Privacy Policy

Pendra AI Ltd is a company incorporated in Wales that provides managed AI inference — chat, embeddings, image generation, and audio transcription — for open-weight models on sovereign UK infrastructure. We are the data controller for personal data collected through our website and dashboard, and act as a data processor for inference data submitted via our API.

For any privacy-related enquiries, contact us at privacy@pendra.ai.

Account Data

When you create an account, we collect your email address and organisation name. This data is stored in our UK-hosted database and used solely for authentication and account management.

Usage Metadata

We log operational metadata for each API request: timestamp, model ID, token counts, latency, and HTTP status code. This data contains no prompt or completion content and is used for billing, capacity planning, and system health monitoring.

Inference Data

We do not store, log, cache, or inspect the content of your prompts or model completions. Inference data exists only in memory for the duration of the request and is purged immediately upon completion. We operate a strict zero-retention policy for all inference content.

Website Analytics

We use Recorde, a privacy-first web analytics service designed to comply with the UK Digital Use and Accountability Act (DUAA) and the EU General Data Protection Regulation (GDPR) without requiring cookie consent banners.

We use the data we collect to:

• Provide and maintain the Pendra service
• Authenticate your access to the dashboard and API
• Calculate usage for billing purposes
• Monitor system performance and reliability
• Respond to support requests and security incidents

We never use customer data for model training, fine-tuning, evaluation, or any purpose beyond fulfilling the immediate service.

We process personal data under the following lawful bases (UK GDPR Article 6):

• Contract: Processing your account and usage data is necessary to provide the service you have contracted
• Legitimate interest: System monitoring, security, and fraud prevention
• Legal obligation: Retaining billing records as required by UK tax law

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only in the following circumstances:

• UK infrastructure providers: Our UK-based hosting providers process data on our behalf under data processing agreements
• Payment processing (Stripe): Billing and payment data for the Pro plan is processed by Stripe Payments Europe Ltd. Stripe's sub-processors include entities outside the UK, including the United States, with transfers governed by the UK International Data Transfer Addendum and Stripe's standard contractual clauses
• Federated sign-in (optional): If you choose to sign in with Google, authentication metadata (name, email, profile identifier) is exchanged with Google. This is optional and only occurs if you select Google sign-in
• Legal requirement: Where required by UK law or a valid court order from a court of England and Wales

Customer inference data — prompts, completions, embeddings, image and audio inputs, and the operational metadata logged for each request — is processed and stored exclusively within the United Kingdom and is never transferred internationally. The transfers above relate only to billing data (Stripe) and, optionally, federated sign-in metadata (Google).

• Inference data: Zero retention. Held in worker process memory only for the duration of a single request, then released
• Account data: Retained for the lifetime of your account and deleted within 30 days of account closure, subject to legal retention requirements
• Usage metadata (per-request token counts, latency, model ID): Retained for the lifetime of your account to support billing, capacity planning, and abuse prevention. May be anonymised or aggregated thereafter
• Billing records: Retained for 6 years as required by HMRC

Under UK GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Correct any inaccurate personal data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interest
• Complaint: Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, contact privacy@pendra.ai. We will respond within 30 days.

The Pendra marketing website and dashboard do not set any cookies. Our analytics provider (Recorde) is fully cookieless and does not use local storage, fingerprinting, or tracking identifiers.

The Pendra dashboard stores a short-lived authentication token in your browser's local storage so you stay signed in between page loads. This token is strictly necessary to provide the service you have requested and is removed when you sign out. No identifiers are placed in cookies and no cross-site tracking takes place.

We may update this policy from time to time. Material changes will be communicated via email to registered account holders. The effective date at the top of this page will always reflect the latest version.