Back to PandronLegal

Pandron · Pandron Group Ltd

Privacy Policy

Effective date: 29 April 2026 · Last updated: 29 April 2026

This Privacy Policy describes how Pandron Group Ltd (“Pandron”, “we”, “us”, or “our”) collects, uses, discloses, and otherwise processes personal data in connection with the Pandron mobile application (“App”), the website at pandron.app (“Site”), and any related services (collectively, the “Services”). By using the Services you acknowledge that you have read and understood this Privacy Policy.

1. Who we are

Pandron Group Ltd is a private limited company incorporated in England and Wales. We are the data controller for personal data processed in connection with the Services. For all privacy enquiries please contact us at [email protected].

2. Information we collect

We aim to collect as little personal data as possible while still operating the Services effectively. The categories below describe what we collect and when.

2.1 Information you provide

  • Account identifiers. When you sign in using Apple ID or Google, we receive the identifier provided by that platform together with the email address you authorise the platform to share. We do not receive your platform password.
  • Subscription and purchase information. Premium subscriptions are processed by Apple App Store or Google Play. We receive a transaction identifier and subscription status from our subscription processor (RevenueCat). We do not receive your full payment-card details.
  • Support communications. If you contact us by email or via in-App support, we receive the contents of your message and any information you choose to include.

2.2 Information generated by your use of the App

  • Sleep logs, journal entries, streak data, and preferences. These are stored locally on your device (using your device’s secure storage) and are not transmitted to Pandron servers in the ordinary course of using the App.
  • Diagnostic and crash data. Where you have permitted it through your device settings, Apple and Google may share aggregated diagnostic information with us to help us identify and fix faults. This data is processed under each platform’s own policies.

2.3 Information collected automatically on the Site

  • Server logs. Like most websites, our hosting provider records standard server logs including approximate IP-derived location, browser user-agent, and request paths, retained for security and operational purposes.
  • Privacy-respecting analytics. Where analytics are enabled, we use a provider configured to operate without third-party cookies and without persistent cross-site tracking identifiers.

3. How we use information

We use personal data to:

  • provide, maintain, and improve the Services;
  • verify the status of subscriptions and entitlements;
  • respond to support requests and other communications;
  • detect and prevent fraud, abuse, or violations of our Terms;
  • comply with legal obligations and enforce our agreements; and
  • communicate with you about updates, security notices, and material changes.

We do not sell personal data. We do not engage in cross-context behavioural advertising. We do not run third-party advertising in the App.

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to provide the Services you have requested, including verifying subscriptions and providing premium features.
  • Legitimate interests — to operate, secure, and improve the Services, to prevent fraud and abuse, and to communicate operational updates. We balance these interests against your rights and freedoms.
  • Consent — for any processing that requires consent, including (where applicable) optional analytics or marketing communications. You may withdraw consent at any time.
  • Compliance with legal obligations — to respond to lawful requests and comply with applicable laws.

5. How we share information

We share personal data only where necessary to operate the Services, and only with the following categories of recipients:

  • App distribution and payments. Apple Inc. and Google LLC distribute the App and process subscription payments under their own terms and privacy policies.
  • Subscription management. RevenueCat, Inc. processes subscription status on our behalf as a data processor under a written agreement.
  • Hosting and infrastructure. Reputable cloud hosting and content-delivery providers operate the Site and supporting back-end systems on our behalf.
  • Professional advisors. Lawyers, accountants, auditors, and similar advisors, in each case bound by duties of confidentiality.
  • Authorities. Law-enforcement, regulators, or other authorities where we are legally required to do so or where disclosure is reasonably necessary to protect rights, property, or safety.
  • Corporate transactions. In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

6. International data transfers

Some of our service providers are based outside the United Kingdom and the European Economic Area. Where personal data is transferred to such jurisdictions, we rely on appropriate safeguards including the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, and equivalent mechanisms recognised by the UK Information Commissioner’s Office.

7. Data retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for legal, accounting, and reporting requirements. Sleep logs, journals, and similar in-App content remain on your device until you delete them or uninstall the App. Subscription records are retained for the period required by tax and accounting laws.

8. Your rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request erasure of your data;
  • request restriction of processing in certain circumstances;
  • request data portability of data you have provided;
  • object to processing based on legitimate interests; and
  • withdraw consent where processing is based on consent.

To exercise any of these rights, contact [email protected]. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your local supervisory authority.

California residents. If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to know what personal information we collect, to request deletion of your personal information, to correct inaccurate information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising.

9. Children’s privacy

The Services are not directed to children under 13, and we do not knowingly collect personal data from children under 13. In the European Economic Area and the United Kingdom, the digital age of consent varies by member state. If you become aware that a child has provided personal data to us in violation of this policy, contact us and we will take appropriate action.

10. Cookies and similar technologies

The Site uses a minimal number of strictly necessary cookies and, where enabled, a privacy-respecting analytics tool. We do not use third-party advertising cookies. Where consent is required by law, we will request it before any non-essential technology is loaded.

11. Security

We implement and maintain administrative, technical, and physical safeguards designed to protect personal data against accidental loss, unauthorised access, disclosure, alteration, and destruction. No method of transmission over the internet is fully secure. If we become aware of a personal-data breach affecting your information, we will notify you and the relevant supervisory authority where required by law.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent changes. Where changes are material we will provide a more prominent notice (in the App or by email).

13. Contact us

Pandron Group Ltd
Privacy Office
[email protected]

For the avoidance of doubt, this Privacy Policy applies only to personal data processed by Pandron Group Ltd. The Apple App Store, Google Play, and any third-party services accessible through the Services are governed by their own privacy policies.