PamirAI Inc. Privacy Policy
Effective Date: June 1, 2026
Last Updated: June 1, 2026
Website: https://www.pamir.ai
1. Overview
PamirAI Inc. ("PamirAI," "Pamir," "we," "us," or "our") provides hardware devices, related software, cloud connectivity services, mobile applications, websites, and support services. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our website, join a waitlist, purchase or use a PamirAI hardware product, create an account, use our cloud services, or otherwise interact with us.
PamirAI is headquartered in Redwood City, California. This Privacy Policy is intended to describe our practices under applicable United States privacy laws, including California privacy laws where they apply.
By using our website, products, or services, you acknowledge that you have read this Privacy Policy.
2. Important Device Privacy Principle
PamirAI's architecture is designed so that sensitive device activity stays on your physical PamirAI hardware device and does not transit through or get stored on PamirAI cloud systems unless a specific cloud feature requires temporary transfer.
The following categories of data are stored on your device and are not collected by PamirAI cloud servers:
- Authentication tokens and session credentials that you configure on the device, including Claude Code authentication tokens or similar third-party AI provider credentials.
- Chat histories, prompts, model outputs, terminal output, command history, and agent session history.
- Project files, source code, local repositories, and files created, modified, or accessed by agents running on the device.
- Wi-Fi passwords, SSH credentials, device access credentials, and third-party integration credentials.
- OAuth tokens or other credentials for third-party services that you configure locally.
When you use remote access features, communications between your client application and device are end-to-end encrypted using ECDH-P256 key exchange with AES-256-GCM encryption. If a direct peer-to-peer connection cannot be established and encrypted traffic is relayed through PamirAI infrastructure, PamirAI's servers see encrypted traffic and connection metadata, but not the contents of your communications.
3. Personal Information We Collect
We collect only the information needed to operate our website, products, services, order flows, waitlists, support, security, and cloud connectivity features.
| Category | Examples | Purpose |
|---|---|---|
| Account information | Email address, name, display name, profile image URL, account identifier, account creation date | Creating and managing accounts, authenticating users, providing support |
| Device information | Hardware ID, device name, peer ID, provisioning keys, device tokens, last online timestamp, device registration status | Pairing devices, associating devices with accounts, enabling remote connectivity, security monitoring |
| Waitlist and marketing information | Name, email address, country, waitlist source, signup timestamp | Managing waitlists, notifying users about product availability, measuring signup sources |
| Commercial information | Purchase history, order status, shipping address, payment status, customer support records | Processing orders, shipping products, handling support, tax and accounting records |
| Website and analytics information | IP address, browser or device information, pages visited, referral data, UTM parameters, checkout or waitlist events | Operating the website, measuring site performance, understanding product interest, preventing abuse |
| Push notification information | Apple Push Notification token, platform, app bundle ID, environment | Delivering device status notifications and service alerts |
| Temporary file-transfer information | Files you choose to transfer through temporary cloud storage, presigned URL metadata, file-transfer timestamps | Enabling optional transfers between your client application and device |
| Connection metadata | WebRTC signaling data, timestamps, relay status, session duration, client and device connection metadata | Establishing and maintaining remote connections, troubleshooting, security monitoring |
| Support and communications | Emails, support requests, call scheduling information, feedback, bug reports | Responding to inquiries, improving products, maintaining business records |
We may also collect information automatically through hosting, security, analytics, and anti-abuse systems, including logs and request metadata. We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.
4. Third-Party AI Provider Credentials and AI Content
Your device may authenticate with third-party AI providers, such as Anthropic or OpenAI, using credentials you configure. PamirAI is not a party to your contract with those providers and does not control their services, models, policies, or data practices.
PamirAI does not collect or store third-party AI provider credentials on PamirAI cloud servers. Those credentials are stored on your device. You are responsible for complying with the terms and usage policies of any third-party AI provider you use with your device.
5. How We Use Personal Information
We use personal information for the following purposes:
- Create, authenticate, and manage user accounts.
- Register devices and associate them with user accounts.
- Pair devices and enable remote access connectivity.
- Deliver push notifications and service messages.
- Enable optional temporary file transfers.
- Process orders, shipping, payments, refunds, replacements, and customer support.
- Manage waitlists and product availability notices.
- Operate, secure, debug, and improve our website, products, services, and applications.
- Detect, prevent, and respond to fraud, abuse, security incidents, technical problems, and policy violations.
- Measure website and product interest through analytics and event measurement.
- Comply with legal, tax, accounting, and regulatory obligations.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
6. How We Disclose Personal Information
We disclose personal information only as needed for the purposes described in this Privacy Policy.
| Recipient | Purpose |
|---|---|
| Amazon Web Services | Cloud infrastructure, API hosting, databases, cache, authentication infrastructure, temporary file-transfer storage, and related operational services |
| Vercel | Website hosting, Vercel Analytics, event measurement, serverless functions, and waitlist storage or related website infrastructure |
| Shopify and payment/order processors | Payment processing, order management, checkout, shipping information, tax calculation, and purchase records |
| Apple Push Notification service | Delivery of push notifications to iOS devices |
| Calendly or scheduling providers | Scheduling calls when you choose to book a meeting with us |
| Professional advisers and service providers | Legal, accounting, security, compliance, and business operations support |
We may also disclose personal information if required by law, regulation, legal process, subpoena, court order, or governmental request, or if we believe disclosure is necessary to protect rights, safety, security, users, or the integrity of our services.
If PamirAI is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate confidentiality and legal safeguards.
7. Data Retention
We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data category | Retention approach | Notes |
|---|---|---|
| Account and device registration data | Retained while your account is active and for a reasonable period after deletion to complete deletion, security, backup, legal, tax, and business processes | Device records, push tokens, and usage statistics are removed through the account deletion flow, subject to legal exceptions and backup timing |
| Waitlist information | Retained until you request removal, unsubscribe, or the waitlist is no longer needed, and generally no longer than 24 months after your last interaction | Used to notify you about availability and product updates |
| Order and commercial records | Retained as needed for order fulfillment, warranty or return handling, customer support, tax, accounting, fraud prevention, and legal obligations | Payment details are processed by Shopify or payment processors and are not stored by PamirAI as full card numbers |
| Website analytics and event data | Retained as needed for analytics, security, and business reporting, generally no longer than 24 months in identifiable or event-level form where under our control | Some providers may retain aggregated or de-identified data under their own policies |
Additional retention periods:
| Data category | Retention approach | Notes |
|---|---|---|
| Temporary file transfers | Deleted after the transfer completes or expires, and in any event generally within 24 hours unless a longer period is required for security, debugging, or legal reasons | You should not use temporary transfer features as permanent storage |
| Connection metadata | Retained for security monitoring, troubleshooting, abuse prevention, and reliability, generally no longer than 30 days unless needed to investigate an incident or comply with law | PamirAI does not retain decrypted remote-session content |
| Support communications | Retained as needed to respond to you, improve services, maintain business records, and protect legal rights | You may request deletion where applicable |
| On-device data | Controlled by you and retained on your device until you delete it, reset the device, or remove credentials | When a device is unbound from an account, credential lifecycle management is designed to clear device credentials |
8. Data Security
We use administrative, technical, and organizational safeguards designed to protect personal information. These safeguards include transport encryption, authenticated API access, rate limiting, scoped and time-limited file-transfer URLs, cloud access controls, end-to-end encryption for remote device communications, and data minimization.
No method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.
9. Your Choices and Rights
Depending on where you live, you may have privacy rights regarding your personal information, including the right to request access, deletion, correction, portability, or information about our collection and disclosure practices.
California residents may have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, to the extent those laws apply:
- Right to know the categories and specific pieces of personal information we have collected about you.
- Right to request deletion of personal information, subject to exceptions.
- Right to request correction of inaccurate personal information.
- Right to opt out of sale or sharing of personal information. PamirAI does not sell personal information or share it for cross-context behavioral advertising.
- Right to limit certain uses and disclosures of sensitive personal information. PamirAI does not use sensitive personal information for purposes that require a limitation right under the CCPA/CPRA.
- Right not to be discriminated against for exercising privacy rights.
To exercise a privacy right, contact us at founders@pamir.ai with the subject line "Privacy Request." We may need to verify your identity before fulfilling a request. We will respond within the time required by applicable law.
You may also contact us to unsubscribe from waitlist or marketing communications.
10. Children
Our products and services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided personal information to us, contact us and we will take appropriate steps to delete it.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on our website and update the "Last Updated" date. Your continued use of our website, products, or services after an updated policy is posted means you acknowledge the updated policy.
12. Contact Us
PamirAI Inc.
Redwood City, California
Address: 558 Brewster Avenue, Suite 100, Redwood City, CA 94063
Email: founders@pamir.ai
For privacy-related requests, include "Privacy Request" in the subject line of your email.