Privacy
Policy

We collect the minimum amount of information needed to provide the service:

Account information — your name, email address, and company name when you sign up or join the waitlist.

Product data — the information you enter to create Digital Product Passports. This is your data and belongs entirely to you.

Usage data — basic, anonymised analytics about how people use PandaPass (pages visited, features used). No personal identifiers are attached to this data.

Your information is used for exactly three things:

To provide the service — creating and managing your Digital Product Passports, sending you your login details, and keeping your account working.

To communicate with you — product updates, launch announcements, and responses to questions you send us. You can opt out of non-essential emails at any time with a single click.

To improve PandaPass — understanding in aggregate (never individually) which features people use most, so we can make them better.

That's it. We don't use your data to build advertising profiles, train AI models, or anything else you didn't sign up for.

Nobody outside of PandaPass.

We use a small number of essential infrastructure providers (hosting, email delivery) who process data on our behalf under strict data processing agreements. These providers cannot use your data for their own purposes.

We will never sell your data. We will never share it with advertisers, marketing platforms, or data brokers. We will never give it to anyone who isn't directly involved in keeping PandaPass running for you.

PandaPass stores data on servers located within the European Union, in compliance with GDPR. We chose EU-based infrastructure deliberately — it's the right thing to do for a product built around EU regulation.

Your data is encrypted in transit (HTTPS) and at rest. We take security seriously and follow industry best practices to protect what you entrust us with.

Under GDPR, you have the right to access, correct, or delete any personal data we hold about you. You can also request a copy of your data in a portable format, or ask us to restrict how we process it.

To exercise any of these rights, just email us. We'll respond within 30 days, usually much faster. No hoops to jump through.

You also have the right to withdraw consent for non-essential communications at any time. Every email we send includes an unsubscribe link.

We use only essential cookies — the kind that keep you logged in and remember your preferences (like dark mode). We don't use advertising cookies, tracking pixels, or third-party analytics that follow you around the web.

No cookie banner needed, because we don't use the cookies that require one.

If we ever update this policy, we'll notify registered users by email before the changes take effect. We'll never make changes that reduce your privacy protections without giving you the chance to review them and, if you disagree, close your account.

The current version of this policy will always be available at pandapass.io/privacy.

Privacy policies shouldn't feel like fine print designed to confuse you. If anything here is unclear, or if you have any concern about your data, please reach out. We're a small team and we read every email.