Legal

Pane Privacy Policy

Last updated: June 12, 2026

This policy covers the hosted Pane service operated at relay.paneui.com and paneui.com ("Pane", "we", "us"). Pane is open-source software you can also self-host. If you self-host Pane, you are the data controller for your instance and this policy does not apply to it.

What we collect

  • Account data: your email address (required to sign in), and optionally a display name and phone number if you provide them. We record login timestamps.
  • Content you create: the panes (interactive web UIs) your agent builds, the structured events people submit through them, records (mutable collections such as lists and boards), and files uploaded as attachments.
  • Authentication data: short-lived magic-link login tokens and API and OAuth tokens. These are stored hashed or encrypted, never in plaintext.
  • Technical data: standard request logs and operational metrics (timestamps, IP address, error traces) used to run and secure the service.

How we use your data

  • To provide the service: authenticate you, create and serve your panes, deliver events back to your agent, and store your records and attachments.
  • To send magic-link login emails.
  • To operate, secure, debug, and improve the service, including rate limiting and abuse prevention.

We do not sell your data, use it for advertising, or use your content to train AI models.

Third-party services

We host on Microsoft Azure and use:

  • Azure Container Apps for hosting and storage.
  • Azure Communication Services to send magic-link login emails (your email address is processed to deliver the message).
  • Azure Application Insights for operational telemetry (request metrics, error traces, and logs).

We share data with these infrastructure providers only as needed to run the service, under their data-protection terms. We do not share your data with any other third parties.

When you connect Pane to an AI client such as Claude, that client sends tool requests to Pane on your behalf using an OAuth token you authorized. The client provider's own privacy policy governs the client side of that connection.

Data retention

  • Active accounts and their content are retained while your account is active.
  • When an account is deleted, its data is soft-deleted and then permanently erased after a retention window (30 days by default for free accounts).
  • Panes expire automatically at their time-to-live. Expired login links and tokens are purged automatically.

Your choices

  • You can disconnect the connector at any time, which revokes its access immediately. Your other credentials are unaffected.
  • You can request access to or deletion of your data by contacting us (see Contact).
  • You can self-host Pane to keep all data under your own control.

Security

Credentials are stored hashed or encrypted at rest. Access tokens are scoped to your own account and are revocable. All traffic is served over HTTPS.

Changes to this policy

We may update this policy. Material changes will be reflected by the "Last updated" date at the top of this page.

Contact

For privacy questions, data access requests, or deletion requests, contact .