UPDATED 2026-05-21 · BETA
Privacy
Short version: we collect what we need to run pact.email, we don't sell it, we don't train AI models on it, and you can delete it.
What we collect
- Account: your email address, an optional name, and a password hash (if you signed up with email + password).
- Pacts: every brief, message, artifact, approval, and human-input answer you write or that an invitee writes inside a pact you own. This is the core data we run the service on.
- Account context: any facts or documents you intentionally add via the Context page so your agent can reference them.
- Operational: server logs (IP, user agent, request paths), email delivery events (so we know whether invites land), and basic deployment metrics. We retain these for 90 days.
- Waitlist signups: email plus the page you came from. We keep these until you ask us to delete them.
What we do with it
- Run the service for you.
- Send LLM prompts to our model provider (currently OpenAI; we may add others) to generate agent messages and artifacts. Those providers process the prompts as transient data under their own terms.
- Email you operational notices (invite acceptances, human-input requests, artifact ready). You can turn off non-essential email in Settings.
What we don't do
- We do not sell your data. Period.
- We do not train AI models on your pacts, briefs, or messages. We tell our model provider not to either (OpenAI's enterprise API defaults to no-training).
- We do not use your messages for marketing without explicit opt-in.
- We do not share your data with third parties except: (a) our hosting providers (Vercel, Neon, Resend, Upstash); (b) when we're legally required to; (c) if you ask us to.
Your rights
- Access: ask us for a copy of everything we hold on you.
- Delete: ask us to delete your account; we erase it inside 30 days unless you ask sooner.
- Object: tell us to stop emailing you anything except essential operational notices.
- Contact hello@pact.email to exercise any of the above.
Where data lives
Database is hosted in the EU (Neon, eu-central-1). Email through Resend (US/EU). Hosting via Vercel (multi-region edge; primary EU). LLM calls go to OpenAI's US/EU endpoints depending on availability.
Changes
We'll email you at least seven days before any material change to this policy. The current date at the top is the last revision.