This describes what we collect, why, who we share it with, and your options. Plain language. We try not to collect things we don't need.
What we collect
- From you, at signup: your email address (your sign-in identifier), your country (you pick), your phone number (so support can reach you), your 4-digit PIN (we store a one-way hash — we cannot see the PIN itself), and a chosen display name.
- Optional: a profile photo, an alternate phone number for backup contact.
- From your usage: the apps you install, the actions you take inside them (which we keep because the apps work by storing your business data), your billing history, your wallet transactions, your login history (for security).
- From your devices, automatically: IP address (rate-limiting + region inference), browser user-agent, the last page you visited inside the platform.
What we DON'T collect
- We don't run third-party advertising or analytics trackers on the platform.
- We don't track you across other websites.
- We don't sell your data to anyone, ever.
- We don't train machine-learning models on your business data.
How we use what we collect
- To run the apps you installed and serve your data back to you.
- To bill you (we send your plan price + currency + masked card identifier to Stripe or Paystack; we never see your raw card number).
- To send you transactional emails: signup verification link, PIN-reset codes, payment receipts, suspension warnings, account alerts.
- To detect abuse (rate-limiting bad logins, blocking signup floods, integrity-checking backups).
- To answer your support requests when you message us.
Who we share it with
- Stripe (for USD-currency users) — receives your masked card details + charge amount.
- Paystack (for NGN-currency users) — same.
- Our email provider — receives your email address + the message we want delivered (signup verification, PIN-reset codes, receipts).
- Let's Encrypt — receives your custom-domain name when we provision an SSL certificate for it.
- That's it. We don't sell, rent, or otherwise share your data with anyone else.
How long we keep it
While your account is active, we keep your data so the platform works. When you cancel a plan, your app data stays available during the 30-day grace window in case you reactivate. After the grace window expires, app data is permanently deleted. Billing history (receipts, charges) is retained for 7 years to comply with tax/regulatory record-keeping.
When you delete your account from your account page, we delete your profile, your app data, your custom-domain mappings, and your wallet balance. Audit-log entries we are required to retain by law (e.g. financial records) we keep in a deactivated state for the period the law requires.
Cookies and local storage
We use a session cookie to keep you logged in, and a CSRF-token cookie to protect form submissions. We also store a small number of preferences in your browser's localStorage (your chosen theme, your last-viewed app). None of it leaves your device for analytics or advertising.
Your rights
- See your data: everything we hold about you is visible in your account and inside your apps. Request a downloadable export by contacting support — we'll send a JSON file with your profile, billing history, and app-level rows.
- Correct it: edit your name, phone, email any time from your account page.
- Delete it: use Delete Account on the account page, or contact support if anything blocks you.
- Object: we don't do automated profiling for decisions that affect you. Suspension/lockout decisions are reviewable — message support to appeal.
Security
All traffic is HTTPS. PINs are stored as bcrypt hashes — we cannot see your PIN. Sensitive admin-side notes (FTP credentials, etc. shared with you) are encrypted at rest with AES-256-GCM. We run integrity checks on database backups daily.
That said, no system is unbreakable. If we ever experience a breach that may affect you, we'll tell you within 72 hours of becoming aware of it.
Where your data lives
Pancho runs from servers in a single region. Your data may be processed in that region regardless of where you live. If that's a concern for your business, contact us before signing up.
Children
Pancho is for adults running businesses. We don't knowingly accept signups from anyone under 18. If you believe a minor has created an account, tell us and we'll close it.
Changes
We'll update this policy when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes get an in-app notice; continued use after the change means you accept the new version.
Contact
Questions, requests, or breach reports — call +14042288580 or visit Support from inside your account.