Skip to main content

Privacy Notice

Effective Date: February 25, 2026 · Version 1.0

Welcome to pandō, made by human.software ("we," "us," or "the Company"). We built this tool for professional developers who demand precision, control, and honesty from their software. This document is an extension of that philosophy. It explains our data practices in plain English, without legal fluff.

Our Privacy Principles

Our commitment to you is built on these principles:

  • Local by Default: The core engine runs entirely on your machine. Your code is yours.
  • Clear Data Boundaries: We make an extremely clear distinction between local processing and any optional feature that sends data externally.
  • Explicit Consent: We will never send your code to a third-party service without your explicit configuration and consent.
  • You Are the Controller: You own and control your code and the data generated from it.

What We Will Never Do

  • We never sell your data to third parties.
  • We never share your source code without your explicit action and permission.
  • We never use your private code to train our own AI models.
how we handle data

Our Collection and Use of Data

We collect the minimum data necessary to provide and improve the tool.

1. Data Processed Entirely on Your Machine

The core functionality of pandō is fully local. All processing happens on your machine.

  • Code Analysis Data: Your source code and its structure.
  • Index Metadata: File paths and cryptographic hashes stored in a local database on your machine.
  • Operation Logs: A local history of transformations, errors, and performance metrics.

2. Optional Connections to Third-Party AI Services

pandō's core operations — rename, find references, delete, insert, replace, snapshot, and restore — run entirely on your machine and never send source code externally. When you use pandō through an MCP-compatible AI client (such as Claude, Cursor, or Windsurf), the AI client itself may send code context to its own AI provider as part of its normal operation. That data flow is governed by the AI client's own terms and privacy policies, not ours — pandō does not control or intermediate those requests.

  • pandō's structural tools: Execute locally. No source code is sent to any external service by pandō.
  • Your AI client: When you invoke pandō tools through an AI agent, the agent may include code context in its own prompts. This is standard MCP client behavior and is subject to your agreement with that client's provider.

3. Data We Collect Through Direct Interaction

  • Contact & Account Information: Name, email, and account tier (Personal or Organization) for support, billing, and important, non-marketing product updates.
  • Support Information: Bug reports, error logs, and code snippets you voluntarily share with us to resolve an issue.
  • Payment Information: For Organization subscriptions, we use Stripe as our payment processor. We do not store your sensitive payment details.

4. Analytics, Cookies, and Tracking

We use analytics on our public marketing pages to understand aggregate traffic patterns, not individual behavior. Analytics sets first-party cookies to remember that you have visited the site before; it does not have access to your code or account data.

  • What we measure: Page views, device types, approximate geography, and on-site interactions. We use this data to improve documentation and gauge interest in product updates.
  • What we do not collect: Personal identifiers, source code, or payment details. We do not combine analytics data with customer records.
  • How to opt out: You can disable analytics cookies through your browser settings or enable a privacy-focused browser that blocks analytics scripts.
  • Stripe checkout: When you open the secure checkout modal, Stripe may set additional cookies that are required to prevent fraud and complete the transaction.

How We Use Your Data

We use the data we collect for specific, legitimate purposes:

  • To Provide and Improve pandō: To execute code transformations, fix bugs, develop new features, and analyze performance (only with optional telemetry).
  • To Support You: To respond to support requests, send important service updates, and provide documentation.
  • For Security and Integrity: To verify license information, prevent abuse of our services, and maintain service availability.
  • For Business Operations: To process payments, comply with legal obligations, and enforce our Terms of Service.

How We Share Your Data

We do not share your data, except in these limited circumstances:

  • With Service Providers: We use trusted providers for essential business functions like payment processing (Stripe) and cloud infrastructure (AWS, Google Cloud). They are bound by strict data protection agreements.
  • For Legal Reasons: If required by law, such as in response to a subpoena or court order.
  • In a Business Transfer: If we are involved in a merger or acquisition, your data may be transferred as part of that deal, but it will remain subject to the promises in this notice.

Data Retention

We have a clear policy for how long we keep your data:

  • Local Data: Remains on your machine until you delete it.
  • Account Data: Retained while your account is active and for a reasonable period after for recovery and billing purposes.
  • Support Data: Retained as needed to resolve your issue and for a limited time to track recurring bugs.
  • Payment Data: Retained as required by tax and accounting laws (typically 7 years).
your control

Your Rights and Controls

You have complete control over your data.

  • Access and Deletion: You can delete your local databases at any time. You can request a copy of the account data we hold about you or request its deletion.
  • Opt-out of Communications: You can unsubscribe from any non-essential emails from us.
  • Opt-out of Telemetry: pandō does not currently collect product telemetry. If we introduce optional telemetry in the future, it will be strictly opt-in.
  • Run Offline: You can disable all network features and run pandō in a fully air-gapped environment.

International Data Transfers

If you are located outside the United States, your account and payment information may be transferred to our servers in the U.S. We use standard contractual clauses and other appropriate safeguards to protect your data when it is transferred internationally.

Children's Privacy

pandō is a professional developer tool not intended for users under the age of 16. We do not knowingly collect data from children.

Privacy in Specific Jurisdictions

For European Users (GDPR):

  • You have the right to access, rectify, erase, and object to the processing of your data. Our legal basis for processing is typically to fulfill our contract with you (the Terms of Service) or for legitimate business interests.

For California Residents (CCPA):

  • You have the right to know what data we collect and to request its deletion. We do not "sell" your personal information as defined by the CCPA.

Changes to This Notice

We update this notice when we ship new features or respond to legal requirements. For material changes we will email the address associated with your account and display a notice inside the application and on this page at least 14 days before the update takes effect.

questions?

Get in Touch

For any privacy-related questions, we're here to help.

Contact