Privacy Policy

Effective Date: May 18, 2026

This Privacy Policy describes how Pangeo LLC, doing business as Pangeo AI and as Yarid Asher ("Pangeo AI," "we," "us," or "our"), collects, uses, shares, and protects information when you use Theo (the "App"), a Christian AI assistant available on iOS, Android, and the web. By creating an account or using the App, you confirm that you have read this Policy and that you are at least 16 years old.

1. Who We Are

Pangeo LLC is a United States limited liability company operating under the assumed names "Pangeo AI" and "Yarid Asher." We are the data controller for personal information processed in connection with the App. You can contact us at any time at hello@pangeo.ai with questions, requests, or complaints about this Policy.

2. Information We Collect

Information you provide directly

Account information. Your email address and a password, used to authenticate you. Authentication is handled on our behalf by Supabase; we do not store your password in plaintext.
Profile information. An optional display name and an optional faith tradition (for example, "Catholic," "Protestant," "Orthodox," or "non-denominational"). The faith-tradition field is used to personalize Theo's responses and is treated as sensitive personal information (see Section 5).
Conversations. The messages you send to Theo and the responses Theo produces, together with timestamps and a short auto-generated title for each conversation. Conversations are stored so you can return to them; they are visible only to your account.
Notes. The titles, body text, labels, and pinned status of any notes you create. For each note, we also store a numerical "embedding" — a list of numbers that represents the note's meaning — so that Theo can find related notes when you ask. To compute the embedding, the body of the note is sent to our embedding sub-processor (see Section 4).
Support communications. If you contact us through the App's "Report a Bug / Contact" form, we collect the message you write, your email address, the category you choose, and basic technical context (such as your app and operating-system version) so that we can respond to you and fix the problem.

Information generated by your use of the App

Usage counters. A running count of the messages you have sent, used to enforce per-account message limits. Depending on your plan, this is either a recurring per-period count or a cumulative total.
Subscription information. If you purchase Theo AI Pro, we receive your subscription status and the App Store transaction and product identifiers associated with the purchase (not your payment-card details), so we can unlock paid features and keep your entitlement in sync across your devices. This is processed for us by RevenueCat (see Section 4).
Product analytics and diagnostics. A limited set of pseudonymous product-analytics events (for example, that a message was sent, that a limit was reached, or that the upgrade screen was shown), basic app and device metadata (including a device identifier), and error and crash reports (including native iOS and Android crashes), so we can understand how the App is used and fix problems. This is processed for us by PostHog (see Section 4). We do not record or replay your screen, and these analytics do not include the content of your conversations or notes.
Server logs. When the App's server-side functions encounter an error, we log a short error record that may include your account identifier, the time of the request, and a brief technical description of the failure. These logs are retained on our hosting provider for a limited period (see Section 8) and are used only to diagnose and fix problems.

What we do not collect

We use a single privacy-respecting product-analytics and error-diagnostics provider (PostHog — see Section 4). We do not use any advertising SDK or cross-app behavioral-tracking tool, and we do not record or replay your screen or session. We do not collect your precise or coarse location, your contacts, your photos, your microphone audio, your device's advertising identifier, your browsing history outside the App, or your payment-card details. We do not sell, rent, or trade your personal information. If we materially change the analytics we collect, we will update this Policy and our App Store privacy disclosures accordingly.

3. How We Use Your Information

We use the information we collect for the following purposes:

To provide and personalize the App. Sending your messages to AI providers to generate responses; embedding and searching your notes; remembering your conversations; tailoring Theo's tone and references using your faith tradition.
To enforce limits and prevent abuse. Counting messages against your plan's message limit; rate-limiting sign-ups and other security-sensitive actions.
To provide paid features. Verifying and synchronizing your Theo AI Pro subscription status so that paid features are available on your devices.
To understand and improve the App. Using pseudonymous, privacy-respecting product analytics and error diagnostics — with no screen or session recording, and excluding the content of your conversations and notes — to see how features are used and to fix problems.
To maintain and improve the service. Diagnosing errors, monitoring availability, and protecting the App and its users from misuse.
To communicate with you. Sending password-reset emails, responding to the bug reports and support messages you send us, important security or service notices, and (only if you have separately opted in) other product communications.
To comply with law. Responding to lawful requests by public authorities, enforcing our Terms, and exercising or defending legal claims.

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for this processing are: performance of our contract with you (providing the App you signed up for); your explicit consent (for sensitive information — see Section 5); our legitimate interests (security, fraud prevention, and limited operational analytics); and compliance with legal obligations.

4. AI Sub-Processors and Independent Use

Theo relies on a small number of third-party infrastructure providers to operate. All artificial-intelligence functionality — generating chat responses, computing embeddings for your notes, and performing the web searches Theo issues when your question requires up-to-date information — is routed through a single AI gateway operated by Vercel, our hosting provider. The AI gateway, in turn, dispatches each request to one of a rotating set of underlying language, embedding, and search models. We may change which underlying models the gateway uses at any time, including models operated by providers located outside the United States. All such models are accessed exclusively under the AI gateway's zero-retention terms: the relevant content is forwarded to the underlying model only for the duration needed to generate a response, and the underlying model provider does not retain that content afterwards.

The current sub-processors and the data each one receives are:

Provider	What it does	What it receives	Privacy reference
Vercel, Inc. (United States)	Hosts the App's web and server functions, and operates the AI Gateway through which all chat, embedding, and search model calls are routed under zero-retention terms.	All requests to the App's server, including your messages, recent conversation history, note content (for embedding), the search queries the assistant chooses to issue, and account identifiers.	vercel.com/legal/privacy-policy · vercel.com/docs/ai-gateway
Supabase, Inc. (United States)	Provides our database and authentication infrastructure.	Your account credentials, profile, conversations, notes, embeddings, usage counters, and any support messages you send us.	supabase.com/privacy
RevenueCat, Inc. (United States)	Manages and validates in-app subscriptions and entitlements (Theo AI Pro).	Your account identifier and the App Store transaction, product, and subscription-status information for your purchase. It does not receive your conversations, notes, or payment-card details.	revenuecat.com/privacy
PostHog, Inc. (United States)	Provides privacy-respecting product analytics and error and crash diagnostics. Hosted in the United States; session and screen recording is disabled.	Pseudonymous product-analytics events, your account identifier, a device identifier, basic app and device metadata, and error and crash reports (including native iOS and Android crashes). It does not receive the content of your conversations or notes, and no screen or session recordings are captured.	posthog.com/privacy

We choose providers we believe to be reputable and we configure them, where their terms allow, not to use your content to train their public models. However, once content is transmitted to a sub-processor (or, via the AI gateway, to an underlying model provider), that party's handling of the content is governed by its own terms of service and privacy policy. We do not control, and we are not responsible for, any party's internal storage, processing, security, retention, or independent use of data on its systems, including any access by its staff, contractors, or government authorities to whose laws it is subject. We are not liable for any sub-processor's or model provider's acts or omissions except to the extent required by applicable law. We will update this Policy when we add, remove, or replace a sub-processor.

5. Sensitive Personal Information

We collect information that reveals your religious or philosophical beliefs. This includes the optional faith-tradition field in your profile and, by the nature of the App, the topics you discuss with Theo. Under California law (CCPA/CPRA) and the EU GDPR, this is "sensitive personal information" or a "special category of personal data."

We collect and use this information only to provide and personalize the App as described in Section 3.
We do not use it to infer characteristics about you for advertising purposes.
We do not sell or share this information for cross-context behavioral advertising.
You can review and delete your faith-tradition field at any time in the App's profile settings, and you can permanently delete your conversations, notes, and account at any time as described in Section 9.

By creating an account and choosing to use Theo, you provide your explicit consent (where such consent is the applicable legal basis) for us to process this information for those purposes. You may withdraw consent at any time by deleting your account; withdrawal does not affect the lawfulness of processing performed before withdrawal.

6. How We Share Information

We share personal information only as follows:

With sub-processors, as listed in Section 4, to operate the App on our behalf.
To comply with law or respond to lawful requests from public authorities, including for national-security or law-enforcement purposes, where we are legally required to do so.
To protect rights and safety — ours, yours, or someone else's — including investigating and responding to abuse, fraud, or violations of our Terms.
In a corporate transaction. If Pangeo LLC is involved in a merger, acquisition, financing, reorganization, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will require any successor to honor the commitments we have made in this Policy or notify you of material changes.

We do not sell your personal information for monetary or other valuable consideration, and we do not share it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act as amended by the California Privacy Rights Act. We have not done so in the preceding 12 months and have no intention of doing so.

7. International Data Transfers

Pangeo LLC is based in the United States. The App's hosting and database are operated from United-States-based infrastructure. All AI model calls are routed through the Vercel AI Gateway, which may dispatch a given request to an underlying model operated outside the United States, including in jurisdictions such as the People's Republic of China. Regardless of where the underlying model is operated, the gateway forwards content under zero-retention terms — content is processed only for the duration needed to generate a response and is not retained by the underlying model provider afterwards.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, please be aware that your personal information will be transferred to and processed in the United States, and may transit through other jurisdictions while a model response is generated. Some of these jurisdictions have not been deemed by your home regulator to provide an "adequate" level of data protection. Where required, we rely on appropriate transfer safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or analogous mechanisms required by applicable law. By using Theo, you acknowledge these transfers.

If you are not comfortable with these transfers, please do not create an account.

8. Storage, Security, and Retention

Your account, profile, conversations, notes, and embeddings are stored in a managed PostgreSQL database operated by Supabase, with encryption at rest. All traffic between the App and our servers, and between our servers and our sub-processors, uses HTTPS/TLS encryption in transit. Database access is constrained by Postgres Row-Level Security policies so that one user cannot read another user's rows.

No system is perfectly secure. We work to protect your information using reasonable administrative, technical, and physical safeguards, but we cannot and do not guarantee absolute security.

We retain your account-level data (profile, conversations, notes, embeddings, usage counters, subscription records, support messages, and product-analytics events) for as long as your account is active. When you delete your account from within the App, we delete this data from our active database. Backups maintained by our database provider for operational continuity are overwritten on the provider's normal rotation schedule, typically within 30 days. Server logs are retained by our hosting provider for a limited period (typically up to 30 days) and are then automatically deleted. Sub-processors retain the content they receive in accordance with their own retention policies, which we do not control.

9. Your Rights

Subject to applicable law, you have the right to:

Access the personal information we hold about you and obtain a copy.
Correct inaccurate or incomplete information (you can edit your profile and notes directly in the App).
Delete your account and the data associated with it. You can do this yourself in the App's Settings → Data screen.
Limit our use of sensitive personal information to purposes necessary to provide the service.
Withdraw consent for processing that we carry out on the basis of your consent.
Object to or restrict certain processing activities, where applicable law gives you that right.
Receive a portable copy of the information you provided to us, in a machine-readable format.
Lodge a complaint with the data-protection authority of your country of residence (for residents of the EEA, UK, Switzerland, or other jurisdictions with such authorities).

To exercise any right that is not directly available in the App, email us at hello@pangeo.ai from the email address associated with your account, or — if that is not possible — provide us with enough information to verify your identity. We will respond within the time period required by applicable law (typically 30 to 45 days). We will not discriminate against you for exercising your rights.

If you are a California resident, you may also designate an authorized agent to make a request on your behalf, subject to verification of the agent's authority.

10. Children

Theo is not directed to, and not intended for, anyone under the age of 16. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected personal information from a person under 16, we will delete the account and the associated data. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at hello@pangeo.ai and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App, our sub-processors, or applicable law. When we make material changes, we will post the updated Policy at this URL with a new Effective Date and, for changes that meaningfully affect how we handle your information, we will notify you in the App or by email before the changes take effect. Your continued use of Theo after the Effective Date constitutes acceptance of the updated Policy.

12. Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our handling of your personal information, please contact us at:

Pangeo LLC (d/b/a Pangeo AI; d/b/a Yarid Asher)
Email: hello@pangeo.ai
Web: pangeo.ai