Privacy Policy

Last updated: April 20, 2026

1. Who we are

Pantalytics B.V., located at Kromme Nieuwegracht 3, Utrecht, is responsible for the processing of personal data as described in this privacy policy.

• Company: Pantalytics B.V.
• Chamber of Commerce: 98452290
• Email: info@pantalytics.com
• Phone: +31 (30) 227 1483

This policy applies to the Pantalytics marketing website (pantalytics.com) and to Pantalytics software products, including Odoo MCP Pro.

2. Personal data we collect

2.1 Marketing website

Contact form

When you fill out our contact form, we process:

• Name
• Email address
• Phone number (optional)
• Company name (optional)
• Message

Purpose: to answer your inquiry and potentially schedule an introductory meeting.

Legal basis: legitimate interest (Article 6(1)(f) GDPR).

Storage: Odoo CRM, hosted by Odoo S.A. on European servers.

Website analytics

We use PostHog on the EU cloud (eu.i.posthog.com) and process:

• Anonymized page views and click behavior
• Device type, browser and language settings
• Referring website

Purpose: to understand how our website is used and improve it.

Legal basis: legitimate interest.

PostHog respects your browser's Do Not Track setting. No data is shared with third parties for advertising purposes.

Live chat

Our website includes a live chat widget provided through Odoo. When you start a chat, your messages and any contact details you provide are processed.

Purpose: to provide direct support.

Legal basis: legitimate interest.

Storage: Odoo S.A., European servers.

2.2 Odoo MCP Pro (SaaS product)

When you sign up for or use Odoo MCP Pro, we process personal data as a controller for the purpose of providing and operating the service. When the service processes data from your own Odoo instance on your behalf, we act as a processor under a data processing agreement (see Terms, Article 11).

Account and authentication data

• Email address
• Name (if provided during sign-up)
• Authentication metadata (login timestamps, session identifiers)
• Organisation and team membership

Purpose: to create and secure your account, enable login and manage team access.

Legal basis: performance of a contract (Article 6(1)(b) GDPR).

Storage: Zitadel Cloud (EU region, operated by CAOS AG in Switzerland) for identity and authentication; Pantalytics application database hosted in the EU by Hetzner Online GmbH for team and profile data.

Connection configuration

• URL of your Odoo instance
• Odoo API credentials you enter (stored encrypted at rest)
• Tenant and team configuration

Purpose: to enable the service to connect to your Odoo instance on your behalf.

Legal basis: performance of a contract.

Storage: Pantalytics application database hosted by Hetzner Online GmbH in the EU, with API credentials encrypted at rest.

Usage data

• Timestamps and counts of MCP calls
• AI model identifier used (where applicable)
• Error and diagnostic logs

Purpose: to enforce plan allowances, provide usage dashboards, monitor service health and detect abuse.

Legal basis: performance of a contract and legitimate interest.

Storage: Pantalytics application database hosted by Hetzner Online GmbH in the EU; aggregated product analytics via PostHog.

Billing data

• Subscription plan, billing status, invoice history
• Stripe customer and subscription identifiers
• VAT identification number (if provided)
• Payment method details (held only by Stripe; Pantalytics does not store card numbers)

Purpose: to administer your subscription, issue invoices and comply with tax and bookkeeping obligations.

Legal basis: performance of a contract and legal obligation (Article 6(1)(b) and (c) GDPR).

Storage: Stripe (see sub-processors); invoice metadata in the Pantalytics database.

Customer Odoo data (processor role)

When the service executes a call against your Odoo instance, your query and the Odoo response pass through Pantalytics infrastructure. Call content is not retained beyond what is necessary to return the response, except where logs are kept for debugging, abuse prevention and billing enforcement. Pantalytics does not use customer Odoo data to train AI or machine learning models.

3. Sub-processors

We use the following sub-processors to deliver the service:

• Odoo S.A. (Belgium) — CRM and live chat storage for the marketing website
• PostHog Inc. (EU cloud, Frankfurt) — website and product analytics
• CAOS AG (ZITADEL) (St. Gallen, Switzerland; data hosted in EU region) — identity and authentication for Odoo MCP Pro
• Stripe Payments Europe Ltd. (Ireland) — payment processing and subscription billing
• Sendinblue SAS (Brevo) (France) — transactional email (account verification, invitations, receipts)
• Hetzner Online GmbH (Germany) — compute and database hosting for Odoo MCP Pro

We never sell personal data to third parties. We will provide reasonable advance notice of material changes to this list; business customers may object under their data processing agreement.

4. International data transfers

Personal data is primarily stored and processed within the European Economic Area (EEA). CAOS AG (ZITADEL) is established in Switzerland, which benefits from a European Commission adequacy decision under Article 45 GDPR; transfers to Switzerland therefore do not require additional safeguards. Where other sub-processors transfer data outside the EEA (for example Stripe for global payment processing), such transfers rely on the European Commission's Standard Contractual Clauses and appropriate supplementary safeguards.

5. Retention

We do not retain your data longer than necessary:

• Contact form: maximum 2 years after last contact
• Website analytics: anonymized, no personal retention period
• Live chat: maximum 1 year
• Account and connection data: for the duration of your subscription, plus 30 days after termination to allow export, then deleted
• Usage logs: up to 12 months for operational purposes
• Billing and invoice records: 7 years, as required by Dutch tax law (Article 52 AWR)

6. Your rights

Under the GDPR, you have the following rights:

• Access: request what data we hold about you
• Rectification: have incorrect data corrected
• Erasure: have your data deleted (subject to legal retention obligations)
• Restriction: temporarily halt processing
• Portability: receive your data in a common format
• Objection: object to processing based on legitimate interest

Send your request to info@pantalytics.com. We will respond within 30 days.

You also have the right to file a complaint with the Dutch Data Protection Authority.

7. Security

We take appropriate technical and organisational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS) for all traffic
• Encryption at rest for sensitive credentials such as Odoo API keys
• European hosting for primary service infrastructure
• Role-based access control and least-privilege access to personal data
• Regular backups and security monitoring

8. Cookies

Our marketing website uses only functional and analytical cookies. We do not place tracking or advertising cookies. The Odoo MCP Pro application uses strictly necessary session cookies to keep you signed in.

9. Data processing agreement

Business customers of Odoo MCP Pro are offered a data processing agreement ("DPA") in accordance with Article 28 GDPR. The DPA forms an integral part of the Terms when personal data is processed by Pantalytics on the customer's behalf. A countersigned copy is available on request via info@pantalytics.com.

10. Changes

We may update this privacy policy. The most recent version is always available on this page. We will notify you of material changes through the website or by email to registered users.