external-connections-startups-tanah-basah-basic-outline-tanah-basah
Pelago
← Back to Home

Privacy Policy

Last Updated: November 9, 2025

1. Introduction

This Privacy Policy explains how Pelago ("Pelago," "we," "us," or "our") collects, uses, shares, and protects your information when you use our AI aggregation platform, website, and related services (the "Service").

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

Pelago is designed with reference to major global privacy frameworks, including (where applicable) the EU/UK GDPR and the California Consumer Privacy Act as amended by CPRA ("CCPA"). Your specific rights may vary based on where you live.

2. Who We Are & Scope

Controller:
Pelago
Email: privacy@pelago.dev

This Privacy Policy applies to:

  • Visitors to our website
  • Users who create an account
  • Waitlist subscribers
  • Customers using paid or free Pelago plans
  • Team / workspace users invited by an organization

If you access third-party AI providers or services via Pelago, their privacy policies also apply to their handling of your data.

3. Information We Collect

3.1 Information You Provide

Account & Profile

  • Email address
  • Name or display name (if provided)
  • Password (stored using industry-standard hashing; never in plain text)
  • Workspace / team information (if applicable)

Billing & Subscriptions

  • Billing name and email
  • Plan type and subscription details

Payment card data is processed directly by Stripe; Pelago does not store full card numbers.

Support & Communication

  • Messages you send to our support channels
  • Feedback, survey responses, or other voluntary submissions

Waitlist

  • Email address
  • Signup timestamp and waitlist position
  • Eligibility for early access or promotional offers

3.2 Content You Input into the Service

When you use Pelago, we process:

  • Prompts, messages, and instructions you send
  • Files or links you upload or share
  • Model selections, routing options, and configuration
  • Usage metadata (e.g., which model used, timestamps, token or character counts)

This content may be transmitted to third-party AI providers to generate responses (see Section 5).

3.3 Usage & Technical Information

Collected automatically:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Date/time of interactions
  • Referring/exit pages and URLs
  • Session identifiers and request IDs
  • Feature usage (e.g., which tools or pages are used)

3.4 Cookies & Similar Technologies

We use cookies and similar technologies to:

  • Authenticate you and keep you logged in
  • Remember your preferences (e.g., theme, language, model defaults)
  • Analyze performance and usage
  • Improve security

Types of cookies:

  • Essential: Required for login, security, and core features
  • Preference: Store your settings and choices
  • Analytics: Help us understand and improve Service usage

You can control cookies in your browser settings; disabling essential cookies may limit functionality.

4. How We Use Your Information

We use your information to:

  • Create and manage your account
  • Provide, operate, and maintain the Service
  • Route prompts to selected AI models and return responses
  • Enforce usage limits and apply plan-specific features
  • Process payments, subscriptions, and refunds
  • Provide customer support and respond to inquiries
  • Send transactional and service-related communications
  • Analyze and improve performance, features, and UX
  • Detect, investigate, and prevent fraud, abuse, or security incidents
  • Comply with legal obligations and enforce our Terms of Use
  • Notify waitlist users about launch, access, or promotions

Where required by law (e.g., in the EEA/UK), processing is based on one or more of: performance of a contract, legitimate interests, legal obligations, and/or your consent.

5. How We Share Your Information

We do not sell your personal information.

We share information only as described below.

5.1 Third-Party AI Providers

To generate responses, we send your prompts, relevant context, and model configuration to third-party AI providers you or your workspace choose (e.g., OpenAI, Anthropic, Google, etc.).

  • We limit data to what is necessary to fulfill your request.
  • Transmission occurs over encrypted channels where supported.
  • Each provider processes your data under its own terms and privacy policy. You should review those policies.

5.2 Service Providers

We engage trusted third parties to support our operations, including:

  • Stripe – payment processing
  • Supabase – database, authentication, and infrastructure
  • Hosting/CDN/monitoring providers – to deliver and secure the Service
  • Other tools used for analytics, logging, and support

These providers act on our behalf, are bound by confidentiality and data protection obligations, and may not use your information for their own unrelated purposes.

5.3 Legal, Safety, and Rights Protection

We may disclose information where we believe it is reasonably necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests by public authorities
  • Enforce our agreements and policies
  • Protect the rights, property, or safety of Pelago, our users, or the public

5.4 Business Transfers

If Pelago is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy or a successor policy with similar protections.

6. AI & Data Handling Practices

Because Pelago is an AI aggregation platform:

  • Your inputs and outputs may be stored to:
    • Provide chat history and context
    • Support team/workspace collaboration features
    • Improve reliability, routing, and abuse detection
  • We do not sell your prompts or outputs, or use them for unrelated advertising.
  • If we use data to improve models or features:
    • We will use aggregated and/or de-identified data where possible; and/or
    • Obtain appropriate consent or provide opt-out mechanisms, as required.

7. Data Retention

We retain personal data only as long as needed for the purposes described in this Policy or as required by law.

Default guidelines (customizable per your product setup):

  • Account Information: Retained while your account is active and for a reasonable period after closure for security, fraud prevention, and legal obligations.
  • Chat History:
    • Free: retained for approximately 30 days
    • Pro: retained for up to 1 year
    • Teams/Enterprise: retention may be configurable or unlimited per admin settings
  • Payment & Billing Records: Retained for up to 7 years for tax and compliance.
  • Waitlist Data: Retained until launch, conversion, or removal request.

Backups and logs may preserve limited information for a further restricted period.

8. Data Security

We implement technical and organizational measures to protect your information, including:

  • Encryption in transit (SSL/TLS)
  • Secure password hashing
  • Access controls and audit logging
  • Environment and infrastructure hardening
  • Regular updates and vulnerability remediation
  • Use of reputable infrastructure and payment providers

No security controls are perfect; we cannot guarantee absolute security, but we work to maintain a robust, risk-appropriate security posture.

9. Your Rights & Choices

Your rights depend on your jurisdiction, but we aim to reasonably honor valid requests.

You may be able to:

  • Access personal data we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your account and certain associated data
  • Restrict or object to certain processing
  • Export your data in a portable format
  • Manage marketing and communication preferences
  • Manage cookies and local storage settings

You can exercise many of these via in-app settings or by contacting privacy@pelago.dev.

9.1 EEA/UK Users

Where GDPR/UK GDPR applies, you also have rights to:

  • Transparent information about processing
  • Data portability
  • Withdraw consent (where processing is based on consent)
  • Lodge a complaint with a supervisory authority

9.2 California Residents (CCPA/CPRA)

Where CCPA/CPRA applies, you may have rights to:

  • Know what categories of personal information we collect and disclose
  • Access specific pieces of personal information
  • Request deletion of personal information (subject to exceptions)
  • Correct inaccurate personal information
  • Know whether your personal information is "sold" or "shared"
  • Opt out of sale or sharing
  • Limit the use of sensitive personal information

Pelago does not sell personal information or share it for cross-context behavioral advertising. If this changes, we will update this Policy and provide required opt-out mechanisms.

10. Cookies & Tracking Technologies

You can:

  • Adjust browser settings to block or delete cookies
  • Use any in-app controls (where provided) to manage analytics or optional cookies

Disabling essential cookies may affect core functionality like login, security, and session continuity.

11. Children's Privacy

Pelago is not directed to individuals under 18, and we do not knowingly collect personal information from children.

If you believe we have collected information from a minor, contact privacy@pelago.dev and we will take appropriate steps to remove it.

12. International Data Transfers

Your information may be processed in countries other than your own. Where required, we implement appropriate safeguards for such transfers (for example, Standard Contractual Clauses or equivalent mechanisms) to help ensure your information remains protected.

13. Team / Organization Accounts

If you use Pelago under an organization:

  • Workspace admins may control and access certain data within that workspace.
  • Their own policies may apply to how they handle your information.
  • Pelago processes such data as a service provider/processor in accordance with this Policy and our agreement with the organization.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When we make material changes, we will update the "Last Updated" date and may provide additional notice (e.g., in-app message or email), where appropriate.

Your continued use of the Service after the effective date of any update constitutes acceptance of the revised Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact:

Email: privacy@pelago.dev