How we handle your data

The promises

Four things Pario will not do.

Enterprise buyers will not adopt a tool that exposes their internal commercial intent. This is the architectural commitment, not a policy choice we could reverse later. The product is built around it.

We will not train AI models on your inputs.

Your project descriptions, scope inputs, requirements, and conversation data are processed to generate your output and nothing else. Not by us. Not by our AI provider.

We will not sell your personal information.

No data brokers. No advertising networks. No third parties paying us for access to who you are or what you are buying.

We will not expose your commercial intent.

What you are evaluating, what it might cost, who is involved internally. That is sensitive information. We treat it that way, and our subprocessor list reflects that.

We will not ask for more than we need.

No precise geolocation. No biometric data. No cross-site tracking. No third-party analytics on our marketing site. Email, password, and what you choose to put in a project.

What we collect

The short list, with reasons.

Account information: Email and password when you create an account. Name, title, and department if you fill in your profile. Used to authenticate you and to attribute work to the right person inside your organization.
Access request information: Name, company, work email, and role when you submit a request through planwithpario.com. Used to respond to you and decide whether to invite you to the beta.
Project content: The text you put into Pario. Project descriptions, scope inputs, requirements, conversation responses. Used to generate the output you asked for. Not used for anything else.
Usage data: Anonymized and aggregated patterns about which features get used and how long sessions last. Used to make the product better. Not tied back to you personally.
Log data: IP address, browser type, pages visited on planwithpario.com. Collected automatically by our hosting provider. Used for security and operations.

Subprocessors

Who touches your data, and what they do.

A short, named list. No surprises. Each one handles only what is necessary to do its job.

Provider	What they do	What they handle	Location
Anthropic PBC	AI inference (Claude API)	Project inputs and prompts	United States
Supabase Inc.	Database, authentication, storage	Account data, project content, usage logs	United States (AWS us-east-1)
Vercel Inc.	Application hosting and compute	Request logs, IP addresses	United States
Formspree	Access request form processing	Name, company, email, role	United States

Retention

How long we keep what we have.

Account data: For as long as your account is active. Deleted within thirty days of an account deletion request.
Project content: Until you delete the project, or until you delete your account.
Usage logs: Ninety days, then deleted or anonymized.
Access request submissions: Held by Formspree per their policy. We keep the contact information only until we have responded to you, or for a maximum of twelve months.

Your rights

What you can ask us to do.

Depending on where you are, you have rights over the personal information we hold about you. Email hello@planwithpario.com to exercise any of them. We respond within thirty days.

Access — ask for a copy of the personal information we hold about you.
Correction — ask us to fix anything that is inaccurate.
Deletion — ask us to delete your account and the data associated with it.
Portability — ask for your project data in a portable format.
Objection — object to specific uses of your information.

Security

The baseline we hold ourselves to.

Data in transit is encrypted with TLS. Data at rest in Supabase is encrypted with AES-256. Access to production systems requires multi-factor authentication. Row-level security policies isolate every organization's data from every other organization's, enforced at the database layer.

Pario is in beta. We take security seriously and we will not pretend the product is invulnerable. If you find a security issue, please report it to hello@planwithpario.com.

The fine print

What this page is, and what it is not.

This page is the plain-English version of how Pario handles data. It exists to make the substance readable for the procurement, legal, and information security professionals who need to vet us before their organization uses the product.

It is not a substitute for the binding documents. If anything on this page reads differently than the Privacy Policy, EULA, or Terms of Use, the binding documents control.