PantheonGet Early Access
PantheonGet Early Access

Privacy Policy

Last updated: May 26, 2026

Important: This page may change at any time and will be updated frequently. Please refer to this page as the main source of truth. None of this creates liability - please refer to our Terms of Service for complete legal terms.

1. Introduction

Welcome to Pantheon Labs ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and share information about you when you use our platform, AI assistant (MILO), APIs, and related services (collectively, our "Services").
Pantheon Labs is a comprehensive operator suite designed for frontier founders and funds. Our platform serves as a smart CRM and automation layer focused on organizing and analyzing data across your professional networks and communication channels while maintaining the highest standards of privacy and security.
Please read this privacy policy carefully. If you have any questions about this privacy policy or our data practices, please contact us at [email protected].

2. Information We Collect

We collect several types of information from and about users of our Services:

Account Information

When you register for our Services, we collect your email address, name, and profile information you provide or that is available through connected platforms (such as Telegram, Google, Twitter/X, LinkedIn, or other integrated services).

Communication Data

We collect messages, conversations, and other content you share through our Services across connected communication channels, including Telegram, Gmail, Twitter/X, LinkedIn, WhatsApp, and other integrated platforms. You maintain granular control over which channels and conversations we can access, and you can revoke access at any time.

Payment Information

Payment information is collected and managed by Stripe. Through Stripe's data collection methods, we collect names, phone numbers, business name/ID for invoicing, address for chargebacks, and session information at checkout. For more details about Stripe's data practices, please see their privacy policy at https://stripe.com/privacy.

Vault Opt-in Data

Information you voluntarily upload to our vault system, including data exports, uploaded files, and other data you choose to share for enhanced analysis. This data remains under your control and can be deleted at any time.

Usage Data

Information about how you use our Services, including features you use, actions you take, time spent on our Services, and notification preferences.

Technical Data

Technical information collected when you use our platform and desktop applications, including IP address, device information, browser type and version, time zone setting, and operating system. For interactions through third-party messaging platforms, technical data collection is limited to what those platforms make available through their APIs.

3. How We Collect Your Information

We collect information through:

Direct Interactions

Information you provide when you create an account, subscribe to our Services, request support, or communicate with us.

Automated Technologies

As you interact with our Services, we automatically collect Technical Data using cookies, server logs, and similar technologies.

Third Parties

We may receive information about you from connected platforms (such as Telegram, Gmail, Twitter/X, LinkedIn, and WhatsApp via their respective APIs), analytics providers, and payment processors (Stripe).

4. Alpha Phase Data Access

Important Alpha Notice: During our alpha and beta phases, we have read/write abilities that are fine-grain controlled by you. This means:
  • You maintain granular control over what data we can access
  • We can only access data you explicitly authorize
  • You can revoke access permissions at any time
  • All data access is logged and auditable
Future Changes: These fine-grained controls will be maintained in the future, but our reading abilities of message data will be dropped. This ensures continued privacy protection while maintaining the functionality you need.
User Responsibility: You are wholly liable for your actions on any connected platform. We do not support or condone illegal activities, and users are responsible for ensuring their use of our Services complies with all applicable laws and regulations.
This fine-grained control system ensures that even during our experimental phase, your privacy and data sovereignty remain paramount.

5. How We Use Your Information

We use your information for the following purposes:

Service Provision

  • To provide, maintain, and improve our CRM and smart automation features
  • To process and complete transactions
  • To manage your account and provide you with customer support

Communication

  • To send you technical notices, updates, security alerts, and administrative messages
  • To communicate with you about products, services, offers, and events

Analytics & Security

  • To monitor and analyze trends, usage, and activities in connection with our Services
  • To detect, investigate, and prevent fraudulent transactions and other illegal activities
  • To personalize your experience and deliver content and product features relevant to your interests
  • To comply with legal obligations

6. AI and Machine Learning

Our Services use artificial intelligence and machine learning to provide features such as summarization, search, contact enrichment, and analytics. This section explains how AI interacts with your data.

No Training on Message Data

We do not use the contents of your messages, conversations, or communications data to train machine learning models. This applies to all messaging channels connected to the Services.

How AI Processes Your Data

AI features process your data in real-time solely to provide the Services to you (such as summarization, search, and contact enrichment). Message content is not retained for model training purposes.

Aggregated Data

We may use de-identified, aggregated usage patterns and metadata (such as message volume, response times, and engagement metrics) to improve our algorithms and Services. This data cannot be linked to any individual user or their communications.

Third-Party AI Providers

Your data may be processed by third-party AI providers in order to deliver the Services. We maintain data processing agreements with these providers that prohibit them from retaining or training on your data.

Derived Data

Raw data you provide (messages, contacts, files) remains yours. Data structures, enrichments, and analytical outputs generated by our processing of your raw data constitute our intellectual property, as described in our Terms of Service.

7. Legal Basis for Processing (For EEA Users)

If you are in the European Economic Area (EEA), we process your personal data when:

Contract Performance

We need to perform a contract with you

Consent

You have given us consent to do so

Legitimate Interest

We have a legitimate interest in processing your information

Legal Obligation

We need to comply with legal obligations

8. How We Share Your Information

We may share your personal information with:

Service Providers

Third-party vendors who provide services on our behalf, such as hosting and infrastructure providers, AI processing providers, and payment processing services.

Legal Requirements

When required by law or to protect our rights or the rights of others, such as to comply with a subpoena or similar legal process.

Business Transfers

In connection with a merger, acquisition, or sale of all or a portion of our assets.

With Your Consent

We may share information with third parties when you consent to such sharing.
Important: We explicitly state that Pantheon Labs never sells or shares raw data. We only share anonymized analytics or insights that cannot be traced back to individual users.

9. Data Security

We have implemented appropriate security measures to protect your personal information from accidental loss, unauthorized access, use, alteration, and disclosure. Our security measures include:
  • SHA-256 encryption for all data at rest and in transit
  • Enterprise-grade security infrastructure
  • Limited access controls - only employees with business need can access your data
  • Regular security audits and penetration testing
  • Secure data centers with physical and digital safeguards
However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:
  • The amount, nature, and sensitivity of the data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Applicable legal requirements
In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

11. Your Data Protection Rights

Depending on your location, you may have certain rights regarding your personal information:

Access

You can request copies of your personal information

Rectification

You can ask us to correct inaccurate or incomplete information

Erasure

You can ask us to delete your personal information in certain circumstances

Restriction

You can ask us to restrict the processing of your information in certain circumstances

Data Portability

You can ask us to transfer your information to another organization or to you

Objection

You can object to our processing of your personal information
If you wish to exercise any of these rights, please contact us at [email protected]. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

12. California Privacy Rights

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA). These include the right to request disclosure of personal information we collect, use, disclose, or sell, and the right to request deletion of personal information. To exercise these rights, please contact us at [email protected].
We do not sell personal information to third parties. We may share personal information with service providers who process information on our behalf.

13. Age Requirements

Our Services are available to users who have reached the age of majority or consent in their respective geography. We do not knowingly collect personal information from individuals below the age of majority without appropriate parental or guardian consent. If you believe we might have any information from or about someone below the age of majority without proper consent, please contact us at [email protected].

14. International Data Transfers

We are based in the United States and process information on servers located in the United States and potentially other countries. If you are located outside the United States, your information may be transferred to, stored, and processed in a country different from your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country.
If we transfer your information outside of the EEA, we will take steps to ensure that appropriate safeguards are in place to protect your personal information.

15. Platform Compliance

Our Services integrate with third-party platforms including Telegram, Gmail/Google Workspace, Twitter/X, LinkedIn, and others. We adhere to each platform's privacy standards and data handling requirements.
For Telegram specifically, we comply with Telegram's bot terms and privacy standards. For more information, see Telegram's privacy policy at https://telegram.org/privacy-tpa. We follow all privacy guidelines set forth by platforms that distribute Telegram apps, including Google's Developer Policies.

16. Data Sovereignty

We are committed to advancing privacy-preserving technologies and your control over your data.
Data Ownership Principle: Everyone's raw data is theirs. We don't resell, don't reshare, or give access to others outside our analytics. Your data sovereignty is fundamental to our platform design. For information about data derived from your raw data through our processing, see Section 6 (AI and Machine Learning) and our Terms of Service.

17. Changes to This Privacy Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through our Services prior to the changes becoming effective. We encourage you to review this privacy policy periodically to stay informed about our data practices.
Your continued use of our Services after any changes to this privacy policy will constitute your acceptance of such changes.

18. Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact us at:

Email: [email protected] Website: https://pantheon.run For Data Deletion Requests: [email protected] For Privacy Inquiries: [email protected]