Skip to content
ChatGPT Image Apr 26, 2025, 08_48_38 PM

Black Anvil Privacy Policy

Effective date: June 11, 2025

1. Introduction

Black Anvil Inc. ("Black Anvil", "we", "our", or "us") provides marketing analytics software and related consulting services that help businesses understand and improve customer acquisition and retention. Protecting your privacy is a top priority for us. This Privacy Policy explains what information we collect, how we use it, where it is stored, whom we share it with, and the choices you have regarding your data.

2. Scope

This policy applies to information collected when you

  • visit or interact with any Black Anvil website, application, dashboard, or marketing property (collectively, the "Services"),

  • engage our consulting or onboarding teams,

  • receive communications from us (for example, newsletters),

  • Interact with embedded Black Anvil tracking scripts or forms on our customers’ sites.

3. Information We Collect

We collect information in three main ways:

  1. Information you provide directly

    • Name, business email address, phone number, and other contact details.

    • Account login credentials (stored in an encrypted form).

    • Billing details such as company address and payment card (processed via Stripe – Black Anvil does not store full card numbers).

    • Content you upload, email, or otherwise transmit through the Services (e.g., marketing assets, UTM parameters, deal records).

  2. Information collected automatically

    • Log files: IP address, browser type, device identifiers, time zone, referring URL, and pages viewed.

    • Usage data: clicks, scrolls, feature interactions, funnel performance, and error reports.

    • Cookies and similar tracking technologies (see Section 10).

  3. Information from third parties

    • Advertising platforms such as Facebook Ads Manager (ad metrics, audiences, spend).

    • CRMs such as HubSpot (deal data, contact lifecycle events).

    • Email marketing tools like Klaviyo and Mailchimp (subscriber activity, campaign stats).

    • E‑commerce or POS systems like Shopify and Square (order data, product details).

    • Payment processors (Stripe) for billing and subscription status.

    • Cloud infrastructure or analytics providers, including Supabase, Google Workspace, AWS, and OpenAI (aggregate usage insights, log data, AI‑generated analytics).

4. How We Use Your Information

We process data only for legitimate business purposes, including:

  • Providing, operating, and maintaining the Services.

  • Connecting to authorized third‑party platforms to unify marketing and sales data.

  • Generating analytics dashboards, KPIs, and reports for you and your authorized users.

  • Personalizing content, onboarding workflows, and product communications.

  • Processing transactions and managing subscriptions.

  • Detecting, preventing, and responding to security incidents, technical issues, or misuse.

  • Conducting product research, development, and quality improvements.

  • Complying with legal obligations and enforcing our Terms of Service.

5. Data Storage and Security

  • All application data is stored in Supabase Postgres databases hosted in AWS regions located in Canada or the United States.

  • Data is encrypted in transit (TLS 1.2+) and at rest using AES‑256.

  • Access to production systems is secured via role‑based access control (RBAC), MFA, and audited activity logs.

  • Backups are encrypted and retained for a maximum of 30 days before secure deletion.

6. Sharing and Disclosure

We do not sell or rent your personal information. We share data only in these circumstances:

Recipient Purpose Safeguards
Service Providers– Supabase, AWS, Google Cloud, DigitalOcean Host databases, application servers, and internal tooling Data processing agreements; encrypted storage
Marketing & CRM Integrations– HubSpot, Klaviyo, Mailchimp Sync campaign and contact data you authorize API tokens scoped to least privilege
Advertising Platforms– Facebook/Meta, Google Ads Import ad performance and push audience segments Read‑only or scoped write tokens
E‑commerce & POS– Shopify, Square Sync order and attribution data OAuth or API keys; no write access without consent
Payment Processor– Stripe Process subscription fees and refunds PCI‑DSS compliance; tokenized payment info
Analytics & AI Providers– OpenAI, internal models Generate predictive insights and natural‑language reports Remove personal identifiers before processing
Legal Requirements Respond to court orders or government requests Verified requests only; minimum necessary data

7. International Data Transfers

Some service providers operate in jurisdictions outside your own. Where required, we implement Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure an adequate level of protection.

8. Data Retention

We keep personal data only as long as necessary to fulfill the purposes outlined in this policy, resolve disputes, and comply with legal obligations. User‑generated marketing data is retained for the duration of your subscription and deleted or anonymized within 90 days of account closure, unless extended retention is required by law.

9. Your Rights and Choices

Depending on your location, you may have rights to:

  • Access, correct, or delete personal data.

  • Object to or restrict certain processing activities.

  • Withdraw consent at any time (this does not affect processing before withdrawal).

  • Port your data to another service provider.

You can exercise these rights by contacting privacy@blackanvil.ca. We may require verification of your identity before fulfilling the request.

10. Cookies and Tracking Technologies

We use cookies, local storage, pixel tags, and similar technologies to

  • authenticate users,

  • remember preferences,

  • analyze product usage,

  • attribute marketing performance.

You can control cookies through your browser settings, but disabling them may affect core functionality.

11. Children’s Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal data from children. If we learn that a child has provided us with personal information, we will delete it promptly.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in technology, law, or our practices. If changes are material, we will notify you by email or via an in‑product banner at least 30 days before they take effect. The revised policy will supersede prior versions.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:

  • Email: privacy@blackanvil.ca

  • Address: Purdy's Wharf, 1969 Upper Water Street #1300 McInnes Cooper Tower, Halifax, NS B3J 3R7