Privacy Policy
1. Controller
The data controller for Animon is Expendid Ltd, a company registered in England and Wales (company number [COMPANY NUMBER]), registered office [REGISTERED OFFICE ADDRESS]. For any privacy question, email hello@getanimon.com.
2. What we collect and why
| Data | Purpose | Legal basis (UK GDPR) |
|---|---|---|
| Email address, username, display name | Create and operate your account | Performance of contract |
| Sign in with Apple identifier | Authenticate you without a password | Performance of contract |
| Avatar & banner image (if you upload one) | Display on your profile | Performance of contract |
| Your vault entries, ratings, reviews, lists, follows | Run the core tracker features | Performance of contract |
| Device push token | Send the notifications you opt into | Consent |
| Crash reports and diagnostic logs | Find and fix bugs | Legitimate interest |
| Purchase receipts (via RevenueCat / Apple) | Manage subscriptions and entitlements | Performance of contract |
We do not sell your personal data. We do not use third-party advertising trackers. We do not run behavioural profiling.
3. Who we share data with
- Supabase — database, authentication, file storage and serverless functions (hosted in the EU).
- Apple — Sign in with Apple, push notifications, and App Store subscription billing.
- RevenueCat — subscription entitlement management.
- Cloudflare — web hosting and DNS for getanimon.com.
Each processor handles your data only on our instructions, under a written agreement that meets UK GDPR Article 28.
4. International transfers
Some providers (Apple, RevenueCat, Cloudflare) are based in the United States. Where data leaves the UK / EEA we rely on the UK Addendum to the EU Standard Contractual Clauses or an equivalent safeguard.
5. How long we keep data
We keep your account data while your account is active. If you delete your account, we permanently delete your profile, vault, lists and reviews within 30 days, except where we have to keep some records (for example, tax records on purchases for up to 6 years).
6. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased ("right to be forgotten");
- restrict or object to processing;
- data portability — receive your data in a structured, machine-readable format;
- withdraw consent (for push notifications) at any time.
Exercise any of these by emailing hello@getanimon.com. We respond within 30 days.
7. Children
Animon is not for children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has registered, email us and we will delete the account.
8. Security
We use TLS in transit, encryption at rest where the underlying provider offers it, role-based database access policies (Supabase Row Level Security), and routinely review our infrastructure. No system is perfectly secure — if a breach happens that's likely to affect you, we'll tell you and the ICO within 72 hours of becoming aware.
9. Cookies
The Animon iOS app uses no third-party cookies. The getanimon.com website uses only essential cookies needed by Cloudflare to serve the site.
10. Complaints
If you're unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint. We'd appreciate the chance to put things right first — email us at hello@getanimon.com.
11. Changes to this policy
We'll update the "Last updated" date above and, if the change is material, give you in-app notice.