POLICY

Privacy Policy

This page describes what personal data Elite.pankh.ai processes, why, where it lives, how long we keep it, and the rights you have over it. It applies to everyone who uses Elite.pankh.ai anywhere in the world; EEA / UK / Swiss customers also get the GDPR / UK GDPR / FADP protections specifically named below.

Last updated: 2026-05-04GDPR Compliant
01

Who we are

Elite.pankh.ai is built by Pankh AI Pvt Ltd. The data controller for personal data processed through Elite.pankh.ai is Pankh AI Pvt Ltd.

02

What we collect and why

  • Account data

    Email, name, hashed password, avatar — to identify you, sign you in, and let workspace teammates address you.

  • Workspace content

    Records, emails, missions, attachments — processed on your behalf to deliver the product. We do not sell or share workspace content with third parties.

  • Operational metadata

    Timestamps, IP at login, user-agent — for security audits and abuse prevention.

  • OAuth tokens

    Gmail, Outlook, Slack (only if you connect them) — held encrypted at rest and used only to drive integrations you've explicitly enabled.

03

Lawful basis (UK / EU GDPR Art. 6)

  • Contract performance

    To deliver Elite.pankh.ai to you under our terms.

  • Legitimate interest

    Security logging, abuse prevention, product improvement.

  • Consent

    For optional analytics cookies and marketing emails.

04

Where your data lives

Production data is hosted on Microsoft Azure. EEA / UK customers are provisioned to an Azure EU region. Data leaving the EEA is covered by Standard Contractual Clauses (SCCs).

05

How long we keep it

  • Account data

    Until you delete your account, then 30 days for backup expiry.

  • Workspace content

    Same as account, governed by your workspace's retention.

  • Operational logs

    90 days rolling.

  • Billing records

    7 years (statutory).

06

Your rights

Under GDPR / UK GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data.

07

Cookies

We use strictly necessary cookies to keep you signed in and secure — these cannot be disabled. Optional analytics cookies are off by default; you can switch them on or off in Settings → Privacy or via the consent banner shown on first visit.

08

Sub-processors and AI providers

Elite.pankh.ai uses third parties (Microsoft Azure, OpenAI, Anthropic, optional Google/Slack OAuth) to deliver core functionality. Each is bound by a Data Processing Agreement (DPA). Prompts sent to LLM providers may include workspace content you ask the agent to act on. We use providers' zero-data-retention APIs where available.

09

Security

TLS in transit. AES-256 at rest. Secrets in a managed vault. Per-workspace isolation enforced at the database layer. Vulnerability reports go to security@pankh.ai.

10

Data breach process

Confirmed personal-data breaches are reported to affected users and the relevant supervisory authority within 72 hours of confirmation, in line with GDPR Art. 33-34.

11

International transfers

Where workspace data must leave the EEA / UK (e.g., LLM inference in the US), we rely on the EU SCCs and equivalent UK addenda, plus the provider's own privacy program.

12

Changes to this policy

Material changes are communicated by email at least 14 days before they take effect. The current effective date is below.

Exercise Your Rights

You can exercise your technical rights directly from your account settings:

ACCESS & PORTABILITY

Download a JSON export of your data

ERASURE

Delete your account and all data

OTHER RIGHTS

Rectification, restriction, objection

We'll respond to all rights requests within 30 days.

Third-Party Processors

View our complete list of sub-processors and their data handling practices.

Have privacy questions or concerns?