Privacy Policy

We collect several classes of information when you use our services: • Account Information: Name, email address, password, payment information, and shipping address. • Sensor & Health Data: Photoplethysmography (PPG) signals, heart rate, heart rate variability, SpO2, skin temperature, and accelerometer data collected by paired Paean tracking devices. Note: This data is stored locally and not transmitted without your explicit sharing consent. • Voice & Interaction Data: Audio recordings, transcriptions, text inputs, and system logs generated through interaction with Paean Agent or Voice components. • Device & Usage Data: IP address, device identifiers, diagnostic events, crash reports, and interaction analytics.

We only use the data to provide and improve our services: • Provisioning Services: Operating our hardware and software, creating your health and AI interaction profiles. • AI Agent Processing: Analyzing voice and context data to form "External Memory" and provide cognitive assistance. • Communication: Sending important service updates, notifications, and promotional materials (with opt-out mechanisms). • Security: Securing your account, tracking anomalies, and preventing unauthorized access.

Core to the Paean architecture is the local-first processing paradigm: • Edge Processing: Raw physiological and voice data is predominantly processed on the edge device or your paired local hardware. • Opt-in Cloud Syncing: We do not automatically upload raw biosensor readings or personal voice recordings to a centralized cloud. • AI Model Safeguards: We NEVER use your personal interactions, voice recordings, or physiological data to train global foundation AI models without explicit, opt-in consent.

We do not sell your personal data. We only share information with third parties in the following circumstances: • Service Providers: Trusted payment processors (e.g., Stripe), hosting platforms, and logistics partners who act on our behalf. • Third-Party AI Services: If you elect to use third-party LLMs via the Paean Agent, your data will be governed by their respective privacy policies. We provide built-in anonymization tools for these endpoints. • Legal Requirements: When required to comply with applicable laws, legal processes, or to protect the rights, property, or safety of Paean, our users, or the public.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including meeting legal and accounting requirements. Account data, including synced metrics, is deleted within 30 days of receiving an account deletion request, except where legally required to retain certain records.

Paean Services are not directed at children under the age of 13. While hardware may be shared via "Family Mode", primary account holders must meet the age restrictions specified in our Terms of Service. If we become aware we have collected personal data from a child without verifiable parental consent, we will delete that information.

Depending on your jurisdiction (such as under the GDPR or CCPA), you may have the right to request access to, correction of, or deletion of your personal data. You may exercise these rights or make inquiries by contacting us at privacy@paean.ai.