This Privacy Policy explains how PONDER PRIVATE LIMITED, a company incorporated in Singapore ("PAREL", "we", "us"), collects, uses, and shares information when you use the PAREL platform, CLI, web console, and APIs (the "Service"). PAREL is responsible for the account and operational data described below. If you use the Service to process personal data of your own end users, you are responsible for that content and for having a lawful basis to include it (see Section 3).
__session and related tokens) in your browser to keep you signed in; these are necessary for the Service to function.We use information to provide and operate the Service (running agents, executing steps, streaming results), to meter and bill usage, to secure the platform and prevent abuse, to provide support, and to comply with legal obligations. Where the GDPR or similar laws apply, we rely on these legal bases: performance of a contract (to provide the Service and billing); legitimate interests (to secure, debug, and improve the Service and prevent abuse); legal obligation (tax, accounting, and lawful requests); and consent where required (e.g. optional communications).
AI training. We do not use your prompts, agent configurations, transcripts, or outputs to train or fine-tune our own models. Prompts and context sent to third-party model providers are processed under those providers' terms; we do not sell your personal information.
To deliver the Service we share data with the sub-processors below. Each processes data under its own terms and a data protection agreement with safeguards no less protective than this Policy. Prompts and context sent to model providers, and agent code sent to sandbox providers, leave our infrastructure to those providers.
Customer data & BYOK. When your prompts contain end users' personal data, you are responsible for having a lawful basis and for informing those individuals that their data is processed by PAREL and your model provider. When we add or change sub-processors, we will update this Policy. If you bring your own provider keys (BYOK), prompts still flow to that provider under its terms; we store BYOK credentials encrypted at rest.
Your data may be processed in countries other than your own, including the United States. Where required for transfers out of the EEA, UK, or Switzerland, we and our sub-processors rely on the European Commission's Standard Contractual Clauses (and the UK Addendum) together with supplementary technical and organizational measures. You can request details by contacting contact@parel.sh.
PAREL is in beta. We keep your account data and agent content — configurations, transcripts, logs, and tool inputs/outputs — for as long as your account is active. You can delete agents at any time, or email us at contact@parel.sh to delete your account and its associated content; we action verified requests within the period required by law. Billing and usage records are kept for up to 7 years to meet tax and accounting obligations, including after account deletion. As the Service leaves beta we may introduce fixed retention windows and will update this Policy accordingly.
Depending on your location (including under the GDPR/UK GDPR and the CCPA/CPRA), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. California residents also have rights to know, delete, correct, and to opt out of "sale" or "sharing" — PAREL does not sell or share personal information for cross-context behavioral advertising — and to be free from discrimination for exercising these rights. To make a request, contact contact@parel.sh; we will verify your identity and respond within the period required by law (generally 30 days under GDPR and 45 days under the CCPA, with permitted extensions). You may also lodge a complaint with your local data protection authority.
We use industry-standard measures including encryption in transit, encryption at rest for stored provider keys and plugin secrets, and tenant isolation. No method of transmission or storage is completely secure; we cannot guarantee absolute security. In the event of a personal-data breach, we will notify affected users and the relevant authorities as required by applicable law (under the GDPR, without undue delay and, where feasible, within 72 hours of becoming aware).
The Service is not intended for individuals under 18, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact contact@parel.sh and we will delete it.
We may update this Policy. We will post the updated Policy with a new "last updated" date and, for material changes (such as new purposes or sub-processors), give notice through the Service or by email before they take effect.
PONDER PRIVATE LIMITED, a company incorporated in Singapore, is responsible for the data described in this Policy and is the point of contact for data-protection matters. Privacy questions or data requests: contact@parel.sh.