Privacy Policy
Last updated: June 26, 2026
PNDA (“we,” “us,” or “our”) operates the pnda.ai platform and related services. This Privacy Policy describes how we collect, use, store, and share information when you use our AI receptionist and business automation services.
1. Information We Collect
Business Account Information
- Business name, address, phone number, and website
- Account holder name, email address, and login credentials
- Billing and payment information (processed securely via Stripe)
- Business hours, service menus, and pricing information
Call and Communication Data
- Inbound and outbound call recordings and transcripts
- SMS messages sent and received through the platform
- Caller phone numbers and contact information provided during calls
- Appointment details (names, dates, services requested)
Usage and Analytics Data
- Call volume, duration, and outcome metrics
- AI agent performance data (sentiment analysis, resolution rates)
- Dashboard interaction and feature usage patterns
2. How We Use Your Information
- Service delivery: Powering your AI receptionist, handling calls, booking appointments, and sending messages on your behalf.
- Service improvement: PNDA may use de-identified, aggregated, or client-approved data to improve service quality, voice agent accuracy, and response relevance. PNDA does not use Protected Health Information or customer communication content to train third-party foundation models unless you have expressly authorized us to do so in writing. Third-party AI vendors (such as Anthropic and OpenAI) process data as necessary to provide the service, subject to their applicable terms, privacy policies, and any data processing agreements in place with PNDA. See our Subprocessors page for a current list.
- Analytics and reporting: Generating dashboards, revenue tracking, call analytics, and performance insights for your business.
- Knowledge base: Storing and retrieving business-specific information (services, pricing, FAQs) so your AI agent can answer caller questions accurately.
- Billing: Processing subscription payments and tracking metered usage.
- Communication: Sending you account notifications, service updates, and support correspondence.
3. Third-Party Services
We use the following third-party services to operate the PNDA platform. Each processes data in accordance with their own privacy policies:
- Vapi & ElevenLabs — Voice AI infrastructure and text-to-speech synthesis for handling phone calls.
- Twilio — Telephony and SMS messaging infrastructure.
- Anthropic (Claude) — AI language model for call analysis, transcript processing, and knowledge retrieval.
- Supabase — Database hosting, authentication, and file storage.
- Stripe — Payment processing and subscription management. We do not store credit card numbers on our servers.
- Pinecone — Vector database for knowledge base search and retrieval.
SMS and Mobile Data: Phone numbers and mobile opt-in data collected through our platform are never sold, rented, or shared with third parties or affiliates for marketing or promotional purposes. Mobile data is used solely to deliver appointment confirmations, reminders, and business communications on behalf of our clients.
3a. Call Recording and AI Processing
When calls are handled through the PNDA platform, they may be recorded, transcribed, summarized, and analyzed by PNDA and its subprocessors. This processing is necessary to provide the service, generate call analytics, and power AI agent responses. Business clients are responsible for providing any legally required call recording disclosures and obtaining consent from callers as required by applicable law.
4. HIPAA Considerations
PNDA can support HIPAA-aligned workflows for healthcare clients, but only after compliance onboarding has been completed. Before Protected Health Information (PHI) may be transmitted through the PNDA platform:
- A Business Associate Agreement (BAA) must be executed between PNDA and the covered entity.
- Required subprocessor agreements must be in place for all vendors in the data flow.
- PNDA must confirm that the client's account has been configured for HIPAA-aligned operation.
Until these steps are complete, clients should not submit PHI to PNDA. HIPAA configuration is available only on Concierge and custom healthcare plans, after compliance review.
When HIPAA configuration is active, we implement safeguards including encryption in transit (TLS 1.2+) and at rest, access controls, and audit logging. However, PNDA does not represent that its standard platform is HIPAA-compliant out of the box. Compliance depends on proper configuration, executed agreements, and the client's own practices.
To discuss HIPAA onboarding, contact us at privacy@pnda.ai.
5. Data Retention
- Active accounts: We retain your data for as long as your account is active and your subscription is current.
- Call recordings: Retained for 90 days by default, unless your plan includes extended retention or you request earlier deletion.
- Transcripts and analytics: Retained for the lifetime of your account.
- After account closure: We delete or anonymize your data within 30 days of account deletion, except where retention is required by law.
6. Your Rights
You have the right to:
- Access your data: Request a copy of all data we hold about your business and its callers.
- Export your data: Download your call history, transcripts, appointments, and knowledge base entries.
- Delete your account: Request complete deletion of your account and all associated data.
- Correct your data: Update or correct inaccurate business information.
- Opt out of improvement use: Request that your data not be used for service quality improvement beyond delivering your AI receptionist.
To exercise any of these rights, contact us at privacy@pnda.ai.
7. Security
We implement industry-standard security measures to protect your data, including encryption in transit and at rest, role-based access controls, regular security audits, and secure infrastructure hosted on SOC 2-compliant providers. No system is 100% secure, and we cannot guarantee absolute security, but we take reasonable measures to protect your information.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. Your continued use of PNDA after changes are posted constitutes acceptance of the updated policy.
9. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: privacy@pnda.ai
PNDA
pnda.ai