Privacy Policy
How we collect, use, and protect your personal data
Version 1.0 · Effective date: [DATE]
PANDI NOW
Pandi Now Inc. • Incorporated in Delaware, United States
1. Who We Are and How to Contact Us
Pandi Now Inc. is a Delaware corporation operating the Pandi Now platform at pandinow.com ("Platform"). We are the data controller responsible for your personal data.
| Contact | Details |
|---|---|
| Company | Pandi Now Inc. |
| Platform | pandinow.com |
| Privacy enquiries | hi@pandinow.com |
| EU Representative | [To be appointed — required for GDPR compliance] |
| Mailing address | [Registered address — to be completed] |
For EU residents: If you are located in the European Union or European Economic Area, you have the right to lodge a complaint with your local data protection authority if you are unhappy with how we handle your data.
2. What Personal Data We Collect
We collect the following categories of personal data:
2.1 Account and Identity Data
- Full name
- Email address
- Password (stored in encrypted form — we never see your plaintext password)
- Profile information you choose to provide (organization name, role, bio, location)
- Profile photo or avatar if uploaded
2.2 Venture and Initiative Data (Founders)
- Business plans, financial projections, and milestone information submitted via the Pandi Passport
- Documents and materials uploaded to your listing
- Progress reports and milestone updates
2.3 Financial and Payment Data
- Payment card details — these are processed directly by our payment processor (Stripe) and are not stored on Pandi Now's servers
- Transaction records: amounts, dates, and initiative identifiers associated with platform fees
- Billing name and address
2.4 Communication Data
- Messages exchanged with other members through the platform
- Emails and correspondence with Pandi Now support
- Community and event participation records
2.5 Usage and Analytics Data
- Pages visited, features used, and time spent on the platform
- Device type, browser type, and operating system
- IP address and approximate geographic location
- Referring URLs and search terms used to find the platform
- Click patterns and navigation behavior
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. If this changes, we will update this Policy and obtain appropriate consent.
3. How We Collect Your Data
Directly from you
When you create an account, complete your profile, submit a listing, send messages, make a payment, or contact us.
Automatically
When you use the platform, we automatically collect usage and analytics data through cookies, server logs, and similar technologies. See Section 9 (Cookies) for details.
From third parties
We may receive data about you from our analytics provider (e.g. Google Analytics), payment processor (Stripe), and email marketing tool (e.g. Mailchimp) in connection with services you use on the platform.
4. Why We Use Your Data — Legal Basis (GDPR)
We only use your personal data where we have a lawful basis to do so. The table below sets out our purposes and the legal basis for each:
| Purpose | Legal Basis (GDPR) / Basis (US) |
|---|---|
| Create and manage your account | Contract performance |
| Connect founders with funders through the platform | Contract performance |
| Process platform fees and payments | Contract performance |
| Send transactional emails (account confirmations, milestone alerts) | Contract performance |
| Enforce our Terms and Agreements | Contract performance / Legitimate interests |
| Improve the platform and fix bugs | Legitimate interests |
| Analyse usage patterns and platform performance | Legitimate interests |
| Send marketing and product update emails | Consent (you can withdraw at any time) |
| Comply with legal obligations (tax, regulatory) | Legal obligation |
| Prevent fraud, abuse, and security threats | Legitimate interests / Legal obligation |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may object to processing based on legitimate interests at any time — see Section 7.
5. Who We Share Your Data With
We do not sell your personal data. We share data only in the following circumstances:
5.1 Other Platform Members
When you list a venture, your listing information is visible to registered funder members. When you engage as a funder, your identity may be visible to founders of initiatives you engage with. You control what you include in your profile and listings.
5.2 Service Providers (Data Processors)
We use third-party service providers who process data on our behalf under strict data processing agreements:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing — card data is handled directly by Stripe and not stored on our servers |
| Google Analytics (or equivalent) | Platform usage analytics — data is anonymized and aggregated where possible |
| Mailchimp (or equivalent) | Email marketing and transactional email delivery |
| Cloud hosting provider (e.g. Vercel, AWS) | Hosting and infrastructure for the platform |
All service providers are contractually required to process data only on our instructions and to maintain appropriate security measures.
5.3 Legal and Regulatory Disclosure
We may disclose your data to law enforcement, regulators, or courts where required by applicable law, or where necessary to protect the rights, property, or safety of Pandi Now, our users, or others.
5.4 Business Transfers
If Pandi Now is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
We will never sell, rent, or trade your personal data to third parties for their own marketing purposes.
6. International Data Transfers
Pandi Now is incorporated in the United States. If you are located in the European Union or United Kingdom, your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.
We ensure appropriate safeguards are in place for these transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission with our service providers
- Data Processing Agreements with all third-party processors
- Adequacy decisions where applicable
You may request a copy of the transfer safeguards we rely on by contacting hi@pandinow.com.
7. Your Rights
7.1 Rights for All Users
Regardless of where you are located, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request deletion of your data (subject to legal retention requirements)
- Withdraw consent for marketing communications at any time
- Lodge a complaint with a relevant data protection authority
7.2 Additional Rights for EU / EEA Residents (GDPR)
If you are located in the EU or EEA, you additionally have the right to:
- Data portability: receive your data in a structured, machine-readable format
- Restriction of processing: ask us to restrict how we use your data in certain circumstances
- Object to processing: object to processing based on legitimate interests or for direct marketing
- Not be subject to automated decision-making that produces significant legal effects
7.3 Additional Rights for California Residents (CCPA / CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to Know: request details about what personal information we collect, use, disclose, and sell
- Right to Delete: request deletion of personal information we have collected about you
- Right to Correct: request correction of inaccurate personal information
- Right to Opt-Out of Sale or Sharing: we do not sell personal information, but you may direct us not to share your data for cross-context behavioral advertising
- Right to Limit Use of Sensitive Personal Information: we do not collect sensitive personal information as defined under CPRA
- Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights
To exercise any of your rights, contact us at hi@pandinow.com. We will respond within 30 days (EU: one month; California: 45 days). We may need to verify your identity before processing your request.
8. How Long We Keep Your Data
We keep your personal data only as long as necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:
| Data Type | Retention Period |
|---|---|
| Account and profile data | Duration of membership + 2 years after account closure |
| Venture listing and Pandi Passport data | Duration of listing + 5 years (contractual record-keeping) |
| Payment and transaction records | 7 years (tax and financial regulation requirements) |
| Communication and message data | 3 years from last activity |
| Usage and analytics data | 26 months (standard analytics cycle) |
| Marketing consent records | Until consent is withdrawn + 2 years |
When data is no longer required, we securely delete or anonymize it. Anonymized, aggregated data that cannot identify you may be retained indefinitely for platform analytics and improvement.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the platform and understand how it is used. Cookies are small text files placed on your device when you visit the platform.
Categories of cookies we use:
| Cookie Type | Purpose |
|---|---|
| Strictly Necessary | Required for the platform to function — login sessions, security tokens. Cannot be disabled. |
| Analytics | Track how users interact with the platform to help us improve it (e.g. Google Analytics). Can be disabled. |
| Marketing / Preferences | Remember your preferences and, where consent is given, deliver relevant communications. Can be disabled. |
For EU/EEA users, we will request your consent before placing non-essential cookies. You can withdraw consent or manage cookie preferences at any time through the cookie settings on the platform.
For California users, you may opt out of cookies used for cross-context behavioral advertising through the cookie settings.
You can also control cookies through your browser settings. Note that disabling certain cookies may affect your ability to use parts of the platform.
10. How We Protect Your Data
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These include:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls limiting who within Pandi Now can access personal data
- Payment card data handled exclusively by PCI-DSS compliant processors (Stripe)
- Regular security reviews and vulnerability assessments
- Staff training on data protection and security
No system is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately at hi@pandinow.com.
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant authorities in accordance with applicable law — within 72 hours for GDPR purposes, and within the timelines required under applicable U.S. state laws.
11. Children's Privacy
The Pandi Now platform is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us at hi@pandinow.com and we will promptly delete it.
12. Third-Party Links and Services
The platform may contain links to third-party websites, tools, or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through the platform. Pandi Now is not responsible for the privacy practices of third parties.
13. GDPR — Data Controller and Representative
For EU/EEA residents, Pandi Now Inc. is the data controller for personal data processed in connection with the platform. As a U.S.-based company processing EU personal data, we are required to appoint an EU representative under Article 27 of the GDPR.
ACTION REQUIRED: Pandi Now must appoint an EU Data Protection Representative before launching to EU users. This can be a law firm, consultancy, or individual based in any EU member state. Contact hi@pandinow.com for current representative details once appointed.
EU/EEA residents may also have the right to lodge a complaint with their national data protection authority. A list of EU data protection authorities is available at: edpb.europa.eu/about-edpb/about-edpb/members_en
14. California Privacy — CCPA / CPRA Disclosures
This section applies to California residents and supplements the rest of this Policy.
Categories of personal information collected in the last 12 months:
| Category | Collected? |
|---|---|
| Identifiers (name, email, IP address) | Yes |
| Personal information (financial, payment data) | Yes |
| Commercial information (transaction history) | Yes |
| Internet or electronic network activity (usage data) | Yes |
| Geolocation data (approximate, from IP) | Yes |
| Professional or employment-related information (profile data) | Yes |
| Sensitive personal information (SSN, precise geolocation, etc.) | No |
Do we sell personal information?
No. Pandi Now does not sell personal information as defined under the CCPA/CPRA.
Do we share personal information for cross-context behavioral advertising?
We may use analytics tools that involve sharing data for advertising purposes. California residents may opt out of this by adjusting cookie settings on the platform or by contacting hi@pandinow.com with the subject line "CCPA Opt-Out."
How to submit a CCPA request:
Email: hi@pandinow.com with subject line "California Privacy Request." We will verify your identity and respond within 45 days. You may designate an authorized agent to make a request on your behalf.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Post the updated Policy at pandinow.com/privacy with a new effective date
- Notify registered members by email at least 30 days before the changes take effect
- Where required by law, obtain fresh consent for new processing activities
Your continued use of the platform after the effective date of an updated Policy constitutes acceptance of the changes.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
| Method | Details |
|---|---|
| hi@pandinow.com | |
| Subject line for data requests | "Privacy Request — [Your Name]" |
| Subject line for CCPA requests | "California Privacy Request" |
| Subject line for GDPR requests | "GDPR Request — [Your Name]" |
| Response time | Within 30 days (EU: one month; California: 45 days) |
This Privacy Policy was drafted to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and applicable U.S. federal standards. It should be reviewed by qualified legal counsel before publication, particularly to confirm EU representative appointment requirements and any state-specific obligations.
Pandi Now Inc. • pandinow.com • Version 1.0 • Effective Date: [DATE]