Overview
Panderose ("we," "us," "our") operates RemMe and panderose.com. This policy describes what personal data we collect, how we use it, and your rights over it.
The short version: We collect only what we need to run RemMe. We never sell your data. We never train AI models on your content. Your data is yours.
What we collect
Account data
When you create a RemMe account: your email address, a hashed password (we never store the plaintext), and an account creation timestamp.
Content you add
Notes, captures, and any text you manually add to RemMe. This is stored on Panderose's own servers in Prescott, AZ.
Integration data
When you connect Canvas or Outlook, we retrieve and store the data you authorise: Canvas course content, assignments, and announcements; Outlook calendar events. This data is stored on our servers.
Usage data
Standard server logs: IP addresses, pages visited, feature usage, error reports. We use this to operate and improve the service. Log data is retained for 90 days.
What we do not collect
- We do not sell your data to any third party.
- We do not use your content to train AI models.
- We do not build advertising profiles.
How we use it
- To operate RemMe: building and searching your personal memory, powering chat responses, syncing integrations.
- To improve the service: aggregated, anonymised usage patterns only. Never individual content.
- To communicate with you: service notices, security alerts, product updates (opt-out available).
- To comply with law: where required by applicable law or valid legal process.
Third-party integrations
When you connect Canvas or Microsoft Outlook, authorization tokens are stored securely on Panderose servers and used only to sync your authorised data. We request only the minimum permissions necessary. You can revoke access at any time from RemMe settings or directly from Canvas or Microsoft.
Chat queries are processed via Groq (see sub-processors below). Only your query and relevant excerpts from your data are sent, not your entire account.
Sub-processors
All data storage, search, and AI processing (other than chat responses) is handled in-house on Panderose's own servers in Prescott, AZ. The only third-party processor we use is:
| Name | Purpose | Location |
|---|---|---|
| Groq | AI chat responses | United States |
Your rights
You may request access to, correction of, or deletion of your personal data at any time. To exercise these rights, email [email protected]. We will respond within 30 days.
If you are in the EU or UK, you have additional rights under GDPR/UK GDPR including the right to data portability and to lodge a complaint with your supervisory authority.
Data retention
We retain your account and data as long as your account is active. If you delete your account, we delete your data within 30 days, except where retention is required by law. Server logs are retained for 90 days.
Security
We implement commercially reasonable technical, administrative, and organizational measures designed to protect your data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. No internet transmission is ever fully secure, so you should take care in what information you share. See our Security page for details.
Children
RemMe is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us and we will delete it promptly.
For Canvas deployments involving students under 13, the institution is responsible for parental consent under COPPA and FERPA.
Changes to this policy
We may update this policy. Material changes will be communicated by email or a notice on remme.panderose.com at least 14 days before taking effect. Continued use after notice constitutes acceptance.
Contact
Questions about this policy: [email protected]
Panderose, Prescott, AZ, USA.