Privacy Policy

Last updated: January 30, 2026

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@pailon.cc.

Welcome to Pailon. Pailon ("Pailon," "we," "us," or "our") provides a programmable control plane for regulated actions, including APIs, dashboards, verification tools, reporting systems, and related services (collectively, the "Pailon Services"). Pailon governs authorization, policy evaluation, provenance, and evidence for actions executed by customers or third-party systems. Pailon does not execute operational actions, custody funds, or store domain-specific records such as financial balances, medical records, or legal case files.

"Personal Data" means information that identifies, relates to, or can reasonably be linked to an identifiable individual. This Privacy Policy explains how we collect, use, disclose, retain, and protect Personal Data, and describes your rights regarding that data.

2. Scope and Roles

Depending on the context:

Pailon acts as a data controller for account administration, platform security, analytics, and business operations.
Pailon acts as a data processor when processing Personal Data on behalf of customers in connection with regulated actions, evidence generation, or reporting.

Customers remain responsible for determining the lawful basis for processing Personal Data in their systems and for content they submit to Pailon.

3. Information We Collect

3.1 Personal Data You Provide

We collect Personal Data you choose to provide when you create an account, use the Pailon Services, or communicate with us.

A. Identity and Account Information

Full name
Email address
Phone number
Organization and role
Authentication credentials (hashed or tokenized)
API keys and access scopes

B. Compliance and Governance Information

Authorization requests and approvals
Policy evaluation inputs and outcomes
Delegation and revocation records
Risk classifications and decision metadata

C. Evidence and Audit Metadata

Event timestamps and identifiers
Cryptographic hashes
Attestation references
Artifact metadata (hashes, size, type)
Custody and access records

Note: Pailon records metadata and proof. We do not require customers to upload raw domain records (e.g., medical files, legal documents, or financial account data) unless explicitly configured for evidence purposes.

D. Communications

Support inquiries
Emails and other correspondence
Recorded communications where permitted by law

E. Location Information

Approximate location inferred from IP address
Location information you voluntarily provide

3.2 Information Collected Automatically

When you access the Pailon Services, we automatically collect limited technical data:

IP address
Device type and operating system
Browser type and version
Language and regional settings
Usage logs, error logs, and performance metrics

This data is used for security, reliability, and operational integrity—not advertising.

4. Cookies and Similar Technologies

We use cookies and similar technologies only to:

Enable core platform functionality
Maintain secure sessions
Prevent abuse and fraud
Monitor system performance

We do not use cookies for behavioral advertising and do not track users across unrelated third-party websites.

You can manage cookies through your browser settings, but disabling them may limit certain features.

5. How We Use Personal Data

We use Personal Data solely for legitimate business and compliance purposes, including to:

Provide and operate the Pailon Services
Authenticate users and secure accounts
Evaluate policies and governance rules
Produce attestations and verifiable evidence
Generate regulatory, audit, or court-ready reports
Detect, prevent, and investigate fraud or security incidents
Comply with legal and regulatory obligations
Improve platform reliability and features
Respond to support requests and operational communications

We do not sell Personal Data or use it for interest-based advertising.

6. How We Share Personal Data

6.1 Service Providers

We may share Personal Data with vetted service providers that support our operations, including:

Cloud infrastructure providers
Security, monitoring, and logging services
Identity and access management tools
Audit and compliance vendors

Service providers are contractually bound to use Personal Data only as instructed and to protect it appropriately.

6.2 Customer-Directed Integrations

If you connect Pailon to third-party platforms (e.g., banks, payment providers, case management systems, or agent frameworks), we may share data as directed by you.

Those third parties process data under their own terms and privacy notices.

6.3 Legal and Regulatory Disclosures

We may disclose Personal Data if required to:

Comply with applicable laws or regulations
Respond to lawful requests from regulators, courts, or law enforcement
Enforce our agreements
Protect the rights, safety, or integrity of Pailon, our users, or others

6.4 Business Transfers

If Pailon is involved in a merger, acquisition, reorganization, or sale of assets, Personal Data may be transferred as part of that transaction, subject to this Privacy Policy.

7. Data Retention

We retain Personal Data only as long as necessary to:

Provide the Pailon Services
Maintain verifiable audit and evidence trails
Comply with legal, regulatory, and contractual obligations

Retention periods may vary by data category, jurisdiction, and regulatory requirements. Legal holds may suspend deletion where required.

When data is deleted, Pailon records provable deletion evidence as part of its audit trail.

8. Security Safeguards

We maintain administrative, technical, and organizational safeguards designed to protect Personal Data, including:

Access controls and least-privilege enforcement
Encryption in transit and at rest
Audit logging and monitoring
Key management and rotation
Secure development and deployment practices

Access to Personal Data is limited to authorized personnel with a legitimate business need.

9. International Data Transfers

Pailon operates globally. Personal Data may be processed in jurisdictions other than your own.

Where required, we implement appropriate safeguards (such as contractual protections) to ensure lawful international data transfers.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

Access your Personal Data
Correct inaccurate or incomplete data
Request deletion (subject to legal retention obligations)
Restrict or object to certain processing
Receive a copy of your data in a portable format
Withdraw consent where processing is based on consent

Requests can be submitted by contacting privacy@pailon.cc. We may require identity verification before responding.

11. Children's Data

The Pailon Services are not directed to individuals under 13 years of age, and we do not knowingly collect Personal Data from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or by other appropriate means. The "Last updated" date reflects the most recent revision.

13. California and U.S. State Privacy Rights

Where applicable, residents of certain U.S. states (including California) have rights under state privacy laws, such as the CCPA.

Pailon does not sell Personal Data and does not discriminate against users for exercising privacy rights.

14. Third-Party Services and Notices

Pailon enables governance and evidence for services provided by third parties. Those providers' privacy notices govern their handling of Personal Data processed outside the Pailon platform.

15. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact:

Email: privacy@pailon.cc