This Privacy Policy describes how TurboAI, Inc. ("Turbo," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use Pana, our AI-powered personal assistant (the "Service"). Please read this Privacy Policy carefully before using the Service.
By creating an account or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.
This Privacy Policy is incorporated by reference into the Pana Terms of Service. Capitalized terms used but not defined in this Privacy Policy have the meanings given in the Terms of Service
1. Who we are
Pana is a personal operating-system product built by Turbo.
For purposes of this Privacy Policy, Turbo is the controller of personal information collected through the Service. The Service is offered only to residents of the United States who are 18 years of age or older. By using the Service, you acknowledge this Privacy Policy. If you do not agree, do not use the Service.
- Controller: TurboAI, Inc., 5432 Geary Blv. #566 San Francisco CA 94121
- Privacy contact: support@turbotime.io
- Privacy lead: [TBD — proposed: Camila Acosta]
- Legal counsel of record: Cedar Grove LLP
2. Plain-language summary
We built Pana as your personal operating system. The shape of the product determines the shape of this policy:
- Each user gets their own isolated server. Your conversations, files, API keys, and personal context live there — not in a shared Turbo database. We do not pool user content centrally.
- A few things are strictly private. Personally identifiable information, content you upload, payment details, and the API keys you connect are private to your instance. We do not read them, train on them, or share them.
- A few things we must collect to operate. How many users we have, how much each is using, which packages are loaded, and when errors occur. These are event-based — we see that something happened, not what you said.
- One thing is opt-in (or opt-out, depending on where you live). A daily, abstracted summary of themes and use-cases your Pana worked on — without verbatim content. You can turn this off.
- We never sell your data. We never share it with advertisers. Sub-processors only see what they need to deliver the service.
- Workspaces. Personal workspaces are private to you. Work workspaces (when activated by an enterprise customer) include audit logs the enterprise admin can see — only of work-workspace activity. We will be explicit at the moment a Work workspace is added to your Pana.
- You can leave. Export your data, delete your instance, and we will destroy it within 30 days of confirmation.
This summary is provided for convenience only. In the event of any conflict between this summary and the sections below, the sections below control.
3. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date above. Material changes — including any change to the three-bucket model in §4, the addition of a new sub-processor that processes content, or any change to the AI-training stance in §13 — will be notified at least 30 days in advance via email and in-app notice. Non-material changes (typos, formatting, contact updates) take effect on posting. Your continued use of the Service after the updated Privacy Policy takes effect constitutes your acknowledgment of the updates.
4. The three buckets — what we collect, what we don't
This section is the operative privacy commitment. The rest of the policy refines it.
4.1 Strictly private (we do not collect, read, or train on)
|
Category |
Examples |
|
Personally identifiable information beyond what is needed to operate your account |
Real name, address, phone, photos, biographical detail you put into context |
|
Content you provide ("Inputs" and "Outputs") |
Files you upload, documents you generate, conversations with your Pana, prompts and responses, briefings, drafts |
|
Payment instruments |
Card numbers, bank info, billing addresses (handled by Stripe — see §12) |
|
Third-party credentials |
API keys, OAuth tokens, passwords for services you connect (Slack, Gmail, GitHub, etc.) |
|
Connected Account content |
Email contents, calendar events, files, messages from services you authorize Pana to access (see §5) |
These live exclusively on your Pana instance. Turbo employees do not access them as part of normal operation. Access for support purposes is governed by §10.
4.2 Required operational telemetry (event-based, no content)
We collect the minimum data required to operate, bill, and support the service. This is not opt-out outside specific jurisdictions.
|
Signal |
Why we need it |
|
Account exists / is active |
Authentication, account management |
|
Token consumption per user |
Billing, capacity planning, fraud detection |
|
Models invoked (e.g., Claude, GPT-4) |
Cost routing, performance evaluation |
|
Packages / "tricks" loaded and invocation count |
Product analytics — which packages users actually use |
|
Tool / API connections established (event only) |
Reliability and integration health |
|
Errors and frustration triggers |
Debugging, customer support |
|
Push-notification events |
Operating the notification pipeline |
|
Device / connection metadata (device type, OS, IP, approximate location from IP, time zone) |
Service operation, security, fraud prevention |
These are sent as events — a structured signal that something happened, not a copy of what was in your conversation. We do not read message bodies, file contents, or API key values to produce this telemetry. If you install and enable the Agent, we additionally collect event-level metadata about the Agent’s local device operations, including: file system interaction events (such as file creation, modification, or deletion events, directory paths, and file types, but not file contents); application launch and interaction events; script and code execution events; Agent session duration and frequency; and the identity of API endpoints called by the Agent (but not the content of those requests or responses, except as necessary to perform your instruction). This operational data is event-based only and does not include the contents of your files, documents, or communications. As between you and Turbo, Turbo owns all de-identified and aggregated operational telemetry and Usage Data (as defined in the Terms of Service) derived from your use of the Service, including telemetry described in this §4.2. Turbo will not attempt to re-identify any individual from such data and will implement reasonable technical measures to prevent re-identification.
4.3 Semantic abstraction (opt-in / opt-out)
If enabled, your Pana will once per day produce a short, abstracted summary of itself — categories such as: themes worked on, magical moments, frustrations. Examples of acceptable granularity:
- OK: "Drafted a birthday card for a friend."
- Not OK: "Drafted a birthday card for Camila."
- OK: "Sent emails for a sales pipeline."
- Not OK: "Sent email to acme.com about $50K deal."
The summary is generated inside your Pana instance and emitted without identifiers that could re-attach it to a specific recipient, document, or third-party name.
- In the United States: opt-out (on by default; toggle in Settings → Privacy).
- Future EU/UK launches: opt-in (off by default).
We use this signal to prioritize new packages, identify common frustrations, and decide where to invest resources. We do not use it to identify, target, or re-identify individual users. Abstracted summaries are retained for 24 months and then deleted.
5. Connected Accounts and Agentic Actions
5.1 Scope of access
When you connect a third-party service to Pana, we receive only the access scopes you authorize through that service's authentication flow. We do not request more access than is necessary for the features you have enabled. You may revoke our access at any time, including through the App settings or through the third-party service's own controls. Revocation does not affect information we have already received and processed. Information already received and processed in connection with the Service will be retained in accordance with our retention practices described in §8, unless you separately request deletion of that information as described in §15.3.
5.2 Use of Connected Account data
We use information from your Connected Accounts solely to provide the Service to you, including to (a) fulfill your instructions, (b) generate Outputs in response to your Inputs, (c) perform Agentic Actions you have authorized, and (d) maintain the security and integrity of the Service. We do not use information from your Connected Accounts for advertising, for profiling for third-party use, or to train or improve any AI model. We do not allow humans to read information from your Connected Accounts except in narrow circumstances: investigating suspected abuse, addressing a technical support request you submit, complying with applicable law, or with your express consent. Automated processing of Connected Account data by AI models to fulfill your instructions is described in §5.5.
5.3 Google API Services User Data Policy
Pana's use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. With respect to information obtained from Google services (including Gmail, Google Calendar, Google Drive, and other Google APIs you connect to Pana), we:
- (a) use that information only to provide or improve user-facing features of the Service that are prominent in the requesting application;
- (b) do not transfer that information to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users;
- (c) do not use that information for serving advertisements; and
- (d) do not allow humans to read that information unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for our internal operations and even then only when the information has been aggregated and anonymized.
5.4 Agentic Actions
When the Service performs Agentic Actions on your behalf in a Connected Account or other third-party service, we transmit the information necessary to perform the action (for example, the contents of an email Pana sends for you, or the parameters of a calendar event Pana creates). Information transmitted to a third-party service in connection with an Agentic Action becomes subject to that service’s privacy practices once received. You are solely responsible for the consequences of Agentic Actions performed within the scope of your authorization, whether in a Connected Account, a third-party service, or on your device, as described in the Terms of Service. You are responsible for understanding and complying with the terms of service of any third-party service you authorize Pana to access or interact with. We are not responsible for any suspension, restriction, or termination of your access to a third-party service resulting from Pana's actions in that service at your direction, and we are not responsible for any claim by a third-party service arising from information Pana transmitted to or actions Pana took in that service at your direction.
5.5 LLM sub-processors
To generate Outputs, the Service sends your Inputs and, where relevant, content from your Connected Accounts to large language model providers (currently including Anthropic and OpenAI; see §12). For our primary language model providers (currently Anthropic via the Anthropic API and Amazon Bedrock), we use zero-retention API tiers under contractual terms that prohibit those providers from using the data we send to train or improve their models, and that do not retain your inputs or outputs beyond what is required to return a response. Certain specialized model services, including voice processing (currently OpenAI) and image generation (currently Nano Banana), may operate under different terms that permit limited data retention by those providers for operational or safety purposes. A current list of our sub-processors and their applicable data practices is available at [turbotime.io/sub-processors]. We do not route requests to any foundation model provider whose terms permit training on customer content without your express opt-in consent.
6. Workspaces — Personal vs Work
Pana is designed around workspaces as the unit of privacy. Today only Personal is active.
6.1 Personal workspace (active at launch)
The defaults described in §4 apply. Privacy floor is high; you are the only entity with content access on your instance.
6.2 Work workspace (architected; activated only via enterprise customer)
When an enterprise customer activates a Work workspace inside your Pana:
- The enterprise admin can see audit logs of Work-workspace activity — tool calls, package invocations, time-stamps. They do not see Personal-workspace activity.
- The enterprise admin may apply additional retention, DLP, or compliance settings to the Work workspace.
- You will see a clear visual indicator when you are operating in the Work workspace versus the Personal workspace.
- We will display a notice the first time a Work workspace is added to your Pana, and again any time the controlling enterprise changes its data settings.
We separate workspaces architecturally so that joining or leaving an enterprise does not mix data across contexts.
7. How information flows
[ Your device ] → [ Single Pana entry point ] → [ Your isolated Pana instance ]
│ │
└─ no conversation access ─────┘
│
↓
[ Operational events ]
↓
[ Turbo telemetry ]
- Your device communicates with the Pana entry point (a single ingress).
- The entry point routes traffic to your isolated Pana instance.
- Other servers do not communicate directly with your instance. This narrows the external attack surface to a single, hardened ingress.
- Operational events (§4.2) and, if enabled, semantic abstraction (§4.3) are emitted from your instance to Turbo's analytics layer. Conversation content is not.
8. Storage, retention, and deletion
8.1 Where it lives
|
Data |
Where it lives |
Retention |
|
Conversations and files (Inputs / Outputs) |
Your Pana instance (Hetzner — EU data center, Germany) |
Until you delete them or close your account |
|
API keys / OAuth tokens |
Your Pana instance (Hetzner — EU data center, Germany), encrypted at rest [target — see §18] |
Until you remove them |
|
Connected Account content |
Your Pana instance |
Until you disconnect or delete |
|
Operational telemetry (§4.2) |
Turbo analytics (currently PostHog) |
24 months |
|
Semantic abstraction (§4.3) |
Turbo analytics (currently PostHog) |
24 months |
|
Billing records |
Stripe + Turbo finance system |
7 years (tax / legal) |
|
Audit logs (Work workspaces) |
Turbo audit log + enterprise customer per their config |
Per enterprise contract |
|
Account metadata |
Turbo identity store |
Life of account + 30 days |
8.2 Retention criteria
The criteria we use to determine retention periods include: (a) the duration of your active use of the Service; (b) the category and sensitivity of the information; (c) the purposes for which the information was collected and whether those purposes can be met by other means; (d) our legal, tax, and regulatory obligations; and (e) the existence of any actual or anticipated dispute or investigation.
8.3 Deletion after termination
Following termination of your Account, we will retain your Pana instance and your Inputs / Outputs for thirty (30) days to allow you to export using the export tools we make available. After the export period: (a) your Pana instance is decommissioned and its disks wiped; (b) operational telemetry is anonymized within 90 days; (c) billing records are retained as required by law. Residual copies may persist in routine backups for limited additional periods, after which they will be overwritten or deleted in the ordinary course.
8.4 Backups and system logs
We maintain operational backups and system logs that may include limited information necessary to restore service, diagnose issues, and detect abuse. These backups and logs are retained for limited periods consistent with their operational purpose and are then deleted or further isolated from active systems.
9. Security
- Network. Single hardened entry point; instances are not exposed to the public internet directly.
- Access control. Production access today is restricted to a single named Turbo operator via a single allow-listed IP and SSH. Expansion of this list requires written change control.
- At-rest encryption. [Target on §18 roadmap.] When shipped, at-rest encryption will mean that even with instance access, conversation content cannot be read.
- In-transit encryption. TLS for all client-instance traffic.
- Sub-processor security. We require SOC 2 / ISO 27001 or equivalent posture from production sub-processors (§12).
- Incident response. We will notify affected users without undue delay and within statutory windows, as set forth below.
We do not promise that no breach is possible. We promise that the architecture limits blast radius (per-instance isolation), that only a single operator has production access today, and that we will narrow that access as encryption ships. You are responsible for keeping your Account credentials confidential and for promptly notifying us of any actual or suspected unauthorized access to or use of your Account.
In the event of a security incident involving unauthorized access to or disclosure of your personal information, we will notify affected users without undue delay and within the timeframe required by applicable law. Notification will be provided by email to the address associated with your Account or by prominent notice in the App, and will include, to the extent permitted by law and reasonably available at the time of notification: a description of the nature of the incident; the categories of information involved; the steps we have taken or are taking to address the incident; and steps you can take to protect yourself. We will cooperate with applicable law enforcement and regulatory authorities in connection with any security incident.
10. Customer support and Turbo personnel access
Some support tasks require an authorized Turbo operator to connect to your Pana instance — for example, restoring service after a crash or applying a critical patch.
- Today: A single named Turbo operator (per §9) can SSH to instances. The operator can read logs and operational state. Conversation content and file contents are not part of routine support and are not extracted.
- Tomorrow: Once at-rest encryption ships (§18), operators with instance access will not be able to read conversation content even if they wanted to. Support will rely on logs and event data only.
- You can request a support session with restricted access. Contact support@turbotime.io.
- No "shoulder-surfing." We will not silently observe an active session. Any troubleshooting that requires reproducing a behavior will be coordinated with you.
11. How we use information
We use the data described in §4 to:
- Deliver, secure, and bill the Service, including provisioning and operating your Pana instance.
- Process payments and manage your Subscription, including billing, invoicing, refunds, and dispute resolution.
- Communicate with you (transactional, account-related, and — where you have consented — marketing communications), and respond to support requests.
- Maintain the security and integrity of the Service, including detecting, preventing, and responding to fraud, abuse, security incidents, violations of the Terms of Service, and other harmful activity.
- Improve and develop the Service (troubleshooting, debugging, performance monitoring, analytics, internal research, product development) — using only operational telemetry (§4.2), opt-in semantic abstraction (§4.3), and deidentified or aggregated information.
- Comply with our legal obligations, respond to lawful requests from public authorities, and exercise or defend our legal rights.
We do not:
- Sell your data.
- Share your data with advertisers or data brokers.
- Use your conversations, files, or Connected Account content to train foundation models or any Turbo-owned model. (See §13.)
- Read your conversations except in the narrow circumstances described in §10 and §14.
We may also create and use deidentified or aggregated information that cannot reasonably be used to identify you or any other individual. We maintain and use deidentified information without attempting to reidentify it, except solely to verify the adequacy of our deidentification process. As between you and Turbo, Turbo owns all de-identified and aggregated data and operational telemetry derived from your use of the Service (“Usage Data”), including the data described in §4.2. Usage Data does not include the contents of your conversations, files, or communications. Turbo may use, disclose, and exploit Usage Data for any purpose, including operating, improving, and developing the Service. Turbo will implement and maintain reasonable technical and organizational measures to prevent Usage Data from being used to identify any individual user, and will require any third party to whom Turbo discloses Usage Data to maintain the same standard.
12. Sub-processors
Pana is delivered with the help of the sub-processors listed below. The list reflects our current sub-processors and is not exclusive: we may add, remove, or substitute providers (in particular, foundation model providers) as the model and infrastructure landscape evolves. We will keep an up-to-date list at turbotime.io/sub-processors and notify users of material changes per §3.
|
Sub-processor |
Role |
Region |
|
Hetzner Online GmbH |
Hosts your isolated Pana instance |
Germany. |
|
Foundation model providers (currently Anthropic, OpenAI; may include additional providers such as Google, Meta, Mistral, or open-weights inference hosts) |
Foundation model inference |
US |
|
Stripe |
Payment processing |
US |
|
|
Authentication (OAuth) and Workspace APIs you elect to connect |
US |
|
PostHog |
Operational analytics (§4.2 / §4.3) |
US |
|
Cloudflare |
DNS, network protection |
Global edge |
We share information with the following categories of recipients, in each case subject to obligations consistent with this Privacy Policy: sub-processors and service providers (above), Connected Accounts you authorize, our corporate affiliates, professional advisors (accountants, auditors, lawyers), legal and safety recipients (government, law enforcement, courts where required by law), parties to a corporate transaction (with notice), and other parties to whom you direct us to share your information.
We do not sell personal information for monetary consideration, and we do not share personal information for cross-context behavioral advertising.
13. AI training, fine-tuning, and personalization
Today: We do not use your conversations, files, Inputs, Outputs, or Connected Account content to train any model — Turbo's or a third party's.
Multi-vendor commitment. Turbo is model-agnostic by design. We commit that we will not route requests to any foundation model provider whose terms permit training on customer content. For our primary language model providers (currently Anthropic via the Anthropic API and Amazon Bedrock), we use zero-retention API tiers under terms that preclude the provider from training on customer content. Certain specialized services, such as voice and image generation, may operate under different retention terms, as disclosed in our sub-processor list at [turbotime.io/sub-processors]. Where you configure User Integrations (including open-source tools), Pana does not control those integrations and cannot warrant their data retention practices. We do not route requests to any foundation model provider whose terms permit training on customer content without your express opt-in consent
Future personalization. We may, in the future, offer personalization — a model trained or fine-tuned to behave consistently with your preferences. If we do, this will be:
- Opt-in. Off by default.
- Disclosed clearly, with a separate in-app consent surface at the time the feature is offered, including a clear description of what data will be used and whether it will leave your Pana instance.
- Possibly per-instance. We are exploring training that runs inside your Pana instance so that the data never leaves it.
- Reversible. You will be able to opt back out and have any derived data deleted.
Any such change will require an updated Privacy Policy with notice. We will not silently change this stance.
14. Legal disclosure and law enforcement
We will disclose information only when required by valid legal process and only to the extent we have it.
An important architectural note. Because we do not centrally store user conversations or files, we cannot produce them from Turbo's own systems in response to a subpoena directed at Turbo. We can produce: account metadata, operational telemetry (§4.2), semantic abstraction signals (§4.3 — where opted in), and billing records. We do not centrally store your conversation content, files, or Connected Account data. Those live on your dedicated Pana instance.
To the extent Turbo has the technical ability to access or assist in the production of data stored on your Pana instance, which depends on the security configuration in place at the time, we will comply with valid legal process requiring us to do so. Where we lack the technical means to produce specific data, we will inform the requesting authority accordingly.
We will, where permitted by law, notify you of legal requests targeting your account or instance before complying.
15. Your privacy rights — California and other U.S. state disclosures
This section supplements the rest of this Privacy Policy and applies to residents of California and other U.S. states with comprehensive consumer privacy laws applicable to Turbo. References to "personal information" include "sensitive personal information" as those terms are defined under the applicable state law.
15.1 Categories of personal information collected
In the preceding 12 months, we collected the following categories of personal information, for the purposes described in §11, from the sources described in §4 and §5, and disclosed those categories to the recipients described in §12:
|
Category |
Sources |
Recipients |
Sale / Sharing |
|
Identifiers (name, email, account ID, IP, device IDs) |
You; Connected Accounts; device automation; identity providers |
Sub-processors and service providers; affiliates; legal/safety; business transactions |
No sale; no sharing |
|
Customer Records (Cal. Civ. Code § 1798.80(e)) (name, contact, payment) |
You; payment processor |
Sub-processors; affiliates; legal/safety; business transactions |
No sale; no sharing |
|
Commercial Information (Subscription details, transaction history) |
You; payment processor |
Sub-processors; affiliates; legal/safety; business transactions |
No sale; no sharing |
|
Internet / Network Activity (usage data, App interaction, performance / crash data, and API endpoint call metadata generated by the Agent) |
Device / App automation |
Sub-processors; affiliates; legal/safety; business transactions |
No sale; no sharing |
|
Geolocation (approximate, derived from IP) |
Device automation |
Sub-processors; affiliates; legal/safety |
No sale; no sharing |
|
Audio / Visual / Similar (voice, screen content, images submitted as Inputs) |
You; Connected Accounts at your direction |
LLM sub-processors; hosting providers; affiliates; legal/safety |
No sale; no sharing |
|
Inferences (preferences and behaviors derived from use) |
Automation; derived |
Sub-processors; affiliates |
No sale; no sharing |
|
Sensitive Personal Information (Account credentials; contents of Connected Account communications; any sensitive information you choose to submit) |
You; Connected Accounts at your direction |
LLM sub-processors; hosting providers; affiliates; legal/safety |
No sale; no sharing; not used or disclosed for purposes that would require offering the right to limit |
15.2 Your rights
Depending on your state of residence, you may have the rights to:
- Know / access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and information, subject to applicable exceptions (including information necessary to complete a pending transaction, detect or prevent security incidents, comply with a legal obligation, or exercise free speech or other rights provided by law).
- Portability — receive a copy in a portable format.
- Opt out of "sale" or "sharing" for cross-context behavioral advertising. (We do not sell or share for cross-context behavioral advertising.)
- Limit use of sensitive personal information. (We do not use sensitive personal information for purposes that would require offering this right.)
- Non-discrimination for exercising privacy rights.
- Appeal if we deny your request. If we deny your privacy rights request, you may appeal by emailing support@turbotime.io with the subject line “Privacy Request Appeal” and a description of the request we denied. We will respond to appeals within 45 days of receipt. If your appeal is denied, you may lodge a complaint with your state’s privacy regulator.
- Lodge a complaint with your state's regulator.
15.3 How to exercise your rights
Email support@turbotime.io or submit a request through the App settings. We will need to verify your identity before responding (typically by confirming the email address associated with your Account). We will respond to verifiable requests within the time period required by applicable law (generally 45 days, with the possibility of one extension). You may designate an authorized agent to make a request on your behalf; we will require proof of authorization. Please note that most of your personal content, including conversations, files, and Connected Account data, is stored on your dedicated Pana instance and is accessible to you directly through the Service. A right-to-know request to Turbo will produce the information Turbo holds centrally, but not the contents of your Pana instance, which you control directly and that Turbo does not otherwise have access to.
15.4 AI training opt-out
We do not use your Inputs, Outputs, or Connected Account content to train our or our sub-processors' AI models. If we offer an opt-in for training in the future, we will describe the scope of the consent at the time of opt-in, and you will be able to withdraw your consent at any time.
15.5 Marketing communications
You can opt out of marketing emails via the unsubscribe link in any marketing email, and out of marketing push / SMS through App or device settings. We may continue to send transactional, account-related, and service-related communications.
15.6 Other state residents
If you are a resident of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, or another state with a comprehensive consumer privacy law applicable to Turbo, you may have rights similar to those described above. To exercise your rights, contact us at support@turbotime.io.
15.7 California "Shine the Light"
California Civil Code § 1798.83 permits California residents to request information regarding our disclosures of personal information to third parties for those third parties' direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.
16. Sensitive data and health information
The Service is not designed to receive or process protected health information regulated under HIPAA, education records subject to FERPA, financial account information regulated under GLBA, biometric identifiers regulated under state biometric privacy laws (including BIPA), or other categories of regulated sensitive data. As stated in the Terms of Service, you agree not to submit such data to the Service. We are not acting as a HIPAA business associate, a regulated consumer health data controller (under the Washington My Health My Data Act, Nevada SB 370, or similar laws), or a financial institution under GLBA, and the safeguards those laws would otherwise require may not apply to information you submit to the Service. If you choose to submit regulated sensitive data to the Service despite this prohibition: (a) you do so at your sole risk; (b) you assume all legal, regulatory, and financial consequences of such submission, including any liability to third parties or regulatory authorities; (c) Turbo disclaims all liability arising from the receipt, storage, processing, or disclosure of such data; and (d) you agree to indemnify the Turbo Parties for all claims, penalties, and losses arising from your submission of such data. You acknowledge that the Agent’s access to your files and Connected Accounts may result in the incidental processing of regulated sensitive data (such as health information in emails or financial data in documents) as part of fulfilling your instructions. We do not intentionally collect, use, or retain such incidentally accessed sensitive data for any purpose other than fulfilling your specific instruction, and we do not treat ourselves as a regulated handler of such data solely because it was incidentally accessed in the course of performing an Agentic Action you authorized. Where you configure User Integrations, including messaging applications such as WhatsApp or iMessage, those integrations may expose the Service to sensitive personal data of third parties (including contacts and message content). You are solely responsible for ensuring that your configuration and use of User Integrations complies with all applicable privacy laws and the privacy rights of any third parties whose data may be accessible through those integrations.
17. United States only; no international use
The Service is offered only to residents of the United States. We do not direct the Service to, and do not knowingly collect personal information from, individuals outside the United States. If you are located outside the United States, please do not use the Service. Your Pana instance is hosted on infrastructure located in the European Union (currently Germany); by using the Service, you acknowledge that your data will be stored on EU-based infrastructure operated on TurboAI’s behalf pursuant to an Article 28-compliant data processing agreement with Hetzner Online GmbH.
18. Children's privacy
Pana is for users 18 years of age or older. We do not knowingly collect information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it. Parents or guardians who believe a child has provided information may contact support@turbotime.io.
19. Cookies and similar technologies
Pana is delivered primarily through the App. We and our service providers use mobile SDKs, push notification tokens, device identifiers, and similar technologies to operate, secure, and analyze use of the Service. We do not use these technologies for third-party advertising or for cross-context behavioral advertising. You can control device-level identifiers and notification permissions through your device settings. We recognize and process the Global Privacy Control (GPC) opt-out signal. Because we do not sell personal information or share it for cross-context behavioral advertising, a GPC signal does not change our data practices in any substantive way. We record GPC signals we receive and treat them as a standing do-not-sell and do-not-share request for purposes of applicable state privacy laws.
20. Roadmap commitments (informational)
We are publishing the following roadmap items to keep our commitments honest. These are targets, not present-day guarantees.
|
Item |
Status |
Target |
|
At-rest encryption of conversations and files |
Planned |
Within 12 months of launch |
|
Per-instance training (no data egress) for personalization |
Research |
TBD |
|
SOC 2 Type I |
In progress |
[TBD] |
|
Public sub-processor change log |
At launch |
— |
|
CASA Tier 2 assessment (Google restricted scopes) |
Required post-launch |
Within 12 months of OAuth verification |
|
Enterprise / Work-workspace audit log productization |
Planned |
Tracks enterprise GA |
We will update this section as items ship or change.
21. Business transactions
If Turbo is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be disclosed to and transferred to the prospective or actual counterparty as part of the diligence process or transaction. We will require the recipient to honor commitments consistent with this Privacy Policy with respect to your information, and we will notify you of any material change in how your information is handled.
22. Contact
- Privacy: support@turbotime.io
- Security disclosure: support@turbotime.io
- Legal: support@turbotime.io
- Mailing address: 5432 Geary Blv. #566 San Francisco CA 94121