Privacy Policy

This Privacy Policy describes how LegionAir Applications (“we”, “us”, or “our”) collects, uses, stores, and discloses information in connection with PALION CORE and the PALION Nexus premium tier (collectively, the “Service”). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Local-First and Hybrid Operation

PALION is designed around a local-first architecture. Core memories, preferences, device registrations, and the majority of your working data are stored on your own machine or your chosen infrastructure. Some features operate in a hosted or cloud-assisted mode when you choose to sign in or connect to remote services. You retain ownership of the data you store locally.

2. Information We Process

Depending on how you use PALION, we may process the following categories of information:

• Account and identity data — email address, display name, public OAuth profile metadata, and authentication tokens required for secure sign-in.
• Guest session data — temporary browser storage and local preferences used to support unauthenticated access.
• Commands, conversations, and uploaded files — content you submit for planning, retrieval, or automation within the Service.
• Device and presence metadata — device identifiers, connection status, routing capability, and capability metadata from connected PALION agents.
• Subscription and payment references — plan tier, subscription status, and transaction references provided by our payment processor (such as PayPal). We do not store or process full payment card numbers.
• Usage and telemetry data — aggregate feature-usage signals, error reports, and performance metrics used to improve reliability. This data is not linked to individual users without your consent.

3. Cookies, Local Storage, and Similar Technologies

The Service uses browser-based local storage, session storage, and similar technologies to maintain authentication state, store user preferences, and support offline-capable features. We do not use third-party advertising cookies. If we use any analytics cookies or scripts, they will be disclosed here and, where required by applicable law, offered with a consent mechanism.

You may clear local storage and cookies through your browser settings at any time; doing so will sign you out and reset any locally stored preferences.

4. Location and Device Tracking

For devices that support location services — including phones, tablets, and any hardware with GPS or network-based location capability — location tracking is enabled by default when you connect the device to PALION.

• What we collect: approximate or precise coordinates (latitude, longitude, and accuracy radius), the source of the fix (GPS, network triangulation, or IP-based estimate), and a timestamp.
• Purpose: location context lets PALION prioritise tasks by proximity, surface time-sensitive reminders, route commands to the correct device, and improve presence and daily-guide accuracy.
• Legal basis (where required): collection at device connection constitutes consent by use. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Opt-out: disable location tracking at any time via Device Manager → Location Tracking in your dashboard. Disabling stops all new location readings immediately; historical location data can be deleted on request.
• Location data is stored in association with your account and is never sold, shared with advertisers, or transferred to third parties beyond the infrastructure providers required to operate the Service.

5. Ambient Mode and Environmental Context

PALION includes an optional Ambient Mode that, when enabled with your explicit consent, allows PALION to listen passively for approved trigger phrases and capture lightweight context signals from your environment. Ambient Mode is off by default and requires your explicit activation.

• No raw audio retention: PALION does not record, store, or transmit raw audio. Microphone access is used solely to detect approved trigger phrases (e.g. “I wonder if”, “I need to”). All non-trigger audio is discarded locally and never transmitted.
• App context signals: if permitted, the name of the active application or window title on a connected device may be transmitted to PALION. No screen content, screenshots, keystrokes, or file data are captured.
• Granular consent: microphone trigger listening, overlay assistance, and adaptive learning are each independently controlled in Account Settings → Ambient Mode and can be revoked individually at any time.
• Visible indicator: when Ambient Mode is active, a visible indicator is displayed in the dashboard. There is no hidden ambient state.
• Adaptive learning: if enabled, ambient context signals may be used to personalise PALION’s responses over time. This data is scoped to your account only and is not used to train shared or third-party models.
• Immediate effect: revoking any Ambient Mode permission stops all new data collection for that signal type immediately.

6. How We Use Your Data

We use information we process for the following purposes:

• Authenticating your identity and maintaining your session.
• Operating the dashboard, local agents, API endpoints, and planning features.
• Processing and managing PALION Nexus subscriptions.
• Providing support, resolving technical issues, and verifying account status.
• Securing the platform against fraud, abuse, and unauthorised access.
• Improving the reliability and relevance of the Service using aggregate or de-identified data.
• Complying with legal obligations where required.

We do not sell your personal data to third parties. We do not use your data to serve you advertising from third-party ad networks.

7. Admin Support Data Access

Authorised administrators may access a restricted support view limited to: your username (email), your PALION nickname, account creation date, plan tier, and subscription status. Passwords, password hashes, payment card details, payer email addresses, and raw payment payloads are never accessible through this view. Administrators cannot view your personal content, memories, or conversation history. All admin access to user data is logged and auditable.

Registration analytics are based on new PALION account creation only. Linking an additional OAuth provider to an existing account is not counted as a new registration.

8. Third-Party Processors

Where features require it, we rely on carefully selected third-party services including OAuth identity providers (e.g. Google, Microsoft, GitHub), AI model providers, cloud infrastructure providers, and payment processors (e.g. PayPal). Each processor receives only the minimum data necessary to deliver the requested function and is subject to its own privacy policy and applicable data protection obligations. We do not transfer your personal data to third-party processors for their own independent use.

9. International Data Transfers

PALION may process data on infrastructure hosted in multiple countries. Where personal data is transferred outside your country of residence, we take steps to ensure an adequate level of protection is in place, including through standard contractual clauses or equivalent safeguards recognised under applicable law.

10. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request erasure of your personal data, subject to any overriding legal obligations.
• Portability: receive your data in a structured, machine-readable format.
• Objection or restriction: object to or request restriction of certain processing activities.
• Withdrawal of consent: withdraw consent for any processing based on consent, without affecting prior lawful processing.

California residents (CCPA / CPRA): you have the right to know what personal information is collected, the right to delete personal information, the right to opt out of sale (we do not sell personal information), and the right not to be discriminated against for exercising these rights. To submit a verifiable request, contact us at the address below.

To exercise any right, contact us at support@palioncore.com. We will respond within the timeframe required by applicable law (typically 30 days, extendable once where permitted).

11. Children’s Privacy

The Service is not directed to children under the age of 13 (or under 16 in the European Economic Area and United Kingdom). We do not knowingly collect personal information from children below these ages. If you believe a child has provided personal information to us without appropriate consent, contact us immediately and we will take steps to delete that information.

12. Retention and Deletion

We retain personal data only for as long as necessary to provide the Service, fulfil the purposes described in this Policy, comply with legal obligations, or resolve disputes. You may request deletion of your account and associated data by contacting support. Upon a verified deletion request, we will delete or anonymise your personal data within a reasonable period, except where retention is required by applicable law.

13. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted communications (HTTPS/TLS), hashed credential storage, access controls, and audit logging of privileged actions. No system is entirely secure; in the event of a data breach that materially affects your rights, we will notify you and relevant authorities as required by applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page and, where required, provide direct notice. Continued use of the Service after any change constitutes acceptance of the updated Policy.

15. Contact and Requests

For privacy questions, data subject requests, or account deletion, contact: support@palioncore.com. Please include the email address associated with your account and, where applicable, the OAuth provider used to sign in.