Privacy Policy

The data controller responsible for your personal information is:

KB Media GmbH
Im Feld 9
6212 St. Erhard, Schweiz
Email: info@kb-media.ch
Website: pantra.io

For questions about this Privacy Policy or to exercise your rights, contact us at info@kb-media.ch.

We collect the following categories of information:

Identifiers. Name, email address, account name, and similar identifiers — collected when you register or sign in via Google OAuth.

Usage & Technical Data. IP address (anonymised), browser type, operating system, pages visited, referrer URL, and timestamps — collected automatically when you visit pantra.io.

Audit Data. The domain URLs you submit for scanning and the publicly available data retrieved from those domains (HTML, headers, robots.txt, sitemaps, JavaScript bundles). This data relates to your website, not to you personally.

Search Console Data. If you voluntarily connect your Google Search Console account, we access your keyword rankings, impressions, clicks, and indexing status — read-only, solely for display in your Pantra dashboard.

Commercial Information. Records related to your subscription, including plan type, billing period, and invoice address — processed by our payment provider Paddle.

Communications. Emails and messages you send us, including support requests.

We use your information for the following purposes, based on the indicated legal basis:

To provide our Service, we share data with the following trusted third parties. All providers are contractually bound to handle your data securely and only for the specified purposes.

Infrastructure

• Supabase Inc. (USA) — database hosting and backend infrastructure. Your account and scan data is stored on Supabase servers. supabase.com/privacy
• Vercel Inc. (USA) — hosting of the Pantra web application. Vercel processes technical access data. vercel.com/legal/privacy-policy

Payment

• Paddle.com Market Ltd. (United Kingdom) — Merchant of Record for all payments, invoicing, and global tax compliance (VAT/MWST). We do not store full payment card details. paddle.com/legal/privacy

AI services

To generate fix-prompts and run GEO monitoring, domain URLs and publicly available website data are sent to the following AI providers. No personal account data is transmitted.

Privacy policies: anthropic.com/privacy · openai.com/privacy · perplexity.ai/privacy · policies.google.com/privacy

Authentication & Search Console

• Google LLC (USA) — Google OAuth for sign-in (name, email, profile picture). Google Search Console API for keyword and indexing data (optional, read-only, requires your explicit authorisation). policies.google.com/privacy

Email

• Resend Inc. (USA) — transactional email delivery (scan reports, account notifications). resend.com/legal/privacy-policy

Some of our service providers are located in the United States or other countries outside Switzerland and the EU. We ensure that all international data transfers are carried out on the basis of appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission and recognised by the Swiss FDPIC, or adequacy decisions where applicable.

We retain your data only as long as necessary for the purposes described in this Policy or as required by law:

After these periods, data is securely deleted or anonymised.

We implement appropriate technical and organisational measures to protect your information, including:

• Encrypted transmission via HTTPS (TLS 1.3)
• Encrypted storage of sensitive data
• Role-based access controls
• API keys processed exclusively server-side — never exposed in the frontend
• Row Level Security enforced on all Supabase tables
• Regular security reviews

No security system is impenetrable. In the unlikely event of a data breach affecting your rights and freedoms, we will notify you and the relevant authorities as required by law.

Pantra uses only technically necessary cookies for:

• Session management (login state)
• CSRF protection
• User preferences (e.g. language)

We do not use tracking cookies, advertising cookies, Facebook Pixel, Hotjar, or Google Analytics. No third-party behavioural tracking takes place on pantra.io.

When you connect your Google Search Console account, you grant Pantra read-only access to your Search Console data. We use this data solely to display insights in your Pantra dashboard. We do not share your Search Console data with any third party. You can revoke access at any time in Settings or directly via your Google account at myaccount.google.com/permissions.

Pantra uses AI services to analyse publicly available website data and generate fix recommendations, SEO strategies, and blog articles. Only domain URLs and publicly accessible website content are transmitted to AI providers — no personal account data. No automated decisions with legal or similarly significant effects are made based on your personal data.

Under Swiss DSG and EU GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data (subject to legal retention obligations)
• Restriction — request that we limit processing of your data
• Data portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests, including direct marketing
• Withdrawal of consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at info@kb-media.ch. We will respond within 30 days.

You also have the right to lodge a complaint with the competent supervisory authority:

Switzerland:
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)
Feldeggweg 1, 3003 Bern
edoeb.admin.ch

EU (if applicable): The supervisory authority of your country of residence.

Our Service may contain links to third-party websites or services that we do not own or control. We are not responsible for the privacy practices of these third parties and encourage you to review their privacy policies.

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the relevant third party. We will notify you via email and/or a prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy.

We may update this Privacy Policy from time to time. We will post any changes on this page. For significant changes, we will provide prominent notice (e.g. by email or in-app notification). The date at the top of this page indicates when it was last updated. Continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

KB Media GmbH
Im Feld 9
6212 St. Erhard, Schweiz
info@kb-media.ch
pantra.io