Last updated: 19 April 2026
Anthora is operated by Clexa GmbH(“Clexa”, “we”, “us”, “our”), Germany. We run the website theanthora.comand the Anthora mobile application for iOS and Android (together, “the Service”). Clexa GmbH is the data controller within the meaning of Art. 4(7) GDPR.
For any question about this policy, your data, or to exercise your rights, contact us at privacy@theanthora.com.
Email address, username, and hashed password (bcrypt — we never see your actual password). If you sign in with Google we receive your Google account ID and email. Legal basis: performance of a contract, Art. 6(1)(b) GDPR.
Display name, bio, profile photo, personal link, and phone number. You control everything here and can remove it from Settings at any time.
Lists, items, comments, likes, saves, predictions, and notes you create are stored to operate and display the Service. Legal basis: performance of a contract.
Which lists you view, save, like, or interact with — used to personalise your feed and recommendations. Retained until you delete your account. Legal basis: legitimate interest, Art. 6(1)(f) GDPR.
Web: browser type, OS, approximate location from IP (country/city only), referring URL. Mobile: device model, OS version, app version, language, time zone, crash data. IP addresses are truncated after use.
We do not collect IDFA or AAID. We do not use cross-app or cross-site tracking.
Stored for up to 90 days, not linked to your account, used to improve search quality. Legal basis: legitimate interest.
Login attempts, failures, and lockouts (with masked email addresses). Retained 90 days. Legal basis: legitimate interest in protecting accounts.
If you accept the analytics category in the cookie banner, we use Vercel Analytics — privacy-first, no cookies, no cross-site tracking, no persistent identifiers. Legal basis: consent, Art. 6(1)(a) GDPR.
The app requests only what a feature needs: photos library (list uploads), camera (in-app capture), location (trip/travel maps), push notifications (activity alerts). You can revoke any permission in system settings; the rest of the app continues to work.
| Purpose | Legal basis |
|---|---|
| Account & content | Contract — Art. 6(1)(b) |
| Personalised feed & recommendations | Legitimate interest — Art. 6(1)(f) |
| Search query logging | Legitimate interest — Art. 6(1)(f) |
| Security logs & fraud prevention | Legitimate interest — Art. 6(1)(f) |
| Analytics (Vercel) | Consent — Art. 6(1)(a) |
| Push notifications | Consent — Art. 6(1)(a) |
| Crash & error reporting (Sentry) | Legitimate interest — Art. 6(1)(f) |
| Legal requests | Legal obligation — Art. 6(1)(c) |
Anthora uses Anthropic's Claude API to help you generate list drafts from a text prompt. When you use this feature, the prompt you type is sent to Anthropic. Anthropic does not use prompts submitted through our API integration to train its models. AI-generated suggestions are a starting point — nothing is published until you save it.
Anthora participates in the Amazon Associates programme. Affiliate links take you to Amazon, where Amazon sets its own cookies under its own privacy policy. We do not set any affiliate tracking cookies on theanthora.com. We receive only aggregated commission reports — no personal data about your purchases. See Amazon's Privacy Notice for details.
| Provider | Purpose | Location |
|---|---|---|
| Vercel Inc. | Web hosting and analytics | USA (SCCs) |
| Railway Corp. | Backend server and database hosting | USA (SCCs) |
| Anthropic PBC | AI list generation | USA (SCCs) |
| Pexels GmbH | Image search for list items | Germany / USA |
| Google Maps Platform | Geocoding and map tiles for trip lists | USA (SCCs) |
| Functional Software Inc. (Sentry) | Error and crash monitoring | USA (SCCs) |
| Apple Inc. | iOS app distribution and push notifications | USA (SCCs) |
| Google LLC | Android app distribution and push notifications | USA (SCCs) |
| Strato AG | Email hosting for @theanthora.com | Germany |
We do not sell personal data. We do not share data with advertisers. We do not use Meta Pixel, TikTok Pixel, Google Analytics, Firebase Analytics, Mixpanel, or any similar tracking platforms.
Transfers to processors outside the EEA are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, combined with supplementary technical and organisational measures. For providers certified under the EU–US Data Privacy Framework, the Framework's adequacy decision also applies. To request copies of applicable SCCs, email privacy@theanthora.com.
If you are in the EEA, UK, or Switzerland, you have the right to:
Email privacy@theanthora.com. We respond within 30 days.
We do not use automated decision-making that produces legal or similarly significant effects under Art. 22 GDPR. Our recommendation engine personalises which lists you see but does not restrict access, set prices, or make consequential decisions about you.
| Data type | Retention |
|---|---|
| Account and profile data | Until you delete your account |
| Content (lists, comments, predictions) | Until you or we delete it, or account deletion |
| Usage data | Until you delete your account |
| Search queries | 90 days (not linked to account) |
| Security and audit logs | 90 days |
| Crash reports | 90 days |
| Analytics data (Vercel) | Up to 30 days per Vercel's policy |
| Email correspondence with privacy@ | 3 years (German limitation period) |
When you delete your account, personal data is permanently removed from live systems within 30 days. Backups are fully cleared within 90 days.
Passwords stored as bcrypt hashes. All traffic over HTTPS (TLS 1.2+). Authentication tokens are short-lived (15 minutes) with rotating refresh tokens. Rate limiting and account lockout against brute-force attacks. Access to production systems restricted to authorised personnel. In the event of a breach affecting your rights, we will notify you and the supervisory authority within 72 hours as required by Art. 33–34 GDPR.
The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact privacy@theanthora.com and we will delete it promptly.
Detailed information is in our Cookie Policy. The banner you see on first visit lets you accept all, reject all, or customise by category. You can change your choice at any time using the button below.
We may update this policy when we add features, change processors, or adapt to legal requirements. We will post the updated policy here with a new “Last updated” date. For significant changes we will notify you by email or in-app message at least 14 days before the change takes effect.
Email privacy@theanthora.com. We aim to respond to every query within 5 working days and resolve every formal request within 30 days. If you are not satisfied, you have the right to complain to your local supervisory authority (see section 8).