Privacy Policy

Last updated: February 2026 • Version 1.0.0

1. Information We Collect

When you use PA Ninja, we collect:

  • Phone Number: Your WhatsApp or Telegram phone number to identify your account
  • Messages: The messages you send to PA Ninja for processing and context
  • Voice Messages: Audio files you send for transcription
  • Usage Data: How you interact with the service (message counts, features used)
  • Device Information: Basic device/platform info from WhatsApp or Telegram

2. How We Use Your Information

We use your information to:

  • Provide and improve the PA Ninja service
  • Maintain conversation context for better assistance
  • Process payments through Stripe
  • Send important service updates
  • Analyze usage patterns to improve service quality

3. Data Storage

Your data is stored securely using:

  • Supabase: For user data and message history (encrypted at rest, hosted in EU)
  • Hetzner: For compute infrastructure (EU data centers)
  • Stripe: For payment processing (PCI compliant)

We do not sell your data to third parties.

4. AI Processing

Your messages are processed by third-party AI services to generate responses. We use multiple AI providers, including:

  • Anthropic (Claude): US-based, does not use your data for training
  • Moonshot AI (Kimi): China-based, data may be subject to Chinese law
  • Other providers: We may add or switch providers at any time

We select providers based on capability, cost, and performance. Some providers may process data outside your jurisdiction. By using PA Ninja, you consent to this cross-border data processing.

5. Data Retention

We retain your data according to the following schedule:

  • Messages: 90 days, then automatically deleted
  • Voice transcriptions: 30 days, then automatically deleted
  • Account data: Until you request deletion or close your account
  • Payment records: As required by law (typically 7 years)
  • Error logs: 30 days

You can request immediate deletion at any time by messaging "delete my data" to PA Ninja.

6. Third-Party Services

PA Ninja integrates with the following third-party services:

  • WhatsApp: Message delivery (subject to Meta's privacy policy)
  • Telegram: Message delivery (subject to Telegram's privacy policy)
  • Anthropic (Claude): AI processing (US)
  • Moonshot AI (Kimi): AI processing (China)
  • Stripe: Payment processing
  • Supabase: Database hosting (EU)
  • Hetzner: Compute infrastructure (EU)
  • Cloudflare: CDN and DDoS protection
  • Sentry: Error tracking and monitoring

7. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction:

  • EU to US: For AI processing via Anthropic and other US-based services
  • EU to China: For AI processing via Moonshot AI (Kimi)

We implement appropriate safeguards for these transfers where available. However, some jurisdictions may not provide the same level of data protection as your home country. By using PA Ninja, you consent to these international transfers.

8. Cookies and Tracking

Our website uses only essential technical cookies:

  • Session cookies for website functionality
  • Cloudflare security cookies

We do not use advertising cookies, tracking pixels, or third-party analytics on our website. No cookie consent banner is required as we only use strictly necessary cookies.

9. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of your data by messaging "export my data"
  • Deletion: Request deletion by messaging "delete my data"
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain processing activities
  • Rectification: Request correction of inaccurate data
  • Withdraw Consent: Withdraw consent for processing at any time

We will respond to valid requests within 30 days. For EU residents under GDPR, you also have the right to lodge a complaint with your local data protection authority. For California residents under CCPA, you have the right to know what personal information we collect and to request its deletion.

10. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users within 72 hours of becoming aware of the breach, as required by GDPR. Notification will be sent via WhatsApp, Telegram, or email depending on available contact information.

11. Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

12. Children's Privacy

PA Ninja is not intended for users under 16 years of age in the European Union, or under 13 years of age elsewhere. We do not knowingly collect information from children below these age limits. If we become aware that we have collected data from a child below the applicable age, we will delete that information promptly.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via WhatsApp, Telegram, or email. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact

Questions about privacy? Message PA Ninja on WhatsApp or Telegram, or email [email protected].

For GDPR-related inquiries, you may also contact our data protection representative at [email protected].

Back to PA Ninja