Anvil Icon

Anvil Privacy Policy

Last Updated: December 27, 2025

Overview

Anvil is a mobile application that provides a convenient interface for managing your Laravel Forge servers. This privacy policy explains what information we collect, how we use it, and the choices you have.

Information We Collect

Information You Provide

Laravel Forge API Key

  • You provide your Laravel Forge API key to authenticate with the Laravel Forge service
  • This key is stored securely on your device using encrypted storage (iOS Keychain / Android Keystore)
  • The key is only transmitted to Laravel Forge servers (https://forge.laravel.com/api) to authenticate your requests

Account Information

  • Your email address and name (retrieved from Laravel Forge)
  • Organization information (ID, name, membership status)
  • This information is fetched from Laravel Forge based on your API key

App Security Settings

  • PIN code (if you enable app lock)
  • Biometric authentication preferences
  • These are stored locally on your device only and never transmitted

Information Collected Automatically

Subscription Information

We use RevenueCat to manage subscriptions. RevenueCat collects:

  • Purchase and subscription status
  • Subscription type (monthly, annual)
  • Trial period status
  • App Store / Google Play transaction data

For RevenueCat's privacy practices, see: https://www.revenuecat.com/privacy

Biometric Capability

  • We check if your device supports biometric authentication (Face ID, fingerprint)
  • This check is performed locally and the result is never transmitted

Information We Do NOT Collect

  • Location data
  • Photos or camera access
  • Contacts
  • Device identifiers or advertising IDs
  • Usage analytics or behavior tracking
  • Crash reports or error logs (beyond local console)

How We Use Your Information

We use the information we collect to:

  • Authenticate your requests to Laravel Forge
  • Display your servers, sites, and other Forge resources
  • Execute management commands on your behalf (deployments, server operations, etc.)
  • Manage your app subscription status
  • Secure access to the app with PIN or biometric authentication

Data Storage and Security

Local Storage

  • Your API key and security settings are stored using platform-native encrypted storage
  • Server and site data is cached in memory temporarily (cleared when you close the app)
  • No data is stored in cloud services or external databases

Network Security

  • All communications use HTTPS encryption
  • We only communicate with:
    • Laravel Forge API (https://forge.laravel.com/api)
    • RevenueCat (for subscription management)

Third-Party Services

Laravel Forge

Your use of Anvil is subject to Laravel Forge's terms and privacy policy. We act as a client to their API on your behalf.

Privacy Policy: https://forge.laravel.com/privacy

RevenueCat

We use RevenueCat for subscription and purchase management.

Privacy Policy: https://www.revenuecat.com/privacy

Apple App Store / Google Play Store

Purchases are processed through the respective app stores, subject to their privacy policies.

Data Sharing

We do not sell, rent, or share your personal information with third parties except:

  • Laravel Forge: To provide the app's core functionality
  • RevenueCat: To manage subscriptions
  • Legal Requirements: If required by law or to protect our rights

Your Rights and Choices

Access and Control

  • You can remove your API key at any time through the app
  • Uninstalling the app removes all locally stored data
  • You can disable biometric authentication in the app settings

Data Deletion

  • All app data is stored locally on your device
  • Uninstalling the app deletes all stored information
  • To delete data from Laravel Forge, contact Laravel Forge directly
  • To delete subscription data from RevenueCat, contact us

Children's Privacy

Anvil is not intended for use by children under 13. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by updating the "Last Updated" date.

Contact Us

If you have questions about this privacy policy or our privacy practices, please contact us at:

anthony@rappasoft.com

Permissions Explained

Android Permissions

  • INTERNET: Required to communicate with Laravel Forge API
  • USE_BIOMETRIC / USE_FINGERPRINT: For optional biometric app lock
  • VIBRATE: For haptic feedback

iOS Permissions

  • Face ID: For optional biometric app lock (only if you enable it)
View Terms of Service