← Back to PantheOS

Privacy Policy

Last Updated: 17 February 2026

Pantheos AI, Inc. (“Company,” “we,” “us,” or “our”) operates the PantheOS platform, a sales management service accessible at https://pantheos.ai, https://app.pantheos.ai, and through our optional Chrome browser extension (collectively, the “Service”).

This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the Service, you agree to the practices described in this Privacy Policy and our Terms of Use.

1. Information We Collect

1.1 Account Information

When you register, we collect your email address, name, and password. You may also provide company information and other profile details.

1.2 Data You Provide

You may enter lead records, notes, pipeline data, and other sales-related information into the Service. This data is stored in your account and accessible only to members of your organization.

1.3 Data from Connected Services

With your explicit consent, you may connect third-party accounts to the Service. When you do, we access the following:

Google (Gmail & Google Calendar):

  • Email metadata: sender, recipients, subject line, snippet preview, timestamps, read status, and labels.
  • Email content: fetched on-demand when you view an email. Full email bodies are not permanently stored on our servers.
  • Calendar events: event title, time, location, attendees, conferencing links, and RSVP status.

Microsoft (Outlook & Microsoft Calendar):

  • Email metadata: sender, recipients, subject line, preview, timestamps, read status, importance, and categories.
  • Email content: fetched on-demand when you view an email. Full email bodies are not permanently stored on our servers.
  • Calendar events: event title, time, location, attendees, meeting links, and RSVP status.

Slack:

  • Channel list, message content in channels you authorize, and user display names, for the purpose of team communication features within the Service.

1.4 Data from the Chrome Extension

PantheOS offers an optional Chrome browser extension that integrates with LinkedIn. The Extension only activates on linkedin.com pages. When you use the Extension, we may collect:

  • LinkedIn profile data: When you choose to add a lead, the Extension reads publicly visible information from the current LinkedIn page, including name, job title, company name, company URL, location, and profile summary. This data is sent to our servers and stored as part of your lead records.
  • LinkedIn post data: When you use the engagement feature, the Extension reads recent posts including post text, engagement counts, and posting time. This data is sent to our servers for AI processing and is not permanently stored.
  • Authentication: The Extension stores your PantheOS session token locally in your browser storage. Your password is never stored by the Extension.

The Extension does not post content on LinkedIn on your behalf, does not access your LinkedIn login credentials, and does not collect data from pages you are not actively viewing.

1.5 Data from Third-Party Enrichment Services

We may use third-party data enrichment services to supplement lead and company records with publicly available business information such as company size, industry, and contact details.

1.6 Automatically Collected Data

We collect non-personal information through cookies and similar technologies, including browser type, device information, referring URLs, access times, and usage patterns. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted).

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Sync and display your email and calendar data within the Service.
  • Provide AI-powered analysis and suggestions to support your sales workflow.
  • Match emails to lead records in your pipeline.
  • Communicate with you regarding support, updates, and service-related notices.
  • Monitor and improve the performance and security of the Service.

3. AI Processing

Certain data, including email content linked to your leads, may be sent to third-party AI services for analysis. When this occurs:

  • Only the minimum data necessary is sent for processing.
  • Only structured outputs (such as summaries and scores) are stored by PantheOS. The original content is not retained after processing.
  • We do not use your data to train AI models.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

  • Service providers: We use third-party vendors for hosting, database services, AI processing, and data enrichment. These vendors process data only on our behalf and in accordance with this Privacy Policy.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5. Data Retention

  • Email metadata: Retained while your account is connected to the respective email provider. Deleted upon disconnection.
  • Calendar events: Synced on a rolling window and removed when outside that window or upon disconnection.
  • Lead records and AI-generated signals: Retained as part of your account until you delete them or delete your account.
  • OAuth tokens: Deleted immediately upon disconnection of the relevant service.
  • Account data: Deleted upon request. To request deletion of all your data, contact jacob@pantheos.ai.

6. Account Deletion

You may request deletion of your account and all associated data by contacting us at jacob@pantheos.ai. Upon receiving a verified deletion request, we will, within 30 days:

  • Delete your account and login credentials.
  • Delete all lead records, notes, pipeline data, and AI-generated signals associated with your account.
  • Delete all stored email metadata and calendar event data.
  • Delete all OAuth tokens and revoke our access to your connected services (Google, Microsoft, Slack).
  • Remove your data from active databases. Some data may persist in encrypted backups for a limited period before being automatically purged.

Deletion from PantheOS does not delete data held by third parties (such as Google, Microsoft, or LinkedIn). To remove data from those services, you must do so directly through their respective account settings.

We may retain limited data where required by law or to resolve disputes, but only for as long as legally necessary.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including encryption of data in transit (HTTPS), database-level access controls ensuring users can only access their own organization’s data, and short-lived access tokens for third-party connections. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

In the event of a data breach affecting your personal data, we will notify affected users and relevant authorities as required by applicable law, including within 72 hours where required by GDPR.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data or account (see Section 6).
  • Export your data in a portable format.
  • Revoke access to any connected third-party service at any time from the integrations page, or directly from your Google Account (myaccount.google.com/permissions) or Microsoft Account settings.
  • Opt out of marketing communications at any time.

To exercise any of these rights, contact us at jacob@pantheos.ai. We will respond to all requests within 30 days.

9. Data Controller and Processor

Pantheos AI, Inc. is the data controller for your account information and any data we collect directly from you or from connected services on your behalf.

When you store information about your customers or leads in the Service, we act as a data processor on your behalf. You are responsible for ensuring you have the appropriate legal basis to store and process your customers’ data using the Service.

10. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

10.1 Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: Processing necessary to provide the Service you signed up for.
  • Consent: When you connect third-party accounts (Google, Microsoft, Slack) or install the Chrome Extension, you provide explicit consent for us to access and process the relevant data. You may withdraw consent at any time by disconnecting the service.
  • Legitimate interest: For analytics, security monitoring, and improving the Service, where such interests are not overridden by your rights.

10.2 International Data Transfers

Your data is processed and stored in the United States. By using the Service, you consent to the transfer of your data to the United States. We rely on Standard Contractual Clauses and other approved mechanisms to ensure appropriate safeguards for international transfers where required.

10.3 Additional Rights

In addition to the rights listed in Section 7, European users have the right to:

  • Restrict processing of your personal data in certain circumstances.
  • Object to processing based on legitimate interest.
  • Lodge a complaint with your local data protection authority.

11. California Users (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale of your personal information. We do not sell personal information.
  • Not be discriminated against for exercising your privacy rights.

To exercise these rights, contact us at jacob@pantheos.ai.

12. Google API Services — Limited Use Disclosure

PantheOS’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data for the purposes described in this Privacy Policy and as consented to by the user.
  • We do not use Google user data for serving advertisements.
  • We do not sell Google user data.
  • We do not use Google user data for training artificial intelligence or machine learning models.

12.1 Google User Data Retention

Google user data obtained through Gmail and Google Calendar APIs is retained only as long as necessary to provide the Service:

  • Email metadata (sender, recipients, subject, snippet, timestamps, read status, labels): retained while your Google account is connected. Deleted upon disconnection.
  • Email content: fetched on-demand and processed in memory only. Full email bodies are not permanently stored on our servers.
  • Calendar event data (title, time, location, attendees, conferencing links, RSVP status): synced on a rolling window (1 month past to 3 months future). Events outside this window are automatically removed. All calendar data is deleted upon disconnection.
  • OAuth tokens: deleted immediately when you disconnect your Google account.
  • AI-generated outputs: structured outputs (summaries, scores) derived from Google data are retained as part of your account and deleted when you delete your account. The original Google data used to generate them is not retained after processing.

12.2 Google User Data Deletion

You can delete Google user data from PantheOS at any time by:

  • Disconnecting your Google account from the integrations page within PantheOS. This immediately deletes all stored email metadata, calendar data, and OAuth tokens associated with your Google account.
  • Revoking access directly from your Google Account at myaccount.google.com/permissions.
  • Requesting full account deletion by contacting us at jacob@pantheos.ai. All Google user data will be deleted within 30 days of a verified request.

Deletion of Google user data from PantheOS does not delete data held by Google. To manage data stored by Google, visit your Google Account settings.

13. Microsoft API Services — Data Handling

PantheOS’s use of information received from Microsoft APIs (Outlook & Microsoft Calendar) adheres to the Microsoft APIs Terms of Use. Specifically:

  • We only use Microsoft user data for the purposes described in this Privacy Policy and as consented to by the user.
  • We do not use Microsoft user data for serving advertisements.
  • We do not sell Microsoft user data.
  • We do not use Microsoft user data for training artificial intelligence or machine learning models.

13.1 Microsoft User Data Retention

Microsoft user data obtained through Outlook and Microsoft Calendar APIs is retained only as long as necessary to provide the Service:

  • Email metadata (sender, recipients, subject, preview, timestamps, read status, importance, categories): retained while your Microsoft account is connected. Deleted upon disconnection.
  • Email content: fetched on-demand and processed in memory only. Full email bodies are not permanently stored on our servers.
  • Calendar event data (title, time, location, attendees, meeting links, RSVP status): synced on a rolling window (1 month past to 3 months future). Events outside this window are automatically removed. All calendar data is deleted upon disconnection.
  • OAuth tokens: deleted immediately when you disconnect your Microsoft account.
  • AI-generated outputs: structured outputs (summaries, scores) derived from Microsoft data are retained as part of your account and deleted when you delete your account. The original Microsoft data used to generate them is not retained after processing.

13.2 Microsoft User Data Deletion

You can delete Microsoft user data from PantheOS at any time by:

  • Disconnecting your Microsoft account from the integrations page within PantheOS. This immediately deletes all stored email metadata, calendar data, and OAuth tokens associated with your Microsoft account.
  • Revoking access directly from your Microsoft Account at account.live.com/consent/Manage.
  • Requesting full account deletion by contacting us at jacob@pantheos.ai. All Microsoft user data will be deleted within 30 days of a verified request.

Deletion of Microsoft user data from PantheOS does not delete data held by Microsoft. To manage data stored by Microsoft, visit your Microsoft Account privacy settings.

14. Children’s Privacy

The Service is not directed to anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe we have collected such information, please contact us at jacob@pantheos.ai.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at:

Pantheos AI, Inc.
131 Continental Drive, Suite 305
Newark, Delaware 19713
jacob@pantheos.ai
(765) 753-8109