Last updated: April 15, 2026

Pando AI, Inc. ("Pando," "we," "our") operates Aspen, an AI-powered people development platform integrated with Slack and Microsoft Teams. This Privacy Policy explains what data we collect, how we use it, and how we protect it.

Account and profile information When your organization installs Aspen, we receive basic profile information from your workspace provider: your name, email address, profile picture, and workspace membership. We also store your role (employee or manager) and org hierarchy as configured by your administrator.

Conversations with Aspen Messages you send to Aspen and Aspen responses are stored to maintain conversation context and provide continuity. This may include feedback, achievements, coaching discussions, pulse check-in responses, and manager notes.

Feedback and performance data Content from feedback you give or receive, achievements you log, pulse check-ins you complete, and manager notes you create is stored and associated with your account. Visibility is controlled by the sender — feedback can be private, visible to the recipient manager, or visible to the team.

Workspace integration data We store OAuth credentials for your Slack or Microsoft Teams workspace to maintain the integration. These credentials are encrypted using AES-256-GCM.

Usage and analytics data We collect anonymized usage analytics to improve the product, including feature usage patterns and session information.

We do not sell your personal data. We do not use your data to train AI models.

We use the following third-party sub-processors to operate Aspen. All providers are bound by data processing agreements and evaluated for security and privacy practices.

OpenAI — AI language model for coaching, feedback, and conversation. Data processed: message content, employee names, feedback text. Conversation content is processed but not stored by OpenAI for training, per our data processing agreement.

Railway — Application and database hosting. Data processed: all customer data.

Langfuse — LLM observability and prompt management. Data processed: LLM inputs and outputs, conversation traces.

PostHog — Product analytics and feature flags. Data processed: usage events, anonymized user identifiers.

Clerk — Authentication and identity management. Data processed: user email, name, login credentials.

Resend — Transactional email delivery. Data processed: email addresses, invitation content.

Stripe — Billing and payment processing. Data processed: billing contact info, payment details.

Slack — Workplace messaging platform integration. Data processed: messages, user profiles, channel info.

Microsoft Teams — Workplace messaging platform integration. Data processed: messages, user profiles, channel info.

All sub-processors are located in the United States. For the most current list, see our Sub-processors page.

We retain your data for as long as your organization maintains an active Aspen subscription. Conversation history, feedback, and performance data are retained to provide continuity across review cycles.

Upon account or organization deletion, data is soft-deleted and excluded from all product functionality. To request permanent deletion, contact us at privacy@pando.com.

You have the right to:

To exercise any of these rights, contact privacy@pando.com.

Conversations with Aspen are private to the individual user unless they explicitly share content (e.g., sending feedback to a colleague). Manager notes are visible only to the authoring manager. Escalation requests flagged for HR are handled confidentially.

We may update this Privacy Policy from time to time. We will notify affected users via Slack or email when material changes are made.

Pando AI, Inc. Email: privacy@pando.com

For questions, contact support@pando.com or use the in-app chat.