Privacy Policy
How Pantio collects, uses, and protects your personal information and data.
Last updated: 2026-05-31
Your privacy is fundamental to how we build Pantio. We believe your data belongs to you — we never sell it, never train external AI models on it, and give you full control over who can access it.
1. Terms of Service
Please review our Terms of Service to understand your rights and responsibilities when using Pantio.
2. Data Ownership
At Pantio, you maintain full ownership of all content you upload to create your Digital Persona. Your memories, conversations, and intellectual property remain exclusively yours.
We don't claim any rights to your content. Your data is stored privately and is never used to train external AI models or shared with third parties.
The simplicity of our ownership policy reflects our commitment: your content is yours, period.
3. Information We Collect
We collect the following types of information to provide and improve our service:
- Account information — email address, name, and authentication credentials
- Persona content — biography, memories, relationships, personal information you provide to create your Digital Persona
- Voice data — voice recordings you upload for voice cloning, stored securely and encrypted
- Biometric data — voiceprints and voice identifiers derived from your voice recordings for voice synthesis purposes
- Conversations — chat messages and voice call transcripts between users and Digital Personas
- Files and attachments — documents, images, and other files you upload to train your persona
- Consent records — timestamps and details of your consent to terms, privacy policy, biometric data collection, and other agreements
- Technical data — device information, browser type, IP address, and usage patterns to secure and improve the service
4. How We Use Your Information
- Create and maintain your Digital Persona
- Generate AI-powered responses using your memories and context
- Clone and synthesize your voice for voice interactions
- Extract and organize memories from your conversations and files
- Provide customer support and respond to your inquiries
- Maintain security, prevent abuse, and detect fraud
- Comply with legal obligations
- Improve our service and develop new features
5. Biometric Data
Voice recordings and derived voiceprints constitute biometric data under certain laws, including the Illinois Biometric Information Privacy Act (BIPA). We handle biometric data as follows:
- Purpose — biometric data is collected and used solely for the purpose of creating and operating voice-enabled Digital Personas
- Storage — biometric data is encrypted at rest and in transit using industry-standard encryption protocols
- Retention — biometric data is retained for as long as your account is active. Upon account deletion or written request, biometric data is permanently destroyed within 30 days
- No sale or profit — biometric data is never sold, leased, traded, or otherwise used for profit by Pantio or any third party
- Third-party processing — voice synthesis providers process biometric data under strict contractual agreements prohibiting permanent storage or model training
- Withdrawal of consent — you may withdraw consent to biometric data processing at any time by deleting your voice data or contacting dk@pantio.io
6. Data of Deceased Individuals
When a Digital Persona is created for a deceased individual (Memorial Persona), we process personal data of the deceased as provided by the authorized creator. This data is subject to the following:
- The persona creator (as data controller) is responsible for ensuring they have the legal right to provide this data
- Data protection rights for deceased individuals may vary by jurisdiction — GDPR generally does not apply to deceased persons, but some national laws extend certain protections
- Family members or legal representatives of the deceased may request access to, modification of, or deletion of a Memorial Persona by providing appropriate documentation to dk@pantio.io
- Memorial Persona data follows the same security, encryption, and storage practices as all other user data
- Memorial Persona data is retained until the creator deletes it or their account is terminated
7. We Never Train on Your Data
Your memories, conversations, and personal information are never used to train AI models. Your content remains private and is only used to power your Digital Persona.
When we use third-party AI providers for text and voice generation, they process your data under strict agreements that prohibit them from storing your data permanently or training their models on your content.
8. Data Processing
We use trusted third-party AI providers for text generation and voice synthesis. Your data is processed under strict agreements that prohibit permanent storage and training on your content.
Before your voice is activated, we require human verification to ensure authenticity and explicit consent.
For detailed information about how we process your data, please visit our Data Processing Documentation.
9. Third-Party Services (Sub-Processors)
We work with the following categories of trusted service providers to deliver the Service. All third-party providers process data under strict agreements consistent with this policy. We do not sell your personal information to anyone.
- Cloud infrastructure and database hosting — for secure storage of your data
- AI text generation providers — for powering Digital Persona conversations
- Voice synthesis providers — for voice cloning and voice interaction features
- Authentication services — for secure account login and identity verification
- Email delivery services — for transactional and notification emails
- Error monitoring and analytics — for maintaining service reliability and performance
- Payment processing — for subscription billing (payment processors do not have access to your persona data)
A current list of specific sub-processors is available upon request by contacting dk@pantio.io. We will notify you of any material changes to our sub-processor list.
10. Access Control
You have complete control over who can access your Digital Persona:
- Visibility settings — choose who can access your persona (public, specific groups, or private)
- Memory access — set each memory as public, group-only, or private
- Deletion — delete any memory, conversation, or your entire account at any time. When you delete your account, all your data is permanently removed
11. Your Rights
You have the following rights regarding your personal data:
- Access — Request access to all your data
- Export — Download a copy of your data in a portable format
- Correction — Update or correct your information
- Deletion — Delete your data at any time (right to be forgotten)
- Visibility Control — Choose who sees your persona and memories
- Transparency — Request information about how your data is used
- Opt-out — Stop automatic memory extraction from conversations
- Biometric data deletion — Request deletion of all voice recordings and derived voiceprints at any time
To exercise any of these rights, contact us at dk@pantio.io
12. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit (HTTPS/TLS) and at rest
- Row-level security policies in our database
- Secure credential storage using encrypted vault
- Regular security audits and monitoring
- Access controls and authentication
While we implement strong safeguards, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.
For detailed information about our security practices, please visit our Security Documentation.
13. Data Breach Notification
In the event of a data breach that affects your personal data, Pantio will:
- Notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, where feasible
- Provide details of the nature of the breach, the categories of data affected, and the approximate number of users affected
- Describe the measures taken or proposed to address the breach and mitigate its effects
- Notify relevant supervisory authorities as required by applicable law (including GDPR Article 33 for EU users)
- Provide recommendations for steps you can take to protect yourself
Notification will be provided via email to the address associated with your account. In cases where email notification is not feasible, we will use alternative means such as prominent notice on our website.
14. Data Storage and Retention
We retain your information for as long as needed to provide the service and for legitimate business or legal purposes. When you delete your account, all your personal data, including biometric data, is permanently removed from our systems within 30 days, except where we are required to retain certain information for legal compliance.
For detailed information about how we store your data, please visit our Data Storage Documentation.
15. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
16. Children's Privacy
Our service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from users under 18. If we learn that a user is under 18, we will immediately terminate their account and delete all associated data. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at dk@pantio.io.
17. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
18. Company Information
This service is operated by Pantio, Inc.
19. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: