Legal

Privacy Policy

Last updated: May 18, 2026

This policy explains what Pluh Inc. (“Pluh,” “we,” “us”) collects when you use Pandu, what we do with it, and the choices you have. Pandu is the iOS app and the website at panducare.com. Together we call them the “Service.”

1. Who we are

Pluh Inc. is a Delaware C corporation. We are the data controller for the personal information described here. You can reach us at hey@thepandu.app.

2. What we collect

Things you give us

  • Account info: your email address, and a name or nickname if you choose to share one.
  • Skin profile:answers you give during onboarding — skin type, sensitivities, goals, age range, and optional details like pregnancy or breastfeeding status. You decide what to share.
  • Your routine: the steps you build, the products you save to your shelf, and the daily check-ins you tap off.
  • Face scans:photos you take of your skin so Pandu can show your progress over time. See §4.
  • Product scans: photos of product labels or barcodes when you ask Pandu to check a product.
  • Messages to your AI panda: anything you type into the in-app chat.

Things we collect automatically

  • Device and app info: device model, OS version, app version, language, timezone.
  • Usage events: screens viewed, actions taken (open, scan, complete a step), session length. Used to understand how Pandu is working.
  • Crash reports: stack traces and surrounding state when the app crashes.
  • A random per-install identifier.We do not use Apple’s IDFA and we do not ask for tracking permission.

Things we do not collect

We do not collect precise location, your contacts, microphone audio, or your camera roll beyond the specific photos you choose to share with the app.

3. How we use what we collect

We use the information above to:

  • Run the Service: sign you in, save your routine, sync between devices.
  • Show you your progress over time and rate products against your skin profile.
  • Power the AI panda. When you chat, we send your message, your recent routine context, and your skin profile to our AI provider so the reply is relevant. See §6.
  • Send push notifications you have opted into (routine reminders, streak nudges).
  • Diagnose crashes and improve the app.
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with our legal obligations.

We do not sell your personal information. We do not run third-party ads inside Pandu. We do not share your data with advertisers or data brokers.

Legal bases (UK / EEA users). Where GDPR applies, we rely on: your consent (face scans, optional profile fields, push notifications); performance of our contract with you (account, routine, shelf, billing); legitimate interest (security, fraud prevention, debugging, basic product analytics); and legal obligation (responding to lawful requests).

4. Face scans

Face scans get extra care.

  • They are encrypted in transit and at rest, and tied only to your account.
  • We use them to draw your visual timeline, generate per-scan analyses (texture, tone, breakouts), and — only with your explicit opt-in — improve the model that produces those analyses.
  • We do not sell or share face scans with advertisers.
  • We do not use face scans for biometric identification or to recognise you across other services.
  • You can delete any individual scan in Scan History. Deleting your account removes all scans within 30 days, except where they have already been written to a rolling backup (also deleted within 30 days).

5. Children

Pandu is not for children under 13 (or under 16 in the EU and UK). We do not knowingly collect personal information from people in those age groups. If you think a child has given us information, email hey@thepandu.app and we will delete it.

6. Who we share information with

We share information only with vendors that help us run Pandu. Each is contractually limited to processing data on our behalf.

VendorWhat they do for us
SupabaseDatabase, authentication, file storage (face scans, product photos)
CloudflareAPI hosting, website hosting, edge delivery, DDoS protection
AnthropicPowers the AI panda. Receives your message and limited routine context for each reply.
PostHogProduct analytics (events, retention, funnels)
SentryCrash reporting
AppleApp Store subscriptions, Sign in with Apple, push notifications

We may also share information when required by law, in response to lawful requests from public authorities, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

If Pluh goes through a merger, acquisition, or sale of part of the business, your information may be transferred as part of that deal. We will notify you before your information becomes subject to a different privacy policy.

7. International transfers

Pluh is based in the United States. Some vendors process data in other countries. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms to protect information transferred outside the EEA or UK.

8. How long we keep things

  • Account data, routine, shelf: while your account is active.
  • Face scans and scan analyses: while your account is active.
  • Analytics events and crash reports: up to 12 months in identifiable form.
  • AI panda conversations: up to 90 days.
  • Rolling backups: up to 30 days after deletion.

You can delete your account inside the app (Settings → Account → Delete account) or by emailing us. We will permanently delete your data within 30 days, except where we are legally required to keep it (for example, billing records for tax purposes).

9. Your rights

Depending on where you live, you may have the right to:

  • Access the information we hold about you
  • Correct inaccurate information
  • Delete your information
  • Receive your information in a portable format
  • Restrict or object to certain processing
  • Withdraw consent you previously gave
  • Lodge a complaint with your local data protection authority

To use any of these rights, email hey@thepandu.app from the address tied to your account. We will respond within 30 days. We will not treat you any differently for asking.

California residents. Under the CCPA you have the rights listed above. We do not sell personal information, and we do not share it for cross-context behavioral advertising as the CCPA defines that term.

10. Security

We use standard safeguards: TLS in transit, encryption at rest, scoped access tokens, audit logs, and row-level security on our database so each account only sees its own data. No system is perfectly secure; if we discover a breach affecting you, we will notify you as required by law.

11. Cookies and tracking

Pandu does not use third-party advertising cookies. The website at panducare.com uses essential cookies for basic functionality, plus first-party product analytics. You can clear cookies in your browser settings at any time.

12. Changes to this policy

We will update this policy when our practices change. If a change is material, we will let you know inside the app or by email before it takes effect. The “Last updated” date at the top tells you when the current version was published.

13. Contact

Pluh Inc., Attn: Privacy
Email: hey@thepandu.app