Pendium

Privacy Policy

Last updated: April 12, 2026

1. Introduction

This Privacy Policy explains how Pendium.ai (’we,’ ’our,’ or ’us’) collects, uses, shares, and protects information in connection with our website, applications, and services (collectively, ’Services’). Our Services include AI visibility monitoring, content optimization, hosted blog publishing, brand analysis, and related features designed to help businesses understand and improve how AI platforms perceive and recommend them. By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect several types of information from and about users of our Services:

Account Information

When you create an account, we collect your email address and account credentials. When you use our Services, we collect your brand or business information (name, website, description, industry), social media account connections and associated public profile information, and subscription and billing details. We also gather usage analytics and metrics related to your account activity to ensure proper service operation and security.

AI Visibility and Content Data

Our platform's core functionality involves monitoring AI platform perception and generating optimized content. We collect data necessary to operate these services, including AI visibility scan results (how AI platforms like ChatGPT, Claude, and Gemini perceive and recommend your brand), content you create or that our AI tools generate on your behalf (blog posts, social media content, content briefs), brand voice configurations and knowledge base materials you upload, and performance metrics and analytics data. This data is essential for delivering our Services and improving them over time.

Technical Information

We automatically collect technical information necessary for platform operation and security. This includes your IP address and approximate location information, device specifications including type, model, and operating system, browser type and settings, usage patterns and navigation data, and system error logs and performance data. This information helps us maintain service quality and security.

Third-Party Platform Data

When you connect third-party accounts (such as social media platforms, WordPress, or Webflow), we collect publicly available profile information and content necessary to provide our Services. This may include social media post history for brand voice analysis, CMS connection credentials for content publishing, and publicly available information about your brand from AI platforms.

Cookies and Tracking Technologies

We and our third-party partners use cookies, pixel tags, and similar technologies to collect information about your browsing activity and to distinguish you from other users. This helps us provide a better experience and allows us to improve our Services. The types of cookies we use include:

  • Strictly Necessary Cookies: Required for basic site functionality, authentication (via Privy), and security. These cannot be disabled.
  • Functional Cookies: Used to remember your preferences, settings, and choices to personalize your experience.
  • Analytics Cookies: Help us understand how visitors interact with our Services so we can measure and improve performance. We use the following analytics services:
    • PostHog — product analytics, session recording, and feature usage tracking
    • Google Analytics (GA4) — website traffic analysis, user behavior, and conversion measurement
    • Vercel Analytics — page performance and web vitals monitoring
  • Marketing Cookies: Used for advertising measurement, retargeting, and conversion tracking. We use the following marketing services:
    • Meta (Facebook) Pixel — ad conversion tracking and retargeting across Facebook and Instagram
    • Twitter (X) Pixel — ad conversion tracking and audience measurement on Twitter/X

For visitors in the European Economic Area, United Kingdom, and Switzerland, analytics and marketing cookies are only activated after you provide consent through our cookie banner. You can change your preferences at any time using the “Cookie Settings” link in our website footer. For all other visitors, you can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

3. How We Use Information

Service Operation

We use your information to operate and improve our Services. This includes managing your account, running AI visibility scans, generating and publishing content, processing subscription payments, optimizing platform performance, providing technical support, and communicating important account and service updates. We maintain detailed operational records to ensure service quality and security.

Analysis and Improvement

We analyze user data to enhance and improve our Services. This includes monitoring system performance, implementing security measures, preventing fraud, fixing technical issues, and developing new features. We may aggregate and anonymize data for platform optimization and research purposes.

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR). The legal bases we rely on include:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide Our Services to you, including account management, AI visibility scans, content generation, hosted blog publishing, and subscription billing.
  • Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, including platform security, fraud prevention, service improvement, analytics, and direct marketing (where not overridden by your rights). You may object to processing based on legitimate interests at any time.
  • Consent (Art. 6(1)(a)): Where you have given explicit consent to processing, such as for optional analytics cookies or promotional communications. You may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.
  • Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, such as tax record retention, regulatory reporting, or responding to lawful government requests.

4. Information Sharing

Third-Party Services

We share certain information with third-party services that are essential to our platform operation. This includes sharing necessary data with AI language model providers (such as OpenAI, Anthropic, and Google) to perform visibility scans and generate content, social media platforms when you connect accounts for publishing, CMS platforms (WordPress, Webflow) when you publish content, analytics providers who help us understand user behavior and improve our Services, authentication providers for account security, and payment processors for subscription billing. These third parties are required to handle your information in accordance with applicable privacy laws and security standards.

AI Data Processing

When you use our AI-powered features (visibility scans, content generation, content briefs), your brand information and related data may be sent to third-party AI language model providers for processing. We do not use your data to train AI models. The data shared with AI providers is limited to what is necessary to perform the requested operation. Each AI provider processes data according to their own privacy policies and data handling practices.

Content You Create and Publish

When you use Our Services to generate, edit, or publish content (including blog posts, social media content, and other materials), we process the inputs you provide (brand information, knowledge base materials, prompts, and instructions) and the resulting outputs (generated text, recommendations, and optimization suggestions). This content may be stored in our systems and used to deliver our Services to you.

Content you choose to publish through Our Services to external platforms (your hosted blog, WordPress, Webflow, social media, or other channels) becomes publicly available and is no longer under our exclusive control. Once published, such content may be indexed by search engines, referenced by AI platforms, and accessed by the general public. You are solely responsible for the content you choose to publish and for any consequences of that publication, including impacts on your search engine rankings, AI visibility, online reputation, or business performance.

Legal Requirements

We may share your information when required by law or to protect our rights and the security of our platform. This includes responding to valid court orders or legal processes, complying with regulatory obligations, responding to legitimate government requests, protecting our rights and property, and enforcing our Terms of Service. We evaluate each request carefully and only disclose information necessary to meet legal requirements.

5. Data Security

We implement comprehensive security measures to protect your information, including:

  • Industry-standard encryption for sensitive data transmission and storage
  • Secure server infrastructure with regular security updates
  • Periodic security audits and vulnerability assessments
  • Strict access controls and authentication requirements
  • Regular security training for our personnel

Despite these measures, no method of electronic storage or transmission is 100% secure. While we use commercially reasonable means to protect your information, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk and understand that:

  • Security breaches could occur despite our precautions
  • Third-party services may have different security standards
  • Network and system vulnerabilities are an inherent risk
  • Unauthorized access attempts may occur
  • Data shared with third-party AI providers is subject to their respective privacy policies

We will notify you of any security breach affecting your personal information in accordance with applicable laws and regulations.

6. User Rights

Access and Control

You maintain significant control over your personal information through our platform. Through your account settings, you can:

  • View and update your personal information at any time. This includes your profile details, connected accounts, and brand configurations.
  • Request corrections to any inaccurate or incomplete data we hold about you. We will process these requests within a reasonable timeframe, typically 30 days.
  • Download a comprehensive copy of your data, including your account information, visibility scan results, and generated content.
  • Delete your account and associated data, subject to our data retention requirements and backup procedures.
  • Opt out of certain non-essential data collection and processing while maintaining core service functionality.

California Privacy Rights

For California residents, we provide additional rights under the California Consumer Privacy Act (CCPA). These rights include:

  • The right to know what personal information we collect, use, share, and sell. We provide this information in this Privacy Policy and upon verified request.
  • The right to request deletion of your personal information, subject to certain exceptions provided by law.
  • The right to opt-out of the sale of your personal information. Currently, we do not sell personal information as defined by the CCPA.
  • Protection against discrimination for exercising your privacy rights. We will not deny services, charge different prices, or provide a different quality of service based on your privacy choices.
  • The right to request detailed disclosures about personal information collected, shared, or sold in the past 12 months.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access (Art. 15): You may request a copy of the personal data we hold about you, along with information about how it is processed.
  • Right to Rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): You may request deletion of your personal data, subject to legal retention obligations and other applicable exceptions.
  • Right to Restrict Processing (Art. 18): You may request that we limit the processing of your personal data in certain circumstances, such as while we verify accuracy or assess an objection.
  • Right to Data Portability (Art. 20): You may request your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
  • Right to Object (Art. 21): You may object to processing based on legitimate interests or direct marketing at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, contact us at legal@pendium.ai. We will respond within 30 days (or within the timeframe required by applicable law). We may request verification of your identity before processing your request.

7. Data Retention

Data Retention Periods

We retain your information for the duration necessary to fulfill the purposes outlined in this Privacy Policy and as required by law. Specifically:

  • Account information is maintained for the duration of your active account, plus any additional period required by law or necessary for legal defense. This includes basic profile information, account settings, and authentication data.
  • Billing and subscription records are retained to comply with financial regulations, tax requirements, and audit needs.
  • Technical logs and system data are retained for security and debugging purposes, typically for a period of 90-180 days, unless a longer retention period is necessary for security, fraud prevention, or legal compliance.
  • Content and visibility data, including scan results, generated content, brand voice configurations, and knowledge base materials, is retained while your account is active and for a reasonable backup period afterward to enable service restoration and problem resolution.

Extended Retention

We may retain certain information even after account deletion in the following circumstances:

  • Legal Requirements: When we are required to maintain records by applicable laws, regulations, or legal obligations.
  • Business Operations: When retention is necessary for legitimate business purposes, such as fraud prevention, security enhancement, or dispute resolution.
  • Technical Constraints: Information may persist in our backup systems for a limited time after deletion from active systems.
  • Published Content: Content published to external platforms (blogs, social media, CMS) may persist on those platforms independent of our retention policies.

8. Children's Privacy

Age Restrictions

Our Services are strictly intended for users who are 18 years of age or older. We do not knowingly collect or maintain personal information from individuals under 18 years of age. If you are under 18, you are prohibited from using our Services or providing any personal information to us.

Discovery and Response

If we discover that we have inadvertently collected information from a person under 18, we will take immediate action:

  • We will promptly delete all personal information associated with the underage user from our active systems.
  • Any associated accounts will be terminated immediately.
  • We will notify relevant parties as required by applicable laws and regulations.
  • We will review and adjust our age verification processes to prevent future collection of underage user data.

9. International Users

Cross-Border Data Processing

Our Services operate primarily from the United States but serve users globally. By using our Services, you acknowledge and consent to the transfer and processing of your information across international borders. Specifically:

  • Your information will be transferred to and processed in the United States, where our primary servers are located.
  • Your information may be processed by staff and service providers operating in other countries where our partners and service providers are located.
  • AI visibility scans may involve queries to AI platforms operated in various countries.

International Transfer Mechanisms

When we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries that have not received an adequacy decision from the European Commission, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers and data processors to ensure adequate protection for transferred data.
  • Data Processing Agreements: We maintain data processing agreements with third-party providers that include GDPR-compliant obligations regarding data security, breach notification, and sub-processor management.
  • Supplementary Measures: Where required, we implement additional technical and organizational measures (such as encryption in transit and at rest) to supplement the protections provided by SCCs.

You may request a copy of the safeguards we have in place by contacting us at legal@pendium.ai.

International Data Protection

Different countries may have different data protection standards. While we strive to protect your information consistently across all jurisdictions:

  • We comply with applicable data protection laws in the jurisdictions where we operate, including the GDPR for EEA/UK users.
  • We implement appropriate safeguards when transferring data internationally as described above.
  • We cannot guarantee that other countries will provide the same level of data protection as your home country.
  • Users from certain jurisdictions may have additional rights and protections under local law.

10. Changes to Policy

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, and other factors. When we make changes, we will:

  • Post the updated Privacy Policy on our website and within our applications, indicating the ’Last Updated’ date at the top.
  • Send notifications of material changes directly to the email address associated with your account.
  • Display prominent notices within our applications and website before significant changes take effect.

For substantial changes to how we collect, use, or share personal information, we will seek to provide advance notice when practical.

Acceptance of Changes

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you disagree with any changes, you must discontinue using our Services. We encourage you to review the Privacy Policy regularly to stay informed about our privacy practices.

11. Data Controller

For the purposes of the GDPR and applicable data protection laws, the data controller responsible for your personal data is:

Pendium.ai (operated by Manifest Holdings LLC)
9450 SW Gemini Dr
Beaverton, OR 97008
United States

Pendium.ai acts as a data controller when we determine the purposes and means of processing your personal data (e.g., account management, analytics, billing). We act as a data processor when we process data on your behalf at your instruction (e.g., generating content based on your brand information, publishing to your connected platforms).

12. Contact Information

General Inquiries

For questions about this Privacy Policy or our privacy practices, please contact us at:

Pendium.ai
9450 SW Gemini Dr
Beaverton, OR 97008
Email: legal@pendium.ai
Phone: (503) 336-9947

Data Protection Officer

For GDPR-related inquiries, to exercise your data subject rights, or to raise concerns about our data processing practices:

Email: legal@pendium.ai
Subject line: “Data Protection Inquiry”
Response Time: We aim to respond within 30 days as required by the GDPR.

California Privacy Rights

California residents exercising their privacy rights under the CCPA can reach our dedicated privacy team at:

Email: legal@pendium.ai
Phone: (503) 336-9947

Security Issues

To report security vulnerabilities or data breaches:

Email: legal@pendium.ai
Phone: (503) 336-9947

We take all privacy inquiries seriously and will respond to your request as quickly as possible, in accordance with applicable laws and regulations.

Last modified: April 12, 2026