Privacy Policy

Last updated: March 9, 2026

Ready to try Panvoxx?

3 days free · 10 AI models · No credit card · GDPR compliant

1. Data Controller

The data controller for Panvoxx is:

ElipTor AB
Främmestad Torget 202
465 98 Nossebro, Sweden
Email: [email protected]

2. What Personal Data We Collect

Category	Data	Purpose
Account data	Name, email, password (encrypted)	Create and manage your account
Chat data	Messages sent to AI models, AI responses	Provide the AI chat service
Payment data	Email, subscription plan, payment status	Process payments via our payment provider
Usage data	Token consumption, model usage, timestamps	Manage token balance, prevent abuse
Technical data	IP address, browser type, device info	Security, performance, troubleshooting

Note: We never see or store your credit card number, CVC, or bank details. All payment processing is handled directly by our payment provider.

3. Legal Basis for Processing (GDPR Art. 6)

Processing activity	Legal basis
Providing the service (account, chat, tokens)	Performance of contract (Art. 6.1b)
Processing payments	Performance of contract (Art. 6.1b)
Security monitoring, fraud prevention	Legitimate interest (Art. 6.1f)
Non-essential cookies (if any)	Consent (Art. 6.1a)
Legal obligations (tax, law enforcement)	Legal obligation (Art. 6.1c)

4. Third-Party Providers

To provide the service, your data is shared with the following providers:

Provider	Data shared	Purpose	Location
AI service providers (USA)	Chat messages	AI model processing	USA
Payment processor (USA)	Email, payment info	Payment processing	USA/EU
Hosting provider (EU)	All server data	Server hosting	Finland (EU)
CDN/Security provider (USA)	IP address, request metadata	CDN, DNS, DDoS protection, performance optimization	USA / Global edge network

Important: When you send a message in Panvoxx, the content of your message is transmitted to a third-party AI service provider for processing. These providers process your data under data processing agreements and are contractually prohibited from using your data to train their models.

5. International Data Transfers

Some of our service providers are based in the United States. These transfers are protected by:

The EU-US Data Privacy Framework (where applicable)
Standard Contractual Clauses (SCCs) approved by the European Commission

6. Data Retention

Data type	Retention period
Account data	Until account deletion + 30 days
Chat history	Until account deletion + 30 days
Payment records	7 years (Swedish accounting law)
Technical logs	90 days

7. Your Rights

Under GDPR, you have the following rights:

Right of access — request a copy of all data we hold about you
Right to rectification — correct inaccurate personal data
Right to erasure — request deletion of your data (“right to be forgotten”)
Right to data portability — receive your data in a machine-readable format
Right to restrict processing — limit how we use your data
Right to object — object to processing based on legitimate interest
Right to withdraw consent — where processing is based on consent

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

8. Cookies

Panvoxx uses only strictly necessary cookies for authentication and session management. These cookies are required for the service to function and do not require consent.

We do not use tracking, analytics, or advertising cookies. For full details, see our Cookie Policy.

9. AI Transparency

Panvoxx is an AI-powered service. When you use Panvoxx, you are interacting with artificial intelligence systems, not humans. The AI models are provided by third-party AI service providers. The specific models available depend on your subscription plan.

AI-generated responses may contain errors, inaccuracies, or biases. AI output should not be used as professional advice (legal, medical, financial, etc.) without independent verification.

10. Children

Panvoxx is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS/HTTPS), encrypted password storage, access controls, and server hosting within the EU.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will notify the Swedish Authority for Privacy Protection (IMY) within 72 hours and inform affected users without undue delay.

13. Changes to This Policy

We may update this policy. Significant changes will be communicated via email or a notice on the platform at least 14 days before taking effect.

14. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
www.imy.se

15. Contact

For privacy-related questions:
[email protected]
ElipTor AB, Främmestad Torget 202, 465 98 Nossebro, Sweden