Privacy Policy

Last updated: March 28, 2026

PNDA (“we,” “us,” or “our”) operates the pnda.ai platform and related services. This Privacy Policy describes how we collect, use, store, and share information when you use our AI receptionist and business automation services.

1. Information We Collect

Business Account Information

• Business name, address, phone number, and website
• Account holder name, email address, and login credentials
• Billing and payment information (processed securely via Stripe)
• Business hours, service menus, and pricing information

Call and Communication Data

• Inbound and outbound call recordings and transcripts
• SMS messages sent and received through the platform
• Caller phone numbers and contact information provided during calls
• Appointment details (names, dates, services requested)

Usage and Analytics Data

• Call volume, duration, and outcome metrics
• AI agent performance data (sentiment analysis, resolution rates)
• Dashboard interaction and feature usage patterns

2. How We Use Your Information

• Service delivery: Powering your AI receptionist, handling calls, booking appointments, and sending messages on your behalf.
• AI improvement: Analyzing call transcripts and outcomes to improve voice agent accuracy, response quality, and natural language understanding. Your data may be used to train and refine our AI models.
• Analytics and reporting: Generating dashboards, revenue tracking, call analytics, and performance insights for your business.
• Knowledge base: Storing and retrieving business-specific information (services, pricing, FAQs) so your AI agent can answer caller questions accurately.
• Billing: Processing subscription payments and tracking metered usage.
• Communication: Sending you account notifications, service updates, and support correspondence.

3. Third-Party Services

We use the following third-party services to operate the PNDA platform. Each processes data in accordance with their own privacy policies:

• Vapi & ElevenLabs — Voice AI infrastructure and text-to-speech synthesis for handling phone calls.
• Twilio — Telephony and SMS messaging infrastructure.
• Anthropic (Claude) — AI language model for call analysis, transcript processing, and knowledge retrieval.
• Supabase — Database hosting, authentication, and file storage.
• Stripe — Payment processing and subscription management. We do not store credit card numbers on our servers.
• Pinecone — Vector database for knowledge base search and retrieval.

4. HIPAA Considerations

PNDA may be used by healthcare providers and medical spas. When handling Protected Health Information (PHI), we implement the following safeguards:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access to PHI is restricted to authorized personnel on a need-to-know basis.
• Call recordings and transcripts containing PHI are stored in HIPAA-eligible infrastructure.
• We will execute a Business Associate Agreement (BAA) with covered entities upon request.
• Audit logs track access to sensitive records for compliance reporting.

If you are a HIPAA-covered entity, please contact us at privacy@pnda.ai to discuss your compliance requirements and execute a BAA.

5. Data Retention

• Active accounts: We retain your data for as long as your account is active and your subscription is current.
• Call recordings: Retained for 90 days by default, unless your plan includes extended retention or you request earlier deletion.
• Transcripts and analytics: Retained for the lifetime of your account.
• After account closure: We delete or anonymize your data within 30 days of account deletion, except where retention is required by law.

6. Your Rights

You have the right to:

• Access your data: Request a copy of all data we hold about your business and its callers.
• Export your data: Download your call history, transcripts, appointments, and knowledge base entries.
• Delete your account: Request complete deletion of your account and all associated data.
• Correct your data: Update or correct inaccurate business information.
• Opt out of AI training: Request that your call data not be used for AI model improvement.

To exercise any of these rights, contact us at privacy@pnda.ai.

7. Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, role-based access controls, regular security audits, and secure infrastructure hosted on SOC 2-compliant providers. No system is 100% secure, and we cannot guarantee absolute security, but we take reasonable measures to protect your information.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. Your continued use of PNDA after changes are posted constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@pnda.ai
PNDA
pnda.ai