As part of its activities, Pancake may process personal data. We attach the utmost importance to the security and confidentiality of user data, whether collected via our website (https://getpancake.ai), web application (https://app.getpancake.ai), or third-party integrations such as Slack.
1. Data We Collect
We may collect and process the following categories of personal data:
- Account Information: name, email address, company name
- Usage Data: interactions with the platform, feature usage, logs
- Technical Data: IP address, browser type, device information
- Slack Data (if applicable):
- User IDs
- Workspace IDs
- Channel IDs
- Messages or content explicitly sent to the Pancake app
- Metadata associated with Slack interactions (timestamps, event types)
2. How We Use Data
We use collected data to:
- Provide and operate the Pancake service
- Authenticate users and manage accounts
- Improve product performance and features
- Ensure security and prevent abuse
- Respond to user requests and support inquiries
Slack Data Usage:
- Slack data is only used to provide requested functionality within the Slack integration
- We do not use Slack data for advertising or unrelated purposes
3. Data We Do Not Use
In some cases, Pancake may receive data from Slack (such as event payloads or system logs) that is not actively used.
- This data is not processed beyond what is necessary for system operation
- It is not stored long-term and is automatically deleted
4. Data Retention
Personal data is retained only as long as necessary for the purposes described above:
- Account data: retained while the account is active
- Usage logs: retained for a limited period (e.g., up to 30 days) for security and debugging
- Slack data: retained only as needed to provide the service and may be deleted immediately after processing depending on the feature
We may retain certain data longer if required by law.
5. Your Rights
In accordance with GDPR and applicable laws, you have the right to:
- Access your data
- Correct inaccurate data
- Request deletion of your data
- Restrict or object to processing
- Request data portability
To exercise your rights, contact us at: privacy@pancake.ai
6. Data Security
We implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or disclosure. All data is transmitted over TLS/SSL and encrypted at rest using AES-256 on disk.
Data is hosted on GCP infrastructure located in the United States.
7. Google User Data
Pancake integrates with Google Workspace to act as a cofounder for our users. With your explicit consent, Pancake requests access to the following Google OAuth scopes:
https://www.googleapis.com/auth/userinfo.emailandhttps://www.googleapis.com/auth/userinfo.profile— to identify you and create your Pancake account.https://mail.google.com/— to read, compose, send, and manage Gmail messages on your behalf when you ask Pancake to triage your inbox or send email on your behalf.https://www.googleapis.com/auth/drive— to read, create, and modify files in your Google Drive that are relevant to tasks you delegate to Pancake.https://www.googleapis.com/auth/documents— to read and edit Google Docs you ask Pancake to work on.https://www.googleapis.com/auth/spreadsheets— to read and edit Google Sheets you ask Pancake to work on.https://www.googleapis.com/auth/calendar— to read your calendar, create events, and manage scheduling on your behalf.https://www.googleapis.com/auth/contacts— to look up and reference contacts when scheduling, sending email, or sharing files.
How we use Google user data
Google user data is used solely to provide and improve the user-facing features of Pancake — specifically, to let our AI cofounder read, draft, schedule, and edit on your behalf in response to your instructions. Google user data is not used for any other purpose.
How we share Google user data
Google user data is processed by a single sub-processor: Anthropic, PBC, the provider of the large language model that powers Pancake's reasoning. Anthropic processes the data only to generate responses for Pancake and, per its commercial terms, does not retain prompts or completions beyond what is necessary to provide the service and does not use them to train its models. We do not share Google user data with any other third party.
How we protect Google user data
Google user data is encrypted in transit using TLS/SSL and at rest using AES-256. Access is restricted to authorized personnel via SSO and is logged and audited. OAuth tokens are stored in an encrypted secrets store.
How we retain and delete Google user data
Google user data fetched to fulfill a user request is retained for up to 14 days and then automatically deleted. You can revoke Pancake's access at any time from your Google Account's Third-party apps with account access page, or by emailing privacy@pancake.ai. On revocation or account deletion, all stored Google user data is deleted within 14 days, except where retention is required by law.
What we do not do with Google user data
- We do not sell Google user data.
- We do not use Google user data for advertising, including personalized, retargeted, or interest-based advertising.
- We do not transfer Google user data to data brokers, or for credit-worthiness or lending purposes.
- We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models. Anthropic, our model provider, does not train its models on Pancake customer data.
- Humans do not read Google user data except (a) with your explicit permission, (b) for security purposes (e.g., investigating abuse), (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
Limited Use disclosure
Pancake's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
8. Contact
For any questions or requests regarding your data, you can contact us at:
9. Changes to This Policy
This policy may be updated at any time. We encourage you to review it regularly. Significant changes will be communicated where appropriate.
