Privacy Policy

1. Information We Collect

Information You Provide

- Email address: when you sign up for an account or join the waitlist. - Payment information: processed by Stripe. We store your Stripe customer ID and subscription status only. We do not store credit card numbers, bank account details, or other payment credentials. - Chat messages: when you use the AI chat agent, your messages are temporarily processed by third-party AI providers to generate responses (see Section 3). Chat messages are not persistently stored in our database.

Information Generated by Your Use

- Usage data: markets viewed, briefs generated, and feature interactions. Stored in our database. - Technical data: IP address (for rate limiting and abuse prevention), browser type, device information, and referring URL from standard server logs.

Information We Do NOT Collect

- Prediction market trading data, wallet addresses, or financial account information. - We do not use third-party ad tracking or analytics pixels. - We do not sell, rent, or trade your personal data to anyone.

2. How We Use Your Information

- Provide, maintain, and improve our services. - Authenticate your account and manage subscriptions. - Process payments through Stripe. - Rate limiting and abuse prevention. - Send service-related communications (account confirmations, billing notifications). - Send optional marketing emails (daily digest), which you can unsubscribe from at any time. - Generate anonymous, aggregated analytics to improve the product. - We may in the future use anonymized and aggregated chat data to improve AI prompts and product quality. If chat persistence is introduced, your chat messages will never be publicly associated with your identity.

3. Third-Party Services

We use the following third-party services that may process your data:

Supabase (database and authentication): stores user accounts and usage data. Hosted in the AWS ap-southeast-1 region (Singapore).

Stripe (payments): processes subscription payments. Stripe's privacy policy governs their handling of payment data.

Vercel (hosting): serves our website. Standard server logs include IP addresses and request metadata.

OpenAI / Perplexity AI (AI generation): market data and publicly available information are sent to AI providers to generate intelligence briefs. When you use the AI chat agent, your chat messages are also temporarily sent to AI providers for processing but are not persistently stored by us. We do not send your email address, identity, or account information to AI providers. AI provider data processing is governed by their respective privacy policies.

Upstash Redis (caching): temporary cache for market prices and brief availability. No personal data is stored in cache.

Resend (email): processes email delivery for authentication links and optional digest emails.

4. Cookies

We use session cookies solely for authentication and maintaining your logged-in state. We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.

5. Data Retention

We retain your account data for as long as your account remains active. Chat messages with the AI agent are temporarily processed and not persistently stored; we may introduce optional chat history persistence in the future, at which point this policy will be updated. Waitlist email addresses are retained until you request removal or until you convert to a registered account. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, billing records required by tax authorities).

6. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach, via email and/or prominent notice on our website. The notification will describe the nature of the breach, the data affected, and the steps we are taking in response.

7. Your Rights

Regardless of your location, you have the right to:

- Access the personal data we hold about you. - Request correction of inaccurate data. - Request deletion of your data. - Request a copy of your data in a portable format. - Withdraw consent for optional communications (marketing emails) at any time.

To exercise any of these rights, email us at privacy@usepancake.com. We will respond within 30 days.

For EU/EEA Users (GDPR)

The data controller is Nusantara Ventures, LLC. Our legal basis for processing your data is: (a) contractual necessity (to provide the service you signed up for), (b) legitimate interest (to improve our services and prevent abuse), and (c) consent (for optional marketing emails). You have the right to lodge a complaint with your local data protection authority. For data transfers outside the EEA, we rely on our service providers' data protection measures, including Standard Contractual Clauses where applicable.

For California Users (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you. - Right to Delete: You may request deletion of your personal information, subject to certain exceptions. - Right to Opt-Out of Sale: We do not sell your personal information. We have never sold personal information and have no plans to do so. - Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at privacy@usepancake.com. We will verify your identity before processing your request and respond within 45 days.

8. International Data Transfers

Our services are hosted globally. Your data may be transferred to and processed in countries other than your own, including Singapore (Supabase), the United States (Stripe, Vercel, AI providers), and other locations where our service providers operate. We rely on the data protection measures of our service providers to safeguard transferred data.

9. Data Security

We implement reasonable technical and organizational measures to protect your data, including encrypted connections (HTTPS), secure authentication (magic links, no passwords stored), and access controls on our database. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children

Pancake is not intended for users under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your personal data may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised "Last Updated" date. Material changes will be communicated via email or a prominent notice on the website at least 15 days before they take effect. Continued use of Pancake after the effective date constitutes your acceptance of the updated policy.

13. Contact

Nusantara Ventures, LLC Email: privacy@usepancake.com Website: usepancake.com