Privacy Policy
Last updated: January 2025 · Version v1.0
Our Privacy Commitment
Privacy is foundational to Anvora. We collect only what is needed to provide the service, never sell data for advertising, and give you control over your information.
Contents
1. Introduction & Scope
This Privacy Policy explains how Malliva Labs Ltd ("we", "us", "our") collects, uses, stores, and protects your personal information when you use Anvora, our privacy-first communication platform.
This policy applies to all users of Anvora, including:
- Organisations using Anvora for compliance, reporting, or internal communications
- Professionals using Anvora for client consultations and session management
- External participants who join sessions via secure links
- Beta and early access users during our prelaunch phase
We are committed to protecting your privacy and handling your data in accordance with UK GDPR and applicable data protection laws. If you have any questions, please contact us at dataprotection@mallivalabs.com.
2. Data We Collect
We follow the principle of data minimisation: we collect only the information necessary to provide our service. Here's what we collect and why:
Account Information
Information you provide when creating an account
Purpose: Account creation and authentication
Session Content
Communications and files shared within sessions
Purpose: Providing the core communication service
Usage Data
Technical information about how you use the platform
Purpose: Improving the platform and troubleshooting
Optional Identity
Identity information you choose to share
Purpose: Enabling progressive identity disclosure
What we don't collect
We do not collect unnecessary personal data, track your browsing activity across other websites, build advertising profiles, or collect biometric data. We also do not access the encrypted content of your sessions.
3. How We Use Your Data
We use your data only for the following purposes:
- Providing the service: Enabling secure communications, session management, and identity disclosure controls
- Account management: Authentication, password recovery, and account settings
- Platform improvement: Understanding usage patterns to improve features and fix issues (anonymised and aggregated where possible)
- Security: Detecting and preventing fraud, abuse, and security threats
- Legal compliance: Meeting our legal obligations and responding to lawful requests
- Communication: Sending essential service updates and, with your consent, product announcements
For details on what we do not collect or do with your data, see Section 2.
4. Data Storage & Security
We take the security of your data seriously. Here's how we protect it:
Encryption
- End-to-end encryption for session content
- TLS 1.3 for all data in transit
- AES-256 encryption at rest
Data Location
- Primary data storage in EU/UK
- Enterprise data residency options
- GDPR-compliant processing
Privacy Preserving Design
- Controlled identity and participation
- Platform-mediated payment flows
- Encrypted and secure communication
Infrastructure
- Enterprise-grade cloud hosting
- Regular security assessments
- 24/7 monitoring
For detailed information about our security practices, please visit our Security Overview.
5. Your Rights & Controls
Under UK GDPR and applicable data protection laws, you have the following rights regarding your personal data:
Right to Access
Request a copy of your personal data
Right to Correction
Request correction of inaccurate data
Right to Deletion
Request deletion of your data
Right to Portability
Receive your data in a portable format
Right to Objection
Object to certain processing of your data
Right to Restriction
Request restriction of processing
How to exercise your rights
To exercise any of these rights, please contact us at dataprotection@mallivalabs.com. We will respond to your request within 30 days. You may also access many of these controls directly through your account settings.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.
Privacy controls in Anvora
- Session controls: Set session expiry, message retention, and auto-deletion
- Identity disclosure: Control when and what identity information is revealed
- Data export: Download your data in a portable format
- Account deletion: Permanently delete your account and associated data
6. Third-Party Services
We use a limited number of third-party services to operate Anvora. We carefully select partners who share our commitment to privacy and security.
Essential services we may use:
- Cloud infrastructure: For hosting and data storage (EU/UK regions)
- Email services: For transactional emails (account verification, notifications)
- Payment processing: For subscription payments (PCI-DSS compliant)
- Analytics: Privacy-respecting analytics to understand usage patterns
Our commitment
- • All third parties are bound by data processing agreements
- • We share only the minimum data necessary
- • We do not use third-party advertising or tracking networks
- • Session content is never shared with third parties
7. Data Retention & Deletion
We retain your data only for as long as necessary to provide our service and meet our legal obligations. Many retention settings are under your control.
Default retention
- Account data: Until you delete your account
- Session content: According to session settings
- Usage logs: 90 days (anonymised)
- Security logs: 1 year
Your controls
- Set custom session expiry times
- Enable auto-deletion for messages
- Delete individual sessions manually
- Request complete account deletion
When you delete your account, we permanently remove your personal data within 30 days, except where we are required by law to retain certain information. Encrypted session content is cryptographically erased.
8. Beta Programme Notice
Beta Programme
Anvora is currently in public beta. By using the platform during this period, you acknowledge the following:
- The platform is in active development and features may change, be incomplete, or be temporarily unavailable
- We may collect additional feedback and usage data to improve the platform during beta
- This privacy policy may be updated as we refine our practices and prepare for public launch
We welcome your feedback on our privacy practices. Please contact us at dataprotection@mallivalabs.com.
9. Children & Eligibility
Anvora is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at dataprotection@mallivalabs.com, and we will take steps to delete that information.
10. International Data Transfers
Malliva Labs Ltd is based in the United Kingdom. Our primary data processing and storage takes place in the European Union and United Kingdom.
If you are accessing Anvora from outside the EU/UK, your data may be transferred to and processed in the EU/UK, where data protection laws may differ from those in your country. By using Anvora, you consent to this transfer.
Where we transfer data to third parties outside the EU/UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes:
- We will update the "Last updated" date at the top of this page
- We will notify you via email or through the platform
- We will provide reasonable notice before changes take effect
Your continued use of Anvora after changes become effective constitutes acceptance of the revised policy. If you do not agree with the changes, you should stop using the platform.
12. Contact Us
If you have any questions about this Privacy Policy, your personal data, or our privacy practices, please contact us:
We aim to respond to all privacy-related inquiries within 30 days.
Related Documents
Review our other policies and documentation.