Home Privacy Policy
Privacy & Data Protection

Privacy Policy

Last Updated: March 24, 2026

Panelo Pty Ltd ("Company", "we", "us", "our") operates the Panelo.ai platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, phone number, company name, job title, and role when you register or update your profile.
  • Company Information: Business name, address, industry details, and team member information provided during company setup.
  • User Content: Engineering drawings, documents, images, annotations, production data, delivery records, and other files you upload to the Service.
  • Communications: Messages, consultation requests, feedback, and support inquiries you send to us or through the Service.
  • Payment Information: Billing details processed through our third-party payment provider. We do not store full credit card numbers on our servers.

1.2 Information Collected Automatically

  • Usage Data: Features accessed, actions performed, pages visited, timestamps, and session duration.
  • Device Information: Browser type, operating system, device identifiers, and screen resolution.
  • Log Data: IP addresses, server logs, error reports, and performance metrics.
  • Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and analyze usage patterns.

1.3 Information from Third Parties

  • Team Invitations: When you are invited to join a company on the Service, the inviting user provides your email address.
  • QR Scan Data: When QR codes on physical panels are scanned and sent via email, we receive the sender's email address and scan metadata through our email processing pipeline.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Operation

  • Creating and managing your account.
  • Processing and delivering engineering drawings and reports.
  • Facilitating consultations between project teams and engineers.
  • Managing production planning, quality assurance, and delivery workflows.
  • Processing QR code scans and scan-to-email functionality.

2.2 Communications

We send the following types of transactional emails:

  • Account Security: Registration confirmations, email verification codes, two-factor authentication (2FA) codes, magic link login access, and password reset emails.
  • Workflow Notifications: Consultation requests, new consultation assignments, status updates, consultation completion notifications, and project activity alerts.
  • Document Delivery: AI-generated PDF reports, engineering report deliveries, and scan-to-email results.
  • Administrative Notices: Subscription confirmations, billing receipts, usage alerts, team invitations, and service updates.

All emails are transactional in nature and are sent only to registered users or invited team members in connection with their use of the Service. We do not send unsolicited marketing emails to purchased or third-party email lists.

2.3 AI Processing

  • Generating AI-assisted engineering reports, annotations, and suggestions.
  • Processing drawings through our AI consultation pipeline.
  • Improving the accuracy and quality of AI features through aggregated, anonymized usage patterns.

2.4 Service Improvement

  • Analyzing usage patterns to improve features and user experience.
  • Monitoring performance, diagnosing technical issues, and maintaining security.
  • Developing new features based on aggregated usage insights.

3. Email Contact Sources

Our email recipients are sourced exclusively from:

  • Direct Registration: Users who create accounts on the Service at panelo.ai.
  • Team Invitations: Users invited by existing account holders within their company.
  • Consultation Workflows: Engineers and project team members added through the platform's consultation features.
  • QR Scan Pipeline: Email addresses captured when users scan QR codes on physical panels and send images to our processing email address.

We do not purchase, rent, or acquire email lists from third parties. We do not send marketing emails to contacts who have not directly registered for or been invited to the Service.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

4.1 Within Your Company

  • Other members of your company on the platform can access shared project data, drawings, and reports according to their assigned roles and permissions.

4.2 Service Providers

We use trusted third-party service providers to operate the Service, including:

  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting, storage (S3), and archival (Glacier).
  • Email Delivery: Transactional email delivery services for sending account and workflow notifications.
  • Payment Processing: Third-party payment processors for subscription billing.
  • AI Processing: AI model providers for generating engineering reports and analysis.

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Panelo, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Two-factor authentication (2FA) support for account access.
  • Role-based access controls limiting data access to authorized users.
  • Regular security assessments and monitoring.
  • Secure archival of historical data using AWS Glacier.

While we take reasonable measures to protect your data, no method of transmission or storage is completely secure.

6. Data Retention

  • Active Accounts: We retain your data for as long as your account is active and as needed to provide the Service.
  • Terminated Accounts: Upon account termination, data is retained for 30 days to allow for export, after which it may be permanently deleted.
  • Archival: Historical drawing versions and production records may be archived for compliance and reference purposes in accordance with industry requirements.
  • Legal Obligations: We may retain certain information as required by law or for legitimate business purposes (e.g., billing records, audit trails).

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to certain processing of your personal information.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies for:

  • Essential Cookies: Session management, authentication, and security (required for the Service to function).
  • Preference Cookies: Remembering your settings and preferences.
  • Analytics Cookies: Understanding how the Service is used to improve it.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. The "Last Updated" date at the top reflects the most recent revision.

12. Contact

If you have questions or concerns about this Privacy Policy, please contact us at:

Email: [email protected]