What we collect. What we do not. How to get it deleted.

What we collect

Panya collects: email address (if you opt in), quiz responses, approximate geographic region (from IP, not precise location), and interaction events (pages visited, clicks on vendor links). We do not collect: real name, precise location, payment details, or medical records.

What we do with it

We use your data to:

• Recommend vendors and compounds that match your goal and region
• Send you a follow-up email with your result (if you opted in)
• Improve the product by studying anonymized patterns
• Route outreach to vendors for affiliate relationships (never includes your personal data)

We do not sell your data. We do not share your email with vendors. If a vendor partnership ever requires sharing, we ask you first.

Data retention

Quiz submissions and email addresses are retained until you request deletion. IP addresses are used for region detection at submission time and discarded after 24 hours. Analytics events (page views, clicks) are retained in aggregate for up to 12 months, then rolled up to monthly summaries.

Data deletion

Email hello@panya.health and we will delete your data within 7 days. No forms, no hoops.

Third-party services

Panya uses the following third-party services. Data flows to each are limited to what is strictly necessary for the service:

• Railway (US) — hosting + database
• Postmark (US) — transactional email delivery
• Cloudflare (US) — CDN and DDoS protection
• Vercel Analytics — page view and conversion events (privacy-preserving, no cross-site tracking)
• Notion (US) — internal vendor database (your data never flows here)

Your rights under GDPR / PDPA / CCPA

If you are in the EU, UK, Thailand, or California, you have rights to access, correct, export, and delete your personal data. Email hello@panya.health with any request and we respond within 30 days (typically within 24 hours).

Contact

Privacy questions: hello@panya.health.