Privacy & Cookie Policy

Effective date: 19 November 2025 • Last updated: 19 November 2025

This Privacy & Cookie Policy explains how Pandalytic (“Pandalytic,” “we,” “us,” or “our”) collects, uses, and shares information about you when you visit our websites, use our SaaS products, contact us, or otherwise interact with us. It is designed to meet applicable data protection laws in the United States, the European Economic Area (EEA), the United Kingdom, and other jurisdictions where we operate. If you disagree with this Policy, please do not use our services.

1. Data Controller & Scope

Pandalytic is responsible for processing your personal data. This Policy applies to all websites, web apps, and communication channels that link to it, including our contact forms and any feature that references cookies, Google Analytics, or Microsoft Clarity.

2. Information We Collect

We collect the following categories of information:

  • Account & profile data: name, company, billing details, login credentials, and plan selections.
  • Contact & support data: information you submit via forms, email, chat, or phone when requesting demos, support, or sales information.
  • Usage & device data: IP address, browser type, operating system, time zone, referral URLs, pages viewed, and interactions captured via analytics tools such as Google Analytics and Microsoft Clarity.
  • Cookies & similar technologies: identifiers stored on your device that help us remember your preferences, secure your sessions, and understand product performance.
  • Payment data: processed securely by our payment partners; we store only limited tokens necessary to manage subscriptions.

3. How We Use Your Information

  • Provide, personalize, and maintain our products.
  • Process transactions, issue invoices, and manage customer accounts.
  • Respond to support tickets, demo requests, and feedback.
  • Monitor performance, debug issues, and protect the security of our infrastructure.
  • Analyze aggregated usage trends using Google Analytics and Microsoft Clarity to improve UX.
  • Communicate important updates, releases, and policy changes in compliance with your notification preferences.
  • Comply with legal obligations, audits, and enforcement.

4. Legal Bases for EU/UK Residents

We rely on the following GDPR/UK GDPR legal grounds, depending on the processing activity:

  • Performance of a contract when delivering our services.
  • Legitimate interests for analytics, product insights, and fraud prevention.
  • Consent for non-essential cookies, marketing emails, and optional telemetry.
  • Compliance with legal obligations for tax, accounting, and regulatory requests.

5. Cookies, Analytics & Tracking

We use first-party cookies for authentication, session continuity, and remembering preferences, as well as third-party cookies and scripts from Google Analytics and Microsoft Clarity to understand how visitors engage with our site. We never use these tools to collect sensitive data such as passwords or financial details.

When you first visit our site, you will see a cookie notice that lets you accept, reject, or customize non-essential cookies. You can also manage preferences in your browser or opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.

Microsoft Clarity captures anonymized interaction data such as scroll depth and clicks. You can learn more at Microsoft Privacy Statement.

6. Contact Forms & Communications

When you submit a contact form, request a demo, or email us, we process the data you provide (e.g., name, email, company, message). We use this information solely to fulfill your request, follow up on opportunities, and improve our customer success operations.

7. Data Sharing

We share personal data only with:

  • Service providers such as hosting partners, analytics platforms, marketing automation tools, payment processors, and professional advisors who act on our instructions.
  • Corporate transactions if we undergo a merger, acquisition, or asset sale, subject to appropriate safeguards.
  • Regulators or law enforcement when required to comply with applicable law or protect our rights.

We do not sell personal data.

8. International Transfers

We may store and process information in the United States and other countries where we or our service providers operate. When transferring personal data from the EEA or UK, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms and implement additional safeguards as needed.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. When data is no longer required, we delete or anonymize it in line with our retention schedules.

10. Your Privacy Rights

Depending on where you live, you may have the right to:

  • Access, correct, or delete your personal data.
  • Object to or restrict certain processing activities.
  • Receive a portable copy of data you provided.
  • Withdraw consent for non-essential cookies or marketing at any time.
  • Lodge a complaint with your local supervisory authority (e.g., the EEA Data Protection Authorities or the UK ICO).

California residents also have rights under the CCPA/CPRA, including the right to know, delete, and opt out of data sharing for cross-context behavioral advertising. We honor those rights.

11. Exercising Your Rights

To exercise privacy or cookie preferences, contact us at privacy@pandalytic.com or submit a request through our in-product privacy center. We may verify your identity before acting on requests and respond within the timelines required by applicable law.

12. Security

We implement administrative, technical, and physical safeguards, including encryption in transit, least-privilege access controls, vulnerability management, and vendor due diligence. No system is perfectly secure, so we maintain incident response procedures to act quickly if an issue arises.

13. Children's Privacy

Our services are not directed to children under 16, and we do not knowingly collect data from them. If we learn that a child under 16 has provided personal data, we will delete it promptly.

14. Changes to This Policy

We may update this Policy to reflect new features, legal requirements, or best practices. We will post the revised version with an updated date and, when appropriate, provide additional notice. Continued use of our services after a change means you accept the revised Policy.

15. Contact Us

Questions or concerns? Email privacy@pandalytic.com or write to Pandalytic, Attn: Privacy Office. If you are in the EEA/UK, you may also contact your local supervisory authority.