Your data, plainly

We built this product to give you sharp pipeline diagnosis without becoming one more company that hoards your data. Here is exactly what that means — in plain language, before any legal text.

First, what this tool is (and isn't)

This is a decision-support tool, not a professional advisor. It helps you think through pipeline and go-to-market problems. It is not a substitute for professional advice — financial, legal, accounting, or otherwise — and we are not your financial advisors, consultants, or fiduciaries. Its outputs can be incomplete or wrong. Always apply your own judgment and verify before acting on anything it tells you.

The short version on data

Your AI runs on your own key. You bring your own Anthropic or OpenAI API key. When the advisor thinks, it calls your provider account with your key. Your prompts and the AI's responses are an exchange between you and your provider — we are not in the middle of it storing copies.
We use no tracking, no analytics, no advertising. No Google Analytics, no Mixpanel, no Segment, no advertising pixels, no third-party trackers of any kind. We don't profile you and we have nothing to sell to advertisers.
We don't sell or share your data. Not to anyone, for any purpose.
What we do store, we encrypt and isolate. Your API key is encrypted. Your session records are walled off to your account — no other user can reach them.
You can delete it yourself. Delete any session, or delete your whole account, from inside the product. When you delete, it's gone — a hard delete, not a hidden archive.

What we actually store

To run the product, we keep a small amount of data:

Your encrypted API key, so you don't have to paste it every session. It's encrypted at rest (AES-256-GCM). It is decrypted only for a moment, only on our server, only to make the AI call you asked for — and it's never written down in readable form or recorded in our logs. You can delete it any time from Settings.
Your sessions — the situation you describe and the advisor's diagnosis. This is stored so you can come back to your work. It stays until you delete it.
Your account basics — your email, and any name/company you provide at sign-up.
A redemption record if you used an access code — which code, and when. If you delete your account, the personal link to you is removed from this record; only the anonymous "this code was used on this date" remains.

That's the whole list. There is no analytics database, no behavioral profile, no data broker on the other end.

What leaves our servers, and where it goes

To your AI provider (Anthropic or OpenAI): the prompt and the response, via your own key, because that's how the AI works. Your provider handles that exchange under their terms — it's your account with them. We don't send your data to any AI provider on our own account.
To our hosting and database platforms (Vercel, Supabase): the ordinary technical processing any web app requires — serving pages, storing your rows, signing you in. They act as our infrastructure providers, not as recipients of data we've handed over for their use.
To anyone else: nothing.

Your controls

Delete a session: open it and choose Delete this session. The session and everything in it is removed.
Delete your account: open Your Account from the header nav and choose Delete account. This removes your login, your profile, your stored API key, and every session and message you've created. It can't be undone.
Questions or requests: email us (contact in the Terms). If you'd rather we delete something for you, ask and we will.

We'd rather earn trust by holding less than by promising more. If anything here is unclear, ask — we'll give you a straight answer.

This statement is a plain-language summary. The Privacy Policy and Terms of Service are the full terms.

Privacy Policy

Provider: Arun Keshav Cavale, an individual operating under the name "Growth Forge Asia" ("we", "us", "our") Product: Anvilio — GTM & Revenue Advisor (the "Service") Effective date: 1 July 2026 Last updated: 1 July 2026

This Privacy Policy explains what data the Service collects, how it is used, where it goes, and the controls you have. It is written to match how the Service actually works. A plain-language summary is available separately; this document governs.

Note: The Service is operated by an individual, not a registered company. This policy is provided as-is and is not legal advice. It should be reviewed by qualified counsel before use with users in regulated jurisdictions or before paid/general launch.

1. Who we are

The Service is operated by Arun Keshav Cavale, an individual trading under the name "Growth Forge Asia." For privacy questions or requests, contact arun.cavale@growthforgeasia.com.

2. The data we process

2.1 Data you provide

Account information. When you sign up, we store your email address and any name and company name you provide. Your email is held by our authentication provider (Supabase Auth) and a copy is stored in your profile record for the Service to function.
Your API key (bring-your-own-key). The Service uses your own Anthropic or OpenAI API key to run the AI. We store this key encrypted at rest using AES-256-GCM encryption. The unencrypted key is never stored. It is decrypted only transiently, only on our server, and only to (a) make the AI calls you request, (b) display a masked preview to you, or (c) test the key's validity at your request. The unencrypted key is never written to our logs or persisted to disk.
Session content. The information you enter into a diagnostic session — the situation you describe, figures you provide, and your responses — is stored so you can return to your work. The AI's outputs in that session are stored alongside it.

2.2 Data created by using the Service

Session and account metadata — session titles, status, timestamps, and your subscription/access state.
Access-code redemption records — if you redeem an access code, we store which code was redeemed and when, linked to your account.

2.3 Data we do not collect

We use no analytics, tracking, profiling, or advertising technologies of any kind. We do not embed Google Analytics, Mixpanel, Segment, Sentry, advertising pixels, or comparable third-party trackers.
We do not collect data for advertising and we do not build behavioral profiles.

3. How we use your data

We use your data solely to operate the Service: to authenticate you, store and display your sessions, run the AI using your key, manage your access, and respond to your requests. We do not use your data for advertising, profiling, or resale.

4. Disclosure to third parties

We do not sell or rent your personal data. Your data is disclosed only to the following categories of processors, each acting on our behalf or at your direction to provide the Service:

Recipient	Purpose	What they receive
Your AI provider (Anthropic or OpenAI, per your key)	Running the AI you requested	The prompt and the AI's response, sent using your own key. This exchange is governed by your relationship with that provider under their terms.
Supabase	Authentication and database hosting	Your account, profile, encrypted key, and session data, stored on our behalf.
Vercel	Application hosting	Standard request data inherent to web hosting (e.g., IP address, request metadata) and server logs.

Beyond these processors, we share data only where required by law.

5. International processing

The Service is hosted on infrastructure that may process and store data in regions including Singapore and elsewhere, depending on our providers' configurations. By using the Service you understand your data may be processed in these locations.

6. Data retention

We retain your data for as long as your account is active, or until you delete it. There is no automatic deletion window — your sessions and account data persist until you remove them or ask us to.

7. Your rights and controls

You can exercise the following directly within the Service:

Delete a session. Open the session and choose Delete this session. This permanently deletes the session and all messages and metadata within it. This cannot be undone.
Delete your account. Open Your Account from the header nav and choose Delete account. This permanently deletes your login identity, your profile, your stored encrypted API key, and all of your sessions and messages. This cannot be undone.
Access-code redemption records are retained after account deletion in anonymized form: the personal link to you is removed, leaving only the non-personal fact that a code was redeemed on a date. This supports our records of code usage and does not identify you.

You may also contact us at arun.cavale@growthforgeasia.com to request access to, correction of, or deletion of your personal data. Depending on your jurisdiction, you may have additional statutory rights (for example, under the EU/UK GDPR or other applicable laws); we will honor applicable rights.

8. Security

Your API key is encrypted at rest with AES-256-GCM. Access to your stored data is isolated to your account through row-level security, so that other users of the Service cannot read or modify your data. We transmit data over encrypted connections. No system is perfectly secure, but we design to hold as little as necessary and to protect what we hold.

9. Children

The Service is intended for business use by adults and is not directed to children. We do not knowingly collect data from children.

10. Changes to this policy

We may update this policy. Material changes will be communicated through the Service or by email. The "Last updated" date reflects the current version.

11. Contact

Arun Keshav Cavale / Growth Forge Asia — arun.cavale@growthforgeasia.com