Privacy Policy

Last updated: January 2026

1. Data Controller

The Pongo service is a project developed by KodePunk.

For any questions regarding privacy and personal data processing, please contact us at: support@pongobot.xyz

2. Data Security

The security of your data is our top priority. All data is protected using Cloudflare infrastructure, the world leader in cybersecurity and enterprise cloud solutions.

🔒 100% Protection with Cloudflare

  • End-to-end encryption: all data is encrypted in transit and at rest
  • Certified data centers: ISO 27001, SOC 2 Type II, PCI DSS
  • Global network: DDoS protection and WAF (Web Application Firewall)
  • Zero Trust Security: identity-based verified access

3. Data Processor (DPA)

In accordance with Regulation (EU) 2016/679 (GDPR), Cloudflare, Inc. acts as the Data Processor for all data processed through our platform.

Cloudflare has signed a Data Processing Agreement (DPA) compliant with GDPR that guarantees:

  • • Data processing only according to our instructions
  • • Appropriate technical and organizational security measures
  • • Prompt notification in case of data breach
  • • Support in fulfilling GDPR obligations
  • • Deletion or return of data upon service termination

For more information about Cloudflare's privacy: Cloudflare Trust Hub - GDPR

4. Data Collected

We collect and process the following types of data:

4.1 Account Data

  • • Email address
  • • First and last name (optional)
  • • Billing information (managed by Stripe)

4.2 Financial Data

  • • Bank statements uploaded by the user
  • • Transactions and movements
  • • AI-generated categorizations and analyses

Important: Your financial data is processed exclusively to provide you with the analysis service. We do not sell, share, or use your data for purposes other than those strictly necessary for the service operation.

5. Secure Payments

All payments are processed by Stripe, Inc., a platform certified PCI DSS Level 1, the highest certification level in the payment industry.

We never store your credit card data on our servers. For Stripe's privacy: Stripe Privacy Policy

6. Your Rights

In accordance with GDPR, you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your data ("right to be forgotten")
  • Portability: receive your data in a structured format
  • Object: object to processing for specific purposes
  • Restriction: request restriction of processing

To exercise these rights, contact us at: support@pongobot.xyz

7. Data Retention

Your data is retained for as long as necessary to provide you with the service. Upon account deletion, all your data will be deleted within 30 days, unless legal obligations require longer retention.

8. Contact

For any questions, requests, or complaints regarding privacy:

KodePunk

Email: support@pongobot.xyz