PallasAI

PallasAI

Get Started

Privacy Policy

Effective Date: January 23, 2026

Pallas AI (HK) Limited (“we”, “us”, or “our”) is the data controller of Pallas AI and related services (the “Service”). We are committed to protecting your privacy and complying with applicable data protection laws, including but not limited to the GDPR, CCPA, and Hong Kong PDPO.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information.

By using Pallas AI, you acknowledge that you have read and understood this Privacy Policy and agree to the data practices described herein, including cross-border data transfers to the United States.

1. Information We Collect

We collect information solely to provide the Service, respond to your instructions, and ensure system security.

1.1 Information You Provide

  • Account Information: email address, username, and password.
  • User Input: text, prompts, configuration settings, and feedback you submit when using the Service.
  • Payment Information: payment details are processed by third-party payment providers (e.g., Stripe). We do not store full credit card or bank account numbers.
  • Communications: information you provide when contacting us.

1.2 Information Collected Automatically

  • Device and Log Data: IP address, browser type, operating system, timestamps, and error logs.
  • Service Usage Data: feature usage and configuration status within the Service, used only for service reliability and troubleshooting.

1.3 Cookies and Similar Technologies

We use cookies to ensure functionality and security:

  • Essential Cookies: required for authentication and security.
  • Analytics Cookies (e.g., Google Analytics): With your explicit authorization, we may access page-level, aggregated traffic data from your connected Google Analytics account (such as page views and trend changes). This data is used only to analyze content performance and generate or adjust blog content recommendations based on your explicit configuration and instructions. We do not use Google Analytics data for advertising, user profiling, remarketing, cross-customer analysis, or any form of AI/ML model training.

2. How We Use Information

We use information strictly within the minimum scope necessary:

  • Service Provision and Maintenance: to operate your account and generate or manage content based on your instructions.
  • Content Analysis and Automation: where authorized, to use aggregated Google Analytics page performance data solely for your current account and website.
  • Security and Stability: to prevent abuse, investigate issues, and maintain system reliability.
  • Service Improvement (Excluding Google User Data): We may use de-identified, aggregated non-Google data to improve product functionality. We do not use data obtained from Google Analytics, Google OAuth APIs, or other Google services for AI/ML model training, general model improvement, or cross-customer analysis.
  • Service Communications: to send essential service-related notifications. We do not send marketing communications based on Google user data.

3. Legal Bases for Processing (EEA Users)

Under the GDPR, our legal bases include:

  • Contractual Necessity: to provide the Service you request.
  • Legitimate Interests: to ensure system security and improve functionality without using Google user data.
  • Consent: for connecting third-party platforms (such as Google Analytics or Shopify) and non-essential cookies.
  • Legal Obligations: to comply with applicable laws.

4. Data Storage and International Transfers

4.1 Storage Location

Our primary servers and databases are located in the United States.

4.2 International Transfers

Personal data may be transferred to and processed in the United States and Hong Kong. For EEA data, we rely on Standard Contractual Clauses (SCCs) or other lawful safeguards.

5. Third-Party Platform Integrations

5.1 Google Analytics

When you authorize Google Analytics access, we only retrieve aggregated, page-level performance data. We do not access Google account identity information and do not use Google Analytics data for purposes beyond the functionality explicitly requested by you.

5.2 Shopify

When you connect a Shopify store, we access only content-related data (such as blog posts, page structure, and publication status) to automatically generate, update, or publish blog content based on your configuration.

We do not:

  • Access orders, payments, or customer personal data
  • Use one merchant’s data for another merchant
  • Perform cross-store analysis or model training

You may revoke Shopify access at any time, and permissions will be terminated immediately.

6. Data Sharing

We do not sell personal data. We may share data only with:

  • Service Providers acting on our behalf under confidentiality obligations
  • Legal Authorities where required by law
  • Business Transfers in the event of a merger or acquisition

7. Your Rights

You may access, correct, or delete your data and revoke Google Analytics or Shopify authorizations at any time. To exercise your rights, contact us at contact@pallasai.io.

8. Children

The Service is not intended for individuals under 18 years of age.

9. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be communicated in advance.

10. Contact

Pallas AI (HK) Limited Email: contact@pallasai.io