We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience and analyze website traffic. By clicking “Accept,” you agree to our website's cookie use as described in our Cookie Policy. You can change your cookie settings at any time by clicking “Preferences.”
Trust & Privacy

Your relationships are the most personal data you have

So we treat them that way. Here is exactly how PineChat handles your data, who touches it, and every legal document in one place.

Encrypted in transit and at rest
Never sold or shared, ever
Disconnect any integration in one tap
Never used to train external AI models
How it works

The details, without the security-review email

Where your data is processed
The United States.
Hosting
Managed cloud infrastructure: Amazon Web Services and MongoDB Atlas, with production isolated from non-production environments.
Encryption
TLS in transit. AES-256 (or equivalent) at rest where technically feasible. Sensitive fields use client-side field-level encryption keyed by AWS KMS.
Access control
Least-privilege, role-based access, with multi-factor authentication on administrative and cloud-console access and documented access reviews.
AI processing
Google Gemini is the sole AI provider. It does not train models on your data.
Breach notification
Customers are notified without undue delay and within 72 hours of us becoming aware of a personal data breach.
Data deletion
On termination, data is returned or deleted within 30 days at the customer’s choice, unless retention is required by law.
Human in the loop
PineChat drafts messages, but never messages your contacts for you. Every message that reaches a person is sent by you.

Full detail, including our technical and organizational measures and the complete list of 10 authorized sub-processors, is in the Data Processing Agreement.

Compliance

Where we are, honestly

SOC 2 Type II, ISO 27001 and GDPR compliance are in progress, expected Q3 2026. We are not certified yet and will not claim otherwise. The controls described above are in place today, and we will share our current security documentation and any third-party audit reports we hold on request.

Working through a security review?

We can send a countersigned copy of our DPA for your records, complete your security questionnaire, or provide Standard Contractual Clauses for an EU entity. A real person replies.

Email privacy@pinechat.ai

Anything else: support@pinechat.ai