Trust Centre

Data Processing, GDPR & Retention

Legal bases, retention periods and international transfers.

Last updated: July 8, 2026 · Panzoe Technologies

1. Roles

For account, billing and platform data, Panzoe Technologies acts as the data controller. For content you sync from connected services into your workspace, we process it on your instructions to provide the Services.

2. Lawful bases (GDPR/UK GDPR)

  • Contract performance — providing the platform, copilots, briefings and integrations you enable.
  • Consent — connecting Google/Microsoft accounts (granted via OAuth and revocable anytime), optional analytics cookies, marketing communications and push notifications.
  • Legitimate interests — securing the platform, preventing abuse, and aggregate product improvement.
  • Legal obligation — tax, accounting and lawful-request compliance.

3. Retention periods

  • Account & workspace data — retained while your account is active; permanently deleted on account deletion.
  • Connected-account tokens & synced content — retained while the integration is connected; removed on disconnect-and-purge or account deletion.
  • AI conversations & memory — retained while your account is active so copilots keep context; deleted with your account.
  • Audit and security logs — up to 24 months, for security and compliance.
  • Payment records — minimum 7 years (Canadian tax law), held as transaction records only (never card numbers).
  • Feedback — retained while relevant to product development; anonymised or deleted on request.

4. International transfers

Panzoe operates from Canada, which the European Commission recognises as providing adequate protection under PIPEDA. Some processors (see /legal/subprocessors) operate in the United States; transfers to them rely on appropriate safeguards including Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

5. Exercising your rights

Access, rectification, erasure, portability, restriction and objection are described with practical steps in /legal/data-rights. Requests: privacy@panzoe.ai — we respond within 30 days.

Questions about this policy? Contact us at legal@panzoe.ai or visit the Contact page.
Essential cookies only, plus optional first-party analytics. Policy