Privacy Policy

1. Basic policy

Panezy, Inc. complies with applicable privacy and data protection laws and handles user personal information appropriately while providing the service.

2. Information we collect

We may collect account data (email, display name, authentication identifiers), workspace settings, access logs, edit/audit logs, and billing-related identifiers (for example, Stripe customer and subscription IDs).

We may also collect usage-related information such as cookies, IP address, device/browser metadata, and similar diagnostics to provide service features, security controls, abuse prevention, and incident response.

Panezy CLI may collect anonymous usage telemetry including the normalized command name, CLI version, OS, Node.js version, success or failure, exit code, stable error code, and anonymous install ID. CLI telemetry does not send SQL, database URLs, table names, column names, workspace/user/page/token IDs, file paths, command arguments, raw error messages, stack traces, or credentials.

3. Purposes of use

Collected information is used for authentication, access control, billing, auditability, support, and product improvement.

Primary purposes include:

1. Registration, identity verification, and login management
2. Workspace collaboration and MCP/API/CLI features
3. Charging, payment processing, and contract administration
4. Abuse detection, security monitoring, and audit trail preservation
5. Support handling, incident investigation, and quality improvement
6. Legal compliance and rights/obligation handling

4. Third-party sharing

Panezy does not provide personal information to third parties without consent, except where required by law.

We may outsource data processing to service providers where necessary for service delivery, such as payment processing, cloud infrastructure, authentication platforms, and monitoring systems.

External service provider outsourcing is performed only to the extent necessary for service delivery, and Panezy provides necessary and appropriate supervision.

5. International transfers

Panezy may entrust processing to overseas service providers. As of March 5, 2026, major processors include Stripe, Render, Google, and Sentry.

Data may be processed in the United States and other regions designated by each provider. Panezy reviews processor policies, safeguards, and contractual conditions in accordance with applicable law.

6. Security controls

Panezy implements organizational, personnel, physical, and technical measures to prevent unauthorized access, leakage, loss, or damage of personal information, including access control, credential management, encrypted communication, logging, and vendor oversight.

7. Retention

Data retention periods follow plan terms and operational policies. After account closure or contract termination, retention is limited to legally required and operationally reasonable periods.

8. Cookies and similar technologies

Cookies may be used for usability, session continuity, abuse prevention, and usage analytics. Users can disable cookies in browser settings, but some features may become unavailable.

CLI telemetry can be disabled with `panezy telemetry disable`, `PANEZY_TELEMETRY_DISABLED=1`, or `DO_NOT_TRACK=1`. In CI environments, CLI telemetry is disabled unless explicitly enabled.

9. Data subject requests

Subject to applicable law, users may request disclosure, correction, addition, deletion, suspension of use, or suspension of third-party provision of their personal information. Requests are handled after identity verification and according to legal and internal procedures.

10. Policy updates

This policy may be revised due to legal amendments or service changes. Important updates will be communicated in-app or by other appropriate methods.

11. Business operator and contact

Operator: Panezy, Inc. (Representative: Gakuto Higuchi)
Contact: gakuto.higuchi@panezy.com