Privacy Policy

What we collect, why, what we send to whom, and your rights as a user.

Effective: [EFFECTIVE DATE]. Last updated: 2026-05-26.

We never train on your data. See the subprocessor list below for exactly what we send to whom.

1. Who we are

The Panel is operated by [FOUNDER ENTITY NAME], based in [JURISDICTION]. Contact for privacy questions: privacy@thepanel.app.

2. What we collect

Account info: email, optional display name.
Workspace content: panels you compose, questions you ask, persona responses, signal events.
Billing metadata via Stripe (we never see your card number).
Operational telemetry: HTTP request timings, error stack traces (no request bodies, PII stripped).
Consent records: the Terms/Privacy versions you accepted, with a timestamp (and a best-effort IP/device string) — to demonstrate consent.

3. Why we collect it

To operate the service (run rounds, persist sessions, bill subscriptions), and to debug + improve the product. We do not sell data and we do not use your content to train models.

4. Subprocessors

We share data only with the processors needed to run the service, each receiving only what its function requires: Anthropic (LLM), Voyage (embeddings), Supabase (DB + auth), Stripe (billing), Resend (email), Upstash (rate-limit), Sentry (errors), PostHog (analytics), Inngest (jobs), Vercel + Cloudflare (hosting/CDN). The per-processor detail is kept in our public repository.

5. Retention

Workspace data persists until you delete it. Account deletion via Settings → Privacy schedules a hard-delete 30 days out; cancellable within the window. Audit log rows survive workspace deletion (with NULLed workspace_id) for compliance forensics.

6. Your rights

Export:download a full JSONL dump of your workspace via Settings → Privacy.
Delete:schedule account deletion (30-day grace) via Settings → Privacy.
Object: email privacy@thepanel.app to opt out of analytics.
2FA:enable TOTP via Settings → Security.

7. Cookies & error reporting

Strictly-necessary cookies only, by default. We set transactional cookies needed to run the service — your sign-in session, a CSRF token, and your theme preference. These require no consent and we never use them to track you across sites.

Optional in-browser error reporting. To fix bugs faster we can enable client-side error reporting (Sentry). It is off until you opt in: we ask via a cookie banner and only turn it on if you choose “Accept all.” Your choice is stored in a single first-party preference cookie (panel_cookie_consent, ~1 year) so we don’t ask again. If your browser sends a Global Privacy Control signal, we default to essential-only. You can change your mind at any time.

Server-side error monitoring (errors raised by our servers) runs on a legitimate-interest basis for security and reliability. It sets no cookies and no client-side tracker, and we strip personal data before any report leaves our systems — no request bodies, with cookies, auth headers, and sensitive URL parameters redacted.

8. Children

The service is for users aged 16 and over. We do not knowingly collect data from anyone under 16. You confirm you are at least 16 when you accept these policies.

9. Updates

Material changes to this policy are announced via the in-app changelog with at least 14 days notice, and may require you to re-accept.