← pondas

Privacy Policy

Last updated: June 19, 2026

This Privacy Policy explains how Hyunjung Yoon, operating pondas (“we,” “us”), collects, uses, and shares personal information when you use pondas.ai and related applications (the “Service”). It includes disclosures for residents of California (CCPA/CPRA) and the EU/EEA & UK (GDPR).

1. Information we collect

  • Account & identifiers — name, email, and account ID, via our authentication provider.
  • Your inputs & Outputs — prompts, instructions, uploaded context, and the content the agents generate for you.
  • Usage & device data — actions in the product, log data, IP address, browser/device info, and approximate location derived from IP.
  • Payment data — handled by our payment processor; we receive limited billing details (e.g., plan, last4, status) and do not store full card numbers.
  • Cookies — strictly necessary cookies for authentication and security; analytics cookies only with consent where required (see §9).

2. How we use information

  • To provide, operate, secure, and improve the Service and run the AI agents you direct;
  • To process payments, credits, and subscriptions;
  • To communicate with you about your account, security, and changes to the Service;
  • To prevent fraud and abuse and to comply with legal obligations.

3. AI processing & model training

Your inputs and Outputs are sent to our AI model provider(s) to perform the tasks you request. We do not use your inputs or Outputs to train our own AI models, and we do not sell your content. Our primary model provider (Anthropic) does not train its models on data submitted through its API by default. We use your content only to operate, secure, and improve the Service.

4. Legal bases (GDPR)

Where the GDPR applies, we process personal data on these bases:

  • Performance of a contract — to provide the Service you sign up for;
  • Legitimate interests — to secure, maintain, and improve the Service and prevent abuse;
  • Consent — for non-essential cookies/analytics and optional communications; and
  • Legal obligation — to meet tax, accounting, and compliance requirements.

5. How we share information (service providers / subprocessors)

We share personal information with service providers who process it on our behalf to run the Service, under contracts that limit their use of it:

  • Anthropic — AI model inference;
  • Stripe — payment processing;
  • Clerk — authentication;
  • Vercel & Railway — application and database hosting;
  • E2B — sandboxed code execution;
  • Google Analytics & Amplitude — product analytics (loaded only after you accept analytics cookies).

We may also disclose information to comply with law, enforce our Terms, or protect rights and safety, and in connection with a business transfer. We do not sell your personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under California law.

6. Data retention

We keep personal information for as long as your account is active and as needed to provide the Service, then for a reasonable period to meet legal, tax, security, and dispute-resolution needs, after which it is deleted or de-identified. You can request deletion as described in §8.

7. International transfers

We and our service providers may process your information in the United States and other countries. Where required (e.g., for EU/EEA/UK data), transfers rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

8. Your rights

California (CCPA/CPRA). You have the right to know/access the categories and specific pieces of personal information we collect, to delete it, to correct inaccurate information, to opt out of sale or sharing, and to limit the use of sensitive personal information. We do not sell or share personal information, and we do not use sensitive personal information for purposes that require an opt-out. We will not discriminate against you for exercising these rights.

EU/EEA & UK (GDPR). You have the right to access, rectify, erase, restrict, and object to processing, the right to data portability, the right to withdraw consent, and the right to lodge a complaint with your supervisory authority.

To exercise any right, email harris@vlippers.com. We will verify and respond within the timeframes required by law. You may use an authorized agent where permitted.

9. Cookies & tracking

We use strictly necessary cookies to keep you signed in and secure. We also use analytics cookies via Google Analytics and Amplitude to understand product usage and improve pondas. Analytics cookies load only after you accept them in our cookie banner (opt-in consent, as required in the EU/EEA/UK); you can decline, and you can change your choice anytime via the “Cookie preferences” link in the footer. We honor opt-out signals (including Global Privacy Control) where applicable.

10. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided us information, contact us and we will delete it.

11. Security

We use reasonable technical and organizational measures to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Changes to this Policy

We may update this Policy and will revise the “Last updated” date; material changes will be communicated as required by law.

13. Contact

Privacy questions or requests: harris@vlippers.com (Hyunjung Yoon, operating pondas).

TermsPrivacyRefunds