Privacy Policy

What we collect. What we do not. How to get it deleted.

Last updated 2026-04-23 · Version 1.0

What we collect

Panya collects: email address (if you opt in), quiz responses, approximate geographic region (from IP, not precise location), and interaction events (pages visited, clicks on vendor links). We do not collect: real name, precise location, payment details, or medical records.

What we do with it

We use your data to:

  • Recommend vendors and compounds that match your goal and region
  • Send you a follow-up email with your result (if you opted in)
  • Improve the product by studying anonymized patterns
  • Route outreach to vendors for affiliate relationships (never includes your personal data)

We do not sell your data. We do not share your email with vendors. If a vendor partnership ever requires sharing, we ask you first.

Data retention

Quiz submissions and email addresses are retained until you request deletion. IP addresses are used for region detection at submission time and discarded after 24 hours. Analytics events (page views, clicks) are retained in aggregate for up to 12 months, then rolled up to monthly summaries.

Data deletion

Email hello@panya.health and we will delete your data within 7 days. No forms, no hoops.

Cookies we set

Three first-party functional cookies. No third-party tracking cookies. No analytics cookies (see "Analytics" below for why).

  • panya_ref · 90 days · httpOnly · sameSite=lax
    Referral attribution. Set when you arrive via a /r/<code> link or visit a journey page. Lets us credit the right person if you later complete a quiz.
  • panya_voter_id · 1 year · httpOnly · sameSite=lax
    Vote dedup on journey entries. Only set if you actually vote. Random UUID, not tied to any account.
  • panya_journey_session · 30 days · httpOnly · sameSite=lax
    Authentication for journey owners. Only set after you sign in to your own journal page via magic link.

Analytics

Panya uses PostHog for aggregate event measurement (quiz completions, vendor clicks, page navigations). We run it cookieless: no cookie is set, no cross-session identifier is persisted, no autocapture, no session recording. Events stay in browser memory only. Reverse-proxied through /ingest on our own domain so ad blockers do not drop the request and so your browser never talks directly to a third-party analytics host. Data flows to PostHog Cloud (US region).

Other third-party services

Data flows to each are limited to what is strictly necessary for the service:

  • Railway (US). Hosting and database.
  • Postmark (US). Transactional email delivery.
  • Cloudflare (US). CDN and DDoS protection.
  • Cloudinary (US). Image hosting for journey photos. Only set when a journey owner uploads a photo.
  • Notion (US). Internal vendor database. Your data never flows here.

Your rights under GDPR / PDPA / CCPA

If you are in the EU, UK, Thailand, or California, you have rights to access, correct, export, and delete your personal data. Email hello@panya.health with any request and we respond within 30 days (typically within 24 hours).

Contact

Privacy questions: hello@panya.health.