Privacy Policy

PanAI Inc. (“we,” “our,” or “us”) operates the PanAI platform, an AI-powered productivity suite available at https://panaitech.com and via our associated applications (collectively, the “Service”).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you interact with our Service. It applies to all users, including free and paid subscribers. This policy is incorporated by reference into our Terms of Service.

By using PanAI, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Service.

We collect information in the following categories:

We use the information we collect for the following purposes:

• Providing the Service: Processing your queries, generating AI responses, managing your files, and facilitating integrations.
• Account Management: Creating and maintaining your account, authenticating your identity, and managing subscriptions.
• Communication: Sending transactional emails (e.g., password resets), product updates, and security alerts.
• Product Improvement: Analyzing aggregate, de-identified usage patterns to improve features and the overall user experience.
• Safety & Security: Detecting, investigating, and preventing fraudulent or unauthorized activity and enforcing our Terms of Service.
• Legal Compliance: Complying with applicable laws, regulations, and lawful requests from authorities.

We will never sell your personal data to third parties for their marketing purposes.

We do not sell your personal information. We may share your data only in the following limited circumstances:

• Service Providers: With trusted vendors who perform services on our behalf (e.g., cloud hosting, email delivery, analytics) under strict data processing agreements.
• AI Model Providers: Your prompts and content may be processed by underlying AI model providers (e.g., OpenAI, Anthropic) solely to generate responses. See Section 5 for more detail.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.
• Legal Requirements: When required by law, subpoena, or other legal process, or to protect the rights, property, or safety of PanAI, its users, or the public.
• With Your Consent: In any other situation where you have provided explicit consent.

PanAI uses large language models (LLMs) and other AI technologies to power its core features. Here is how we handle your data in that context:

• Prompts and uploaded content you submit are sent to AI model providers solely to generate responses on your behalf. These providers are contractually restricted from using your data to train their models (where such opt-out options are available).
• We store your conversation history to enable context-aware AI interactions. You can delete your conversation history at any time from your account settings.
• We may use anonymized, aggregated usage data (never your raw content) to evaluate and improve our own AI features.
• AI-generated responses are not reviewed by humans unless you specifically report an issue or we are required to do so for safety or legal reasons.

PanAI allows you to connect third-party services such as Notion, Monday.com, Jira, Slack, Trello, and others. When you authorize an integration:

• We request only the permissions necessary to provide the integration functionality you have requested.
• Data retrieved from connected services is processed in accordance with this Privacy Policy.
• You can revoke integration access at any time from your account settings or through the respective third-party platform.
• Each third-party service has its own privacy policy; we encourage you to review those policies independently.

Revoking an integration stops future data access but does not automatically delete data already processed through that integration.

We use cookies and similar tracking technologies to operate and improve the Service. These include:

You can control cookies through your browser settings. Note that disabling essential cookies may impair Service functionality.

We retain your personal information for as long as your account is active or as needed to provide the Service. More specifically:

• Account data is retained until you delete your account, plus a 30-day grace period to allow for recovery.
• Uploaded files are retained until you delete them or terminate your account.
• Billing records are retained for up to 7 years as required by financial regulations.
• Server logs are retained for 90 days for security and debugging purposes.
• Anonymized usage analytics may be retained indefinitely for product research.

You may request early deletion of your data at any time by contacting us at admin@panaitech.com.

We take the security of your data seriously and implement industry-standard measures to protect it:

• All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Authentication tokens are stored in secure, httpOnly cookies with SameSite protection to mitigate XSS and CSRF attacks.
• We implement rate limiting and brute-force protection on all authentication endpoints.
• Access to production systems is restricted to authorized personnel only and requires multi-factor authentication.
• We conduct periodic security reviews and promptly address vulnerabilities.

No method of transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. Please notify us immediately at admin@panaitech.com if you become aware of any security vulnerabilities.

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at admin@panaitech.com. We will respond within 30 days. Some rights may be subject to limitations under applicable law.

California Residents (CCPA): You have the right to know what personal information we collect and to opt out of any sale of that information. We do not sell personal information.

EU/UK Residents (GDPR): Our legal bases for processing include contract performance, legitimate interests, legal obligation, and consent. You have the right to lodge a complaint with your local supervisory authority.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data without parental consent, please contact us at admin@panaitech.com, and we will take steps to delete such information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a revised “Last updated” date
• Sending an email notification to your registered email address
• Displaying a prominent in-app notice upon next login

We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.