle. In your example, the spam difference is 5 fold (100MB down to 20MB), however that is not significant for a dedicated attacker. Of course, this creates other challenges that won’t be understood by new users. “I saw on the website I should get X storage, but why did I only get X? Is this a bait and switch?” Of course, we could try to explain it, but that just creates more friction.

Concept 2: this would definitely solve the issue to a certain extent, however it again creates more friction for the new user—and this is something we definitely want to avoid. It’s already a lot to ask a user to download and install an app (and then learn how to use it). To put another hurdle in place just to unlock storage will not be understandable to many users.

I hope these ‘critiques’ don’t come across as shutting you down! I love the proactive engagement in this issue and there is merit to your suggestions. Just about figuring out which option has the least amount of tradeoffs. While email verification isn’t without its own problems, it’s at least an expected user behaviour that many free users are fine with—especially since many of them prefer email/password creation anyway.

We’ve mentioned in the past that we were evaluating solutions, here is something we considered. The challenge is that it’d be expensive ($) to deploy on all free users.

Hey @kaye, no worries at all! I actually really appreciate the honest critique. You make a fantastic point about the “bait and switch” feeling ,I totally overlooked how much friction that would add to onboarding. If a new user expects 100MB and only sees 20MB on Day 1, they’re probably just going to bounce.

If standard email verification is cheaper to deploy and it’s a flow that users are already totally comfortable with, that definitely seems like the most practical move.

Thanks for taking the time to break down the UX and cost tradeoffs! Always cool to get some transparent insight into how the team makes these decisions.