Privacy Notice

Effective Date: September 18, 2025
Version: 1.0

Welcome to pandō. We built this tool for professional developers who demand precision, control, and honesty from their software. This document is an extension of that philosophy. It explains our data practices in plain English, without legal fluff.

Our Privacy Principles

Our commitment to you is built on these principles:

  • Local by Default: The core engine runs entirely on your machine. Your code is yours.
  • Clear Data Boundaries: We make an extremely clear distinction between local processing and any optional feature that sends data externally.
  • Explicit Consent: We will never send your code to a third-party service without your explicit configuration and consent.
  • You Are the Controller: You own and control your code and the data generated from it.

What We Will Never Do

  • We never sell your data to third parties.
  • We never share your source code without your explicit action and permission.
  • We never use your private code to train our own AI models.
how we handle data

Our Collection and Use of Data

We collect the minimum data necessary to provide and improve the tool.

1. Data Processed Entirely on Your Machine

The core functionality of pandō is fully local. All processing happens on your machine.

  • Code Analysis Data: Your source code and its structure.
  • Index Metadata: File paths and cryptographic hashes stored in a local LanceDB database.
  • Operation Logs: A local history of transformations, errors, and performance metrics.

2. Optional Connections to Third-Party AI Services

pandō's core intelligence comes from its unique structural analysis of your code. To translate natural language into actions, we connect to third-party AI service providers. This works in two ways, depending on your plan:

  • For Free and Pro Plans: When you make a request, we act as the intermediary. Our service sends the relevant, minimal code context to the AI provider (e.g., OpenAI, Anthropic) on your behalf. Your request is subject to the privacy policies of these providers.
  • For Business Plans (BYOK): We offer an optional "Bring Your Own Key" (BYOK) feature. If your organization enables this, you establish a direct connection. pandō sends requests from your editor directly to your company's account with the AI provider. In this mode, your data is subject to the agreements between your company and that provider.

3. Data We Collect Through Direct Interaction

  • Contact & Account Information: Name, email, and license information for support, billing, and important, non-marketing product updates.
  • Support Information: Bug reports, error logs, and code snippets you voluntarily share with us to resolve an issue.
  • Payment Information: For commercial licenses, we use third-party processors like Stripe. We do not store your sensitive payment details.

4. Analytics, Cookies, and Tracking

We use Google Analytics on our public marketing pages to understand aggregate traffic patterns, not individual behavior. Google Analytics sets first-party cookies to remember that you have visited the site before; it does not have access to your code or account data.

  • What we measure: Page views, device types, approximate geography, and on-site interactions. We use this data to improve documentation and gauge interest in product updates.
  • What we do not collect: Personal identifiers, source code, or payment details. We do not combine analytics data with customer records.
  • How to opt out: You can disable analytics cookies through your browser settings, install the Google Analytics opt-out browser add-on, or enable a privacy-focused browser that blocks analytics scripts.
  • Stripe checkout: When you open the secure checkout modal, Stripe may set additional cookies that are required to prevent fraud and complete the transaction.

How We Use Your Data

We use the data we collect for specific, legitimate purposes:

  • To Provide and Improve pandō: To execute code transformations, fix bugs, develop new features, and analyze performance (only with optional telemetry).
  • To Support You: To respond to support requests, send important service updates, and provide documentation.
  • For Security and Integrity: To verify license information, prevent abuse of our services, and maintain service availability.
  • For Business Operations: To process payments, comply with legal obligations, and enforce our Terms of Service.

How We Share Your Data

We do not share your data, except in these limited circumstances:

  • With Service Providers: We use trusted providers for essential business functions like payment processing (Stripe) and cloud infrastructure (AWS, Google Cloud). They are bound by strict data protection agreements.
  • For Legal Reasons: If required by law, such as in response to a subpoena or court order.
  • In a Business Transfer: If we are involved in a merger or acquisition, your data may be transferred as part of that deal, but it will remain subject to the promises in this notice.

Data Retention

We have a clear policy for how long we keep your data:

  • Local Data: Remains on your machine until you delete it.
  • Account Data: Retained while your license is active and for a reasonable period after for recovery and billing purposes.
  • Support Data: Retained as needed to resolve your issue and for a limited time to track recurring bugs.
  • Payment Data: Retained as required by tax and accounting laws (typically 7 years).
your control

Your Rights and Controls

You have complete control over your data.

  • Access and Deletion: You can delete your local databases at any time. You can request a copy of the account data we hold about you or request its deletion.
  • Opt-out of Communications: You can unsubscribe from any non-essential emails from us.
  • Opt-out of Telemetry: pandō does not currently collect product telemetry. If we introduce optional telemetry in the future, it will be strictly opt-in.
  • Run Offline: You can disable all network features and run pandō in a fully air-gapped environment.

International Data Transfers

If you are located outside the United States, your account and payment information may be transferred to our servers in the U.S. We use standard contractual clauses and other appropriate safeguards to protect your data when it is transferred internationally.

Children's Privacy

pandō is a professional developer tool not intended for users under the age of 16. We do not knowingly collect data from children.

Privacy in Specific Jurisdictions

For European Users (GDPR):

  • You have the right to access, rectify, erase, and object to the processing of your data. Our legal basis for processing is typically to fulfill our contract with you (the Terms of Service) or for legitimate business interests.

For California Residents (CCPA):

  • You have the right to know what data we collect and to request its deletion. We do not "sell" your personal information as defined by the CCPA.

Changes to This Notice

We update this notice when we ship new features or respond to legal requirements. For material changes we will email the address associated with your license and display a notice inside the application and on this page at least 14 days before the update takes effect.

questions?

Contact Us

For any privacy-related questions, we're here to help.

Contact Us