Privacy Policy

Pantheon Smart (“we”, “us”, or “Pantheon Smart”) takes your privacy seriously. This policy explains what we collect, what we do with it, and the rights you have over your data. If anything here is unclear, email us at [email protected].

1. What we collect

• Account information. Email address and a hashed password when you create an account. We never store your raw password.
• Conversations and uploads. The messages you send, the AI's responses, and any files you upload are stored so you can search and reference them later.
• Payment information. Processed directly by Square. We never see or store your card number, CVV, or bank account details.
• Usage data. Credit balance, purchase history, and aggregated usage metrics for operating the service.
• Technical data. IP address, browser type, and timestamps, used for security and abuse prevention.

2. What we don't do with your data

• We don't train AI models on your conversations. Your work stays yours.
• We don't sell your data. Not to advertisers, not to data brokers, not to anyone.
• We don't share conversation content with third parties except the AI provider needed to generate your response.
• We don't profile you for advertising. We don't run ads.

3. How we use your information

• To provide and operate the service (generating AI responses, storing chat history, processing payments).
• To send transactional emails (purchase confirmations, password resets, account notifications).
• To detect abuse, fraud, and violations of our terms.
• To improve the service through aggregated, anonymized usage patterns.

4. Data sharing

We share data only with the service providers strictly needed to operate:

• Square processes payment transactions on our behalf.
• Our AI provider receives your prompts to generate responses. Under our commercial agreement, your data is not used to train their models.
• Our infrastructure providers (cloud hosting, email delivery) process data under data-processing agreements.
• Legal authorities only when required by valid legal process.

5. Data security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed using bcrypt with a work factor of 12. Payment data is handled under PCI DSS compliance by Square. We operate under SOC 2 Type II equivalent controls.

6. Data retention

We keep your account data and conversation history for as long as your account is active. When you delete your account, we permanently delete your personal information, conversations, and uploads within 30 days. We may retain anonymized billing records for up to 7 years to comply with tax and accounting obligations.

7. Your rights

You have the right to:

• Access your personal data and conversation history.
• Export your data in a machine-readable format.
• Delete your account and all associated data.
• Correct inaccurate information in your account.
• Object to processing or withdraw consent at any time.

To exercise any of these rights, email [email protected]. We respond within 7 business days.

8. International transfers

Our servers are located in the United States. If you access our service from outside the US, your data will be transferred to and processed in the US under standard contractual clauses.

9. Children's privacy

We don't knowingly collect data from anyone under 16. If you believe we have, contact us and we'll delete it immediately.

10. Changes to this policy

We may update this policy occasionally. Material changes will be announced by email and in the app. Continued use after changes take effect constitutes acceptance.