Privacy Policy
Last updated: 2 July 2026
This policy explains how ANCILE AS processes personal data and the rights available to you under the General Data Protection Regulation (GDPR), as implemented in Norway by the Personal Data Act (personopplysningsloven).
1. Controller and contact
ANCILE AS (Norwegian organisation number 929 181 948), Nordstrupen 26, 8073 Bodø, Norway, is the controller for the operational personal data described in section 4. For the documentation you create in the Ancile app (section 3), ANCILE AS is not the controller and holds no copy of that data. Contact: post@ancile.no.
2. Two categories of data
This policy distinguishes two separate categories, which are never combined:
- Your documentation (section 3) — the infrastructure records you create in the app. These are stored only on your device. ANCILE AS has no copy of and no access to them.
- Operational data (section 4) — the limited personal data ANCILE AS processes to provide and support the service, such as correspondence you send us and website server logs.
3. Your documentation
The Ancile app documents physical IT infrastructure — racks, devices, ports and cabling. The records you create, including any personal data they may contain (for example a contact name on a label), are stored exclusively on your device using Apple's on-device storage. ANCILE AS holds no copy, operates no server store of this data, and has no remote access to it. When you photograph a label, text recognition and marker scanning are performed on the device; the images and recognised text are not transmitted off it.
Controller. You — meaning the person, or the organisation on whose behalf you use Ancile (for example your employer or the client whose infrastructure you document) — determine the purposes and means of processing this data and are its controller within the meaning of GDPR Article 4(7). Where a third party's personal data appears in your documentation, you (or that organisation) are responsible for the lawful basis for that processing (typically legitimate interests under GDPR Article 6(1)(f)) and for the corresponding data-subject obligations. ANCILE AS does not determine, and does not assert, a lawful basis over that data.
Retention. This data is retained on your device under your control. ANCILE AS applies no retention period and performs no automatic deletion. The data is removed when you use the in-app Erase All Data function or delete the app.
Exercising rights over this data. Because the data is held only on your device, you exercise the relevant rights directly in the app:
- Export All Data produces a complete, machine-readable copy of your data, supporting the right of access (GDPR Article 15(3)) and, where its conditions are met, data portability (GDPR Article 20).
- Erase All Data permanently deletes the data from your device, supporting the right to erasure (GDPR Article 17).
4. Operational data ANCILE AS processes
To provide and support the service, ANCILE AS processes the following personal data as controller. Each category is processed for the stated purpose, on the stated legal basis, and for no longer than the stated period.
- Correspondence. If you contact us (for example at post@ancile.no), we process your contact details and the content of your message to handle your request. Legal basis: performance of a contract or steps taken at your request, and our legitimate interest in responding (GDPR Article 6(1)(b) and (f)). Retention: no longer than necessary to handle the request and keep a reasonable business record, and in any event no longer than 24 months after the matter is closed.
- Website server logs. This website is hosted by GitHub (GitHub Pages) and Cloudflare (DNS and content delivery). As part of serving and securing the site, they process visitors' IP addresses and standard request logs. Legal basis: our legitimate interest in delivering and securing the website (GDPR Article 6(1)(f)). Retention: limited, in line with the providers' standard log-retention terms (typically up to 30 days).
- Account (not currently offered). Ancile has no account system today; ANCILE AS operates no backend server and stores no sign-in credentials. If account-based sign-in is introduced in future, it will be mediated by Apple (Sign in with Apple and the App Store), with any synchronisation handled through your own iCloud account under Apple's terms, and the applicable legal basis (performance of the service contract, GDPR Article 6(1)(b)) and retention period will be stated here at that time.
This operational data is kept separate from the documentation described in section 3 and gives ANCILE AS no access to it.
5. Customers' systems
ANCILE AS does not request, receive, store or transmit the credentials of any system you document, and the app establishes no connection to the equipment it documents. Documentation leaves your device only when you take an explicit action to export or share it — as a CSV, Excel or PDF file you save or share, or, where such a feature is offered, a per-session transfer to another service that you authorise and initiate for that session. ANCILE AS keeps no copy and has no standing access in either case.
6. Permissions and security
The app requests two permissions, each only when a feature needs it: the camera, to read serial and asset-tag text and to scan location markers; and, optionally, Face ID, if you enable the app lock. You can change either permission in iOS Settings at any time.
The service is designed to limit personal-data processing by default and to keep data on the device (GDPR Article 25). Data on the device is protected by Apple's file protection and device encryption, and the optional app lock restricts access on an unattended device (GDPR Article 32).
7. Your rights
In respect of the operational data ANCILE AS processes (section 4), you have the rights of access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), data portability (Article 20) and objection (Article 21) under the GDPR. To exercise them, contact post@ancile.no; we respond within one month (Article 12(3)). For the documentation held on your device (section 3), the in-app Export All Data and Erase All Data functions are the means to exercise the corresponding rights, and where another person's data appears in your documentation you (or the organisation on whose behalf you use Ancile) are the responsible controller. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, datatilsynet.no) under GDPR Article 77.
8. International transfers
GitHub and Cloudflare (section 4) are based in the United States and act as our processors for the website under their data-processing terms, relying on the EU–US Data Privacy Framework and the European Commission's standard contractual clauses. Documentation on your device is not transferred by ANCILE AS; any future iCloud synchronisation is handled by Apple under its own terms.
9. App Store privacy label
The Ancile app collects no usage analytics and contains no advertising or tracking. The only data that may leave the device other than your own exports is Apple's optional, user-controlled crash and performance diagnostics, which the app does not itself transmit. The App Store privacy label reflects this declaration.
10. Children
The app is a professional tool, is not directed at children, and ANCILE AS does not knowingly process the personal data of children (GDPR Article 8).
11. Changes
If this policy changes, the updated version is posted here with a new date.
12. Contact
ANCILE AS · Nordstrupen 26, 8073 Bodø, Norway · post@ancile.no