Panwright

Privacy Policy

Last updated: 7 July 2026

This Privacy Policy describes how Joy's Dawn Solutions LLC ("Panwright", "we", "us", or "our") collects, uses, and discloses your information when you use the Panwright desktop application, the Panwright phone companion app, and the panwright.com website (together, the "Service"). Panwright is designed to be local-first: the application runs on your own device, and we deliberately collect as little personal information as possible. If you do not agree with our policies and practices, please do not use the Service.

Summary of key points

  • What we collect. Essentially only the email address you register with, the authentication data that keeps you signed in, and your subscription status. That's it.
  • What we never receive. Your payment-card details, your model-provider API keys, and your projects, prompts, code, and AI output. These stay on your device or go directly to the third parties you choose.
  • How we use it. To create and secure your account, run your subscription, and send essential account emails. We do not sell your personal information.
  • Your choices. You can delete your account and its data at any time from within the app.

1. What information do we collect?

Personal information you provide to us. When you create an account we collect the email address you register with and a password, which is stored only as a salted cryptographic hash by our authentication provider — we never see or store your password in plaintext. If you contact us for support, we collect the contents of your message.

Payment information. When you subscribe, your payment is processed by Paddle (see below). We do not collect or store your card or bank details. We receive from Paddle only the billing identifiers and subscription status (for example, trialing, active, past due, paused, or canceled) needed to give you access to the paid Service.

Information we deliberately do NOT collect.

  • Your projects, prompts, code, and AI output. This content is processed on your device and sent directly to the AI model provider you choose, using your own key. It does not pass through our servers.
  • Your model-provider API keys. Keys you add (for example, your OpenRouter key) are stored on your own device in your operating system's secure keystore and are never transmitted to us.
  • Content of mirrored sessions. When you pair a phone or other device, the traffic between your devices is end-to-end encrypted and passes through our relay only as opaque ciphertext we cannot read.

Information collected automatically. When your app checks for updates or your devices connect to our relay, our servers process limited technical data such as IP address, device public keys, and timestamps, for the purpose of operating and securing the Service. The website itself uses no analytics or advertising trackers.

Phone companion. If you use the phone app, it asks for camera access solely to scan the pairing QR code shown on your desktop, and it may ask permission to send you push notifications. To deliver those notifications we register a push token with Apple's and Google's push services and send only a content-free signal that wakes the app — the notification itself carries no message content. We do not collect your phone's contacts, location, or advertising identifiers.

2. How do we process your information?

We process your personal information to:

  • create and manage your account and authenticate you (including sending one-time verification codes);
  • provide the Service and manage your subscription and entitlements;
  • send you essential, transactional account emails (such as verification and billing notices);
  • respond to your support requests;
  • protect the Service, prevent fraud and abuse, and maintain security; and
  • comply with our legal obligations.

We do not sell your personal information, and we do not use it for advertising.

3. What legal bases do we rely on?

If you are in the EEA or UK, we process your personal information only when we have a valid legal basis: to perform our contract with you (providing the Service and your subscription), with your consent (which you may withdraw at any time), to comply with our legal obligations, and for our legitimate interests in securing and improving the Service where those interests are not overridden by your rights.

4. When and with whom do we share your information?

We share personal information only with the service providers that help us run the Service:

  • Paddle — our reseller and merchant of record, processes your payment and handles billing, receipts, and taxes. See Paddle's Privacy Policy.
  • Supabase — hosts our authentication service and the database that stores your account email and subscription status.
  • Resend — delivers your transactional account emails, such as verification codes.
  • Cloudflare — hosts our website and serves our software downloads, and provides content-delivery and network-security services in front of our infrastructure.
  • DigitalOcean — hosts our device relay, which routes end-to-end-encrypted traffic between your own paired devices. The relay handles only ciphertext and public keys — never your content.
  • Apple and Google — deliver push notifications to your phone. We hand their push services (Apple Push Notification service and Firebase Cloud Messaging) only a device token and a content-free signal to wake the app; the notification carries no message content.
  • Your chosen AI model provider (for example, OpenRouter) — receives your prompts directly, under your own account and key, and processes them subject to that provider's own privacy policy, not ours.

We may also disclose information if required to do so by law, or to protect our rights, safety, or property, and we may transfer information in connection with a merger, acquisition, or sale of assets.

5. Do we use cookies and other tracking technologies?

The website uses no advertising or analytics cookies. When you complete a purchase, Paddle's checkout may set cookies that are strictly necessary to process your transaction and prevent fraud. The desktop and phone applications use no third-party tracking.

6. Is your information transferred internationally?

Our servers are located in the United States. If you access the Service from outside the United States — for example from the European Economic Area (EEA), the United Kingdom, or Switzerland — the limited account information we hold will be transferred to, stored, and processed in the United States, which may not provide the same level of data protection as your home country.

Where we transfer personal information out of the EEA, UK, or Switzerland, we rely on appropriate safeguards for that transfer — such as the European Commission's Standard Contractual Clauses and their UK equivalent, which are offered under our service providers' data-processing agreements. Because we collect so little (essentially your email address and subscription status), the scope of any such transfer is minimal.

7. How long do we keep your information?

We keep your account information for as long as your account exists. When you delete your account, we permanently remove your account, profile, and subscription record from our database. Paddle, as merchant of record, may retain transaction records as required for tax, accounting, and legal purposes.

8. How do we keep your information safe?

We protect your information with technical and organizational measures including encryption in transit (TLS), storage of passwords only as salted hashes, end-to-end encryption for device mirroring, hardware-backed key storage on your devices, and least-privilege access controls on our database. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.

9. Do we collect information from minors?

The Service is not directed to, and is not intended for use by, anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe a minor has provided us personal information, please contact us and we will delete it.

10. What are your privacy rights?

Depending on where you live, you may have the right to access, correct, update, or delete your personal information, to object to or restrict its processing, to data portability, and to withdraw consent. You can exercise the core of these rights directly through the in-app Delete account feature, or by emailing us at support@panwright.com. If you are in the EEA or UK, you also have the right to complain to your local data-protection authority.

11. Controls for do-not-track features

Most browsers and some operating systems offer a Do-Not-Track ("DNT") setting. No uniform technology standard for recognizing DNT signals has been finalized, so we do not currently respond to them. Because the website carries no tracking regardless, this does not affect what we collect from you.

12. Do United States residents have specific privacy rights?

If you are a resident of a U.S. state with a comprehensive privacy law, you may have rights to know, access, correct, and delete the personal information we hold about you, and to opt out of its "sale" or "sharing." The only category of personal information we collect is identifiers (your email address and account/subscription identifiers). We do not sell or share personal information, and we do not use it for targeted advertising or profiling. You may exercise your rights as described in "What are your privacy rights?" above, and we will not discriminate against you for doing so.

Authorized agents. Where your state's law allows, you may use an authorized agent to submit a request on your behalf. We may ask the agent for proof that you validly authorized them to act for you, and we may still ask you to verify your own identity with us.

Appeals. If we decline to act on your request and your state's law grants a right to appeal, you may appeal by emailing us at support@panwright.com with "Privacy appeal" in the subject line. We will respond in writing with our decision and the reasons for it. If your appeal is denied, you may contact your state's attorney general.

13. Do we make updates to this notice?

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date above, and where changes are material we will take reasonable steps to notify you.

14. How can you contact us about this notice?

If you have questions or comments about this Privacy Policy, email us at support@panwright.com, or write to us at:

Joy's Dawn Solutions LLC
4466 Birch Run Dr
Troy, MI 48098
United States

15. How can you review, update, or delete the data we collect from you?

You can review and update your account email from within the app, and you can permanently delete your account and its associated data at any time via Settings → Delete account, which cancels any active subscription and erases your profile and subscription record. You may also contact us at support@panwright.com to request access to, correction of, or deletion of your personal information.