How It Works Features Pricing

Pamony Site - Privacy Policy

Last Updated: January 22, 2026

Pamony ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard the information you share when you sign up for Pamony, subscribe to the SaaS product, use our app, or interact with our website.

By accessing or using Pamony, you agree to this Privacy Policy. If you do not agree, please do not use our services.

1. Overview

  • We do not sell your personal data.
  • We do not use your files, calendars, or conversation content to train public models unless you explicitly opt in.
  • For core features we store file pointers (IDs/links), temporary session chat history, and irreversible embeddings when you enable RAG/indexing features. You control and can request deletion of these items via Settings → Data & Privacy.
  • For questions or data requests contact: support@pamony.com.

2. Scope & definitions

Personal Data: any information that identifies or can identify you (e.g., name, email).

File Pointers: immutable references (file IDs, links, paths) that allow Pamony to locate files in connected third-party services.

Embeddings: numeric vectors derived from document text used to enable search/RAG. These are irreversible numeric fingerprints and cannot be converted by Pamony or Pinecone back into original text.

Third‑party providers: external vendors we use (e.g., Pinecone, Supabase, Dodo Payents, cloud hosting/CDN).

3. Information we collect

3.1 Information you provide directly

  • Account information: email address, display name, profile picture (optional).
  • Support & feedback: messages, attachments, and transcripts you send to support.
  • Preferences & settings: UI and feature toggles, opt-ins/outs.

3.2 Information from connected services (incremental authorization)

Pamony uses an incremental authorization model: we only request bare-minimum login credentials at sign-up. You explicitly connect optional services (Drive, Calendar, OneDrive, Outlook) in Settings when you want features that use them.

  • Calendar data (optional): event titles, times, dates, and locations (read-only scopes) when you connect a calendar.
  • File data (user‑selected): when you explicitly select a file or enable indexing, Pamony may read that file content temporarily to create embeddings. We do not store the original file content persistently unless you explicitly enable cloud-sync or upload features.
  • Stored items for functionality:
    • File Pointers (IDs/links) — stored so Pamony can locate content when you request it.
    • Temporary Session Chat History — kept to maintain conversational context; visible and removable in Settings.
    • Embeddings — stored in a vector DB (e.g., Pinecone) only for features you enable.

3.3 Automatic & technical data

Usage analytics (pages/features used), crash logs, device/OS information, browser type, and IP address. These are used in aggregate to improve stability and performance. You may opt out of non-essential analytics (see Cookies & Analytics).

4. How we use personal data & legal bases

We use data to operate and improve Pamony.

Primary purposes & legal bases (EU/EEA):

  • Account, billing, and payment processing: performance of a contract (Art. 6(1)(b) GDPR).
  • Service delivery (indexing, embeddings, session continuity): performance of a contract and/or your explicit consent for optional features (Art. 6(1)(b) / Art. 6(1)(a)).
  • Support & communication: performance of contract and legitimate interest (Art. 6(1)(b) / (f)).
  • Analytics & product improvement: legitimate interest, except where the law requires consent (we will ask for consent for cookies/analytics where required).
  • Legal obligations: compliance with legal requests or tax/accounting obligations (Art. 6(1)(c)).

If you are outside the EU/EEA, we will rely on lawful bases available under local law.

5. RAG, embeddings & LLM providers

  • Embeddings: when you enable RAG/indexing, Pamony creates irreversible numeric embeddings and stores them in a vector database (e.g., Pinecone). Without the original documents these embeddings are not usable to reconstruct the original text.
  • Model usage: we use commercial LLM APIs (e.g., Gemini or similar) configured and contracted to prevent the provider from using your content to train public models. We will never add customer content to public training corpora unless we obtain your explicit consent beforehand.

6. Third parties, processors & transfers

We work with trusted third-party providers to deliver the Service. Current named processors (update as needed):

  • Vector DB: Pinecone
  • Auth & DB: Supabase
  • Payment processing: Dodo Payment

Each processor acts only on our instructions and is bound by contractual data processing terms. Where data is transferred outside the EU/EEA we rely on appropriate safeguards (e.g., Standard Contractual Clauses). Contact support@pamony.com for a copy of our safeguards.

7. Data sharing & disclosures

  • We only share personal data with Authorized service providers for the limited purpose of delivering the Service (e.g., Pinecone, Supabase, Dodo Payment, hosting). We share the minimum data necessary.
  • Legal authorities if required by law, subpoena, or to prevent fraud or imminent harm.

We do not sell or rent your personal information.

8. Cookies & analytics

We use cookies and similar technologies. On first visit a cookie banner allows you to accept or manage optional cookies. Core cookies required for the Service are essential and cannot be disabled without affecting functionality. You can opt out of analytics cookies at any time via the cookie controls.

9. Security & data segregation

We implement industry-standard protections including TLS for data in transit, encryption for sensitive tokens at rest, role-based access controls, and database row-level security (e.g., Supabase RLS policies such as auth.uid() = user_id) to restrict access to user rows.

While we take commercially reasonable measures to protect data, no system is 100% secure. If we become aware of a breach affecting your personal data, we will notify affected individuals and relevant supervisory authorities where required by law and, where applicable, within 72 hours of becoming aware of the breach.

10. Retention, deletion & data control (updated guarantees)

You control which integrations and files Pamony may access.

Disconnecting & revocation

  • Disconnecting: Disconnecting a service in Settings revokes Pamony’s ability to fetch new data from that source. We will remove file pointers and stop future indexing of that integration according to the retention rules below.
  • Revoking a single file: if you revoke access to a specific file (via the app or by asking the assistant), Pamony will: (a) remove the file pointer and associated searchable metadata; and (b) initiate deletion of any embeddings derived from that file in our vector store.

Deletion & purge timing — practical note

We will promptly initiate deletion and request removal of embeddings from our vector provider (e.g., Pinecone) upon your revocation or deletion request. We aim to complete removal of embeddings and pointers within 30 days in normal operations. However, backups, caches, or third-party retention policies may temporarily retain copies for up to 90 days for operational/recovery/legal reasons. We will confirm completion by email when the removal is finished.

Retention examples (default practice)

  • Account & profile data: retained while account active and up to 7 years after deletion for legal/tax reasons.
  • Billing & invoices: 7 years.
  • Analytics & telemetry: 12 months (unless anonymised earlier).
  • Temporary session chat history: default 30 days (user can delete immediately).
  • Embeddings: retained while the feature is active; removed on request (aim: within 30 days; backups may persist longer).
  • File Pointers (IDs/links): retained while integration active; removed within 30 days of disconnection or deletion request.

If you need a specific deletion confirmation for compliance reasons, contact support@pamony.com and we will provide details of the purge process.

11. Your rights & how to exercise them

Depending on your jurisdiction you may have rights including:

  • Access, correction, or export of your personal data.
  • Deletion or restriction of processing.
  • Withdrawal of consent where processing is based on consent.
  • Objection to processing for direct marketing/legitimate interests.
  • Lodge a complaint with a supervisory authority (e.g., in the EU/EEA).

To exercise these rights contact support@pamony.com with "Data Request" in the subject. We will verify your identity and respond within 30 days or notify you if we need a lawful extension.

12. Children’s privacy & eligibility

Pamony is intended for users 18 years or older. We do not knowingly collect information from children under 18. If we learn we have collected data from a child under 18 without parental consent, we will delete the data. If you believe we may have collected such data, contact support@pamony.com.

13. Onboarding, consent & logging

Before enabling any optional indexing or RAG features Pamony will present a clear, prominent disclosure in the normal course of use describing:

  • what data will be accessed (e.g., filenames, metadata, document text for embeddings),
  • why it is needed, and
  • how it will be used and shared.

You must explicitly opt in (e.g., an Accept & Continue button) before Pamony collects optional data. We log user consent (user id, timestamp, and policy version) for compliance.

14. Platform & store compliance

Google Play: If Pamony is published in Google Play/Android builds we will complete Google Play’s Data safety form and ensure all declared collection matches this policy. For any background or unexpected data collection we will provide a prominent in-app disclosure and obtain affirmative consent before collection.
Microsoft Store / Partner Center: For Windows distribution we will provide the Privacy Policy URL in Partner Center, declare required permissions in the app manifest, respect Windows privacy settings, and sign distribution binaries with a code-signing certificate from a CA in Microsoft’s Trusted Root Program.

15. Changes to this policy

We may update this policy. For material changes we will notify registered users by email or in-app notice. The “Last updated” date at the top will indicate the most recent changes.

16. Contact

Support: support@pamony.com