Privacy Policy

Last updated: April 26, 2026

1. Introduction

Ponty Technologies (“Ponty,” “we,” “us,” or “our”) operates the Ponty platform, including the website at ponty.ai, the dashboard at app.ponty.ai, and related SDKs and services. This Privacy Policy describes how we collect, use, store, and protect information when you use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, organization name, and authentication credentials (managed via Clerk). If you subscribe to a paid plan, payment information is processed by Stripe and is not stored on our servers.

2.2 Session Replay Data

Our SDKs (web, iOS, Android) record user session data from your application. This includes DOM snapshots, user interactions (clicks, scrolls, navigation), network timing, console errors, and device metadata. All user text inputs are masked by default. You control what is captured through SDK configuration. Session data belongs to you — we process it solely to provide the service.

2.3 AI-Generated Data

We use third-party AI models (Anthropic, Google, OpenAI) to generate session summaries, friction analysis, embeddings, and automated test scripts. AI-generated outputs are stored alongside your session data and are subject to the same retention and deletion policies.

2.4 Usage & Analytics Data

We collect standard usage data such as page views, feature usage, API call counts, and error logs to operate and improve the service. We do not use third-party analytics trackers on our dashboard.

2.5 Waitlist & Marketing

If you join our waitlist, we collect your email address. We will only use it to notify you about Ponty's launch and relevant product updates. You can unsubscribe at any time.

3. How We Use Your Information

  • Provide, maintain, and improve the Ponty platform
  • Generate AI session summaries, friction detection, and automated test scripts
  • Process session replay data for search, analysis, and issue detection
  • Communicate with you about your account, billing, and service updates
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell, rent, or share your data with third parties for their own marketing purposes.

4. Third-Party Services

We use the following third-party services to operate Ponty:

  • Clerk — authentication and user management
  • Stripe — payment processing
  • Cloudflare R2 — encrypted object storage for session replay data
  • Vercel — hosting and deployment
  • Anthropic, Google, OpenAI — AI model providers for session analysis and agent testing

Each third-party service processes data in accordance with their own privacy policies. We select providers that maintain appropriate security certifications and data protection standards.

5. Data Storage & Security

Session replay data is stored as encrypted, compressed objects in Cloudflare R2. Queryable metadata is stored in PostgreSQL with encryption at rest. All OAuth tokens and API keys are encrypted with AES-256-GCM. Data is transmitted over TLS 1.2 or higher.

6. Data Retention

Session replay data is retained according to your plan:

  • Free: 30 days
  • Pro: 90 days
  • Team: 1 year
  • Enterprise: Custom retention period

After the retention period, session data is permanently deleted. Account information is retained as long as your account is active. You may request deletion of all your data at any time by contacting us.

7. End-User Privacy

Ponty is a tool used by our customers to record sessions from their own applications. Our customers are responsible for:

  • Obtaining appropriate consent from their end users for session recording
  • Providing notice to their end users about data collection practices
  • Configuring the SDK's privacy masking settings appropriately for their use case
  • Complying with applicable data protection laws (GDPR, CCPA, etc.)

By default, our SDK masks all text inputs, does not capture passwords, and excludes sensitive form fields. Customers may configure additional masking rules.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at the email below.

9. Cookies

The Ponty website uses essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies on ponty.ai or app.ponty.ai.

10. Children's Privacy

Ponty is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries, data requests, or questions about this policy:

Email: eashan@ponty.ai

Website: ponty.ai