1. Who we are
Pandora ("we", "us") is operated by the Pandora team out of Switzerland. We provide an autonomous AI agent fleet management service, accessible at pandora-ai.ch. If you have privacy questions, write to privacy@pandora-ai.ch.
2. What data we collect
We collect only what we need to run the service. Specifically:
- Account data: your email address, an optional display name, and the password hash for your account.
- Project data: the GitHub repository URLs you connect, branch names, and metadata about tasks you dispatch to the agent fleet.
- Agent outputs: the diffs, plans, reviews, and commentary the AI agents produce while working on your repositories. We retain these so you can audit what the fleet did on your behalf.
- Usage data: server access logs (IP address, request path, timestamp, response code) kept for 30 days for security and abuse prevention.
- Billing data: if you are on a paid plan, our payment processor (Stripe, once wired) handles your card details. We never see or store full payment card numbers ourselves; we only see a token and the last four digits.
We do not buy data from third parties and we do not sell your data to anyone.
3. How we use the data
We use your data for the following purposes, and nothing else:
- Provide the service: run the agent fleet against your repositories, show you outputs, send you approval prompts.
- Billing and account management: charge your subscription, send invoices, handle cancellations.
- Customer support: answer your questions, troubleshoot issues you report.
- Security and abuse prevention: detect compromised accounts, block abuse, comply with legal obligations.
- Service improvement: aggregate, anonymous statistics (e.g. average task latency, error rates) to improve the product. We do not train AI models on your repository content or your agent outputs.
4. Where your data is stored
The primary service runs on a server located in Switzerland. The domain pandora-ai.ch is registered in Switzerland and the database, application logs, and agent output archives all live on Swiss infrastructure. Switzerland has strong data protection laws (the revised Federal Act on Data Protection, in force since 2023) and is recognized by the European Commission as providing an adequate level of data protection for EU personal data.
5. Sub-processors
To deliver the service we share specific data with the following sub-processors:
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude API) | Powers the AI agent fleet | Task prompts, repository snippets, agent context |
| Stripe (once wired) | Subscription billing | Email, billing name, card token, charge amount |
| GitHub | Repository access via your connected token | You control this directly via OAuth scopes |
If we add a sub-processor in the future, we will update this list before they start processing your data. Anthropic, Stripe, and GitHub have their own privacy policies; we recommend reading them as well.
6. Data retention
We retain your account data and project data for as long as your subscription is active. After cancellation, we keep the data for an additional 90 days so you can reactivate without losing context, and then we delete it. Agent output archives follow the same 90-day window. Server access logs are deleted after 30 days. Billing records are kept for the period required by Swiss tax law (currently 10 years for accounting records).
7. Your rights (GDPR Art. 15-20)
If you are in the EU, the UK, or Switzerland, you have the following rights regarding your personal data:
- Access (Art. 15): get a copy of the data we hold about you.
- Rectification (Art. 16): correct inaccurate data.
- Erasure (Art. 17): delete your account and associated data, subject to legal retention obligations on billing records.
- Restriction (Art. 18): ask us to pause processing of your data while a dispute is resolved.
- Portability (Art. 20): export your data in a structured, machine-readable format (we provide a JSON export endpoint for project and agent-output data).
- Object (Art. 21): object to processing based on legitimate interests.
To exercise any of these rights, email privacy@pandora-ai.ch from the address on your account. We respond within 30 days. You also have the right to lodge a complaint with a supervisory authority — for Swiss customers, the Federal Data Protection and Information Commissioner (FDPIC).
8. Cookies
We use a single first-party cookie called session. It contains a signed session token that keeps you logged in between page loads. It is HttpOnly, Secure (HTTPS only), and SameSite=Lax. It expires when you log out or after a period of inactivity.
We do not use any third-party tracking cookies. No Google Analytics, no Facebook pixel, no advertising trackers. The cookie consent banner you may see on our marketing pages is informational — the session cookie is strictly necessary for the service to function and does not require opt-in consent under ePrivacy rules, but we surface it anyway so you know what is happening.
9. Security
We take security seriously. Passwords are hashed with a modern adaptive algorithm, transport is TLS-only, the session cookie is HttpOnly + Secure + SameSite=Lax, and access to production systems is restricted to a small set of authenticated operators. We do not claim certification to SOC 2, ISO 27001, or any other formal scheme — we are an early-stage company and have not undergone those audits yet. We will be transparent about that until we earn the certifications honestly.
10. Changes to this policy
We update this policy when we add features that change how we handle data, or when counsel reviews it before general availability. Material changes are announced via email to active customers at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent change.
11. Contact
Privacy questions: privacy@pandora-ai.ch
General support: mail@pandora-ai.ch
Postal address available on request.