Privacy Policy

Panora Health AI ("Company," "we," "us," or "our") operates Panora Health AI (the "Service"). This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you use the Service.

Your health data is deeply personal. We designed this policy to be transparent about exactly what happens with your information. If anything is unclear, please contact us at admin@panorahealth.ai.

1. Information We Collect

a. Health Data You Provide

• Blood work results (lab values, panel types, dates)
• Nutrition logs (meals, macronutrients, caloric intake) including voice-logged and photo-logged meals
• Supplement information (products, dosages, timing) and the user's current medication list
• Workout data (exercises, sets, reps, duration) including Pilates and running sessions
• Wearable data from WHOOP, Oura Ring, Apple HealthKit, Fitbit, Garmin, Polar, Withings, and Suunto — including HRV, recovery scores, strain, sleep architecture, body battery, training load, and similar physiological metrics depending on the device
• Menstrual cycle data and symptom logs (when applicable)
• Daily check-in responses (self-reported wellness data) and free-form chat transcripts you provide during the daily check-in or onboarding intake. These transcripts are user-generated text content that may contain a mix of structured health data and free-form narrative; they are stored alongside your account and used to generate AI wellness insights and to improve our prompts at the aggregate level (see Sections 2 and 12).

b. Account Information

• Email address
• Name (if provided — the display name you choose during onboarding, which may be your first name or a nickname)
• Account credentials (passwords are hashed, never stored in plain text)
• Subscription plan tier (Free / Plus / Pro / Family), retained for feature gating, billing reconciliation, and customer support. Payment card details are entered in Stripe Checkout outside the app and are never visible to Panora — see Section 4 for details.
• Demographic information you optionally provide during onboarding (age, biological sex, height, weight, and ethnicity). Ethnicity is optional and is treated as sensitive personal information under the California Consumer Privacy Act, the Washington My Health My Data Act, and similar state laws. We use this data to (a) personalize your wellness analyses (for example, applying ethnicity-aware reference ranges where peer-reviewed research supports them), and (b) review aggregated, de-identified demographic patterns to ensure our AI performs equitably across our user base. We do not share ethnicity data with third-party advertisers, data brokers, or anyone outside Panora. You may delete this field at any time from Settings → Profile.
• Profile preferences and settings

c. Usage Data

• Pages visited and features used within the Service (product interaction events, including app launches, taps, and which features you open). On the web, these events are collected via PostHog (see Section 4). On the native iOS app, first-party interaction signals may be collected via Apple's standard frameworks; we use these to understand feature usage at the aggregate level.
• Device type, browser type, and operating system
• Diagnostic and performance signals (app launch time, hang rate, crashes, error reports, and similar performance metrics) collected via Apple's standard diagnostic frameworks and via Sentry (see Section 4). These signals help us find and fix bugs and improve app responsiveness.
• IP address (used for security and approximate geolocation for state-specific compliance)
• ZIP / postal code, only when you choose to use the doctor referral feature (used to surface geographically nearby providers; not retained beyond the referral session unless you save a doctor to your profile)
• Photos you take or upload (meal photos, supplement labels, blood-work document scans). Photos are processed for AI analysis and may be retained alongside the related health log entry.
• Date and time of access

d. Information Processed but Not Persisted

• Genetic data: If you upload a 23andMe or AncestryDNA export, Panora processes the data on-device to generate wellness insights. The raw export is not persisted to our servers; only derived, anonymized wellness flags are stored. You can disable this feature in Settings.

e. Information We Do Not Collect

• Biometric identifiers (fingerprints, facial geometry)
• Insurance information
• Social Security numbers
• Payment information from minors (the Service is for users 18 and older)

2. How We Use Your Information

• To provide AI-generated wellness insights based on your health data
• To display trends, patterns, and educational information about your health data
• To detect patterns that may warrant a recommendation to consult your healthcare provider
• To detect potential mental health crisis language and redirect to appropriate crisis resources (988 Suicide & Crisis Lifeline)
• To prepare wellness summaries for sharing with healthcare providers (only with your explicit consent)
• To improve the accuracy and quality of our AI wellness insights
• To communicate with you about your account and the Service
• To comply with legal obligations

3. How We Store and Protect Your Information

We take the security of your health data seriously and employ HIPAA-grade safeguards to protect it:

• Encryption at rest: All health data is encrypted using AES-256 encryption in our database (Supabase)
• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2+
• Access controls: Row-level security ensures you can only access your own data. No other user can see your information.
• Employee access: No Panora Health AI employee can view your individual health data without a formal access request logged in our audit trail
• Audit logging: All access to health data is logged, including who accessed it, when, and why
• Infrastructure: Our database is hosted on Supabase with SOC 2 certified cloud infrastructure

4. Third-Party Services

We use the following third-party services to operate the Service. Each has access only to the data necessary to perform its function:

5. Data Sharing with Healthcare Providers

You may choose to share a wellness summary with a healthcare provider through our doctor referral feature. This sharing is entirely optional and works as follows:

• Explicit consent required: Data is never shared unless you specifically choose to share it. Each sharing event requires separate, per-instance consent.
• You choose what to share: You select exactly which categories of data to include (blood work, nutrition, supplements, workouts, WHOOP data).
• Raw data only: Shared summaries contain your raw health data and trends. AI-generated interpretations, wellness insights, and internal detection flags are never shared with doctors.
• Revocable at any time:You can revoke a doctor's access at any time. Revoking access permanently deletes the shared summary from our servers.
• No browsing or requesting: Doctors cannot browse, search, or request access to your data. All sharing is initiated by you.

6. Your Rights

You have the following rights regarding your personal information:

• Right to access: You can download all your health data in a portable format at any time
• Right to delete: You can request permanent deletion of all your data. We will delete your data from active systems and purge backups within 90 days.
• Right to correct: You can request corrections to any inaccurate health data
• Right to portability: You can export your data in a machine-readable format
• Right to opt-out: You can opt out of non-essential data processing
• Right to know: You can request a detailed accounting of what data we hold, how it has been used, and who it has been shared with
• Right to withdraw consent: You can withdraw consent for data collection at any time by discontinuing use of the Service

To exercise any of these rights, contact us at admin@panorahealth.ai or use the controls available in your account settings. We will respond to your request within 30 days.

7. "Do Not Sell or Share My Personal Information"

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

We have never sold personal information, and we have no plans to do so. Your health data is used solely to provide you with the Service.

If you are a California resident and wish to exercise your right to opt out of the sale or sharing of personal information, you may submit a request at admin@panorahealth.ai. We will honor the Global Privacy Control (GPC) signal as a valid opt-out request.

8. Children's Privacy

Panora Health AI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will promptly delete that information. If you believe a child under 18 has provided us with personal information, please contact us at admin@panorahealth.ai.

9. Data Retention

We retain your data for the following periods:

10. California Residents — CCPA/CPRA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request the specific categories and pieces of personal information we have collected about you, the sources from which it was collected, the business purposes for collection, and the categories of third parties with whom it has been shared.
• Right to delete: You may request deletion of your personal information.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out: You may opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
• Right to limit: You may limit the use and disclosure of sensitive personal information. Your health data is classified as sensitive personal information under CPRA.

Categories of personal information collected: Identifiers (email, display name, account user ID), commercial information (subscription plan tier; payment card details are never collected by Panora — handled directly by Stripe), health data (blood work, nutrition, supplements, workouts, WHOOP / Oura / Apple Health / Fitbit / Garmin / Polar / Withings / Suunto data, menstrual cycle, daily check-ins, medications), sensitive personal information (ethnicity, optional, used for personalized reference ranges and aggregated AI fairness review), photos (meal images, supplement labels, blood-work document scans, when you choose to upload them), internet activity (usage data, device type, browser type, OS version, crash and error logs), and geolocation data (approximate, from IP address; ZIP / postal code only when you use the doctor referral feature).

To submit a request, email admin@panorahealth.ai with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

11. Washington Residents — My Health My Data Act Rights

If you are a Washington State resident, you have additional rights under the My Health My Data Act (MHMDA):

• Consent before collection: We will obtain your consent before collecting consumer health data, separately from our general terms of service.
• Right to delete: You may request deletion of your consumer health data. We will comply within 30 days.
• Right to withdraw consent: You may withdraw consent for the collection and use of your health data at any time.
• Separate health data privacy policy: This Privacy Policy serves as our consumer health data privacy policy as required by the MHMDA.

To submit a request, email admin@panorahealth.ai with the subject line "MHMDA Request."

12. Cookies and Tracking Technologies

We use essential cookies to maintain your session and authenticate your account. We do not use third-party advertising cookies or cross-site tracking technologies.

We do not include health data in client-side product analytics events. Web-app product analytics, when collected via PostHog, are limited to aggregate, non-identifiable interaction metrics about which features are used. On the native iOS app, aggregate product interaction and performance signals (app launches, taps, launch time, hang rate, errors) are collected via Apple's standard frameworks and via Sentry to help us understand feature usage at the aggregate level and to diagnose bugs. None of these signals contain PHI, and we do not use them for cross-app tracking or third-party advertising.

Separately, we may analyze aggregated, de-identified health data internally to improve the accuracy and quality of our AI wellness insights — for example, looking at population- level distributions of common patterns to refine prompts or identify failure modes. This kind of analysis is performed on aggregated data only and never identifies any individual user. We do not transmit this aggregated data to third parties for advertising, marketing, or cross-app tracking.

Crash and error logs are transmitted to Sentry from both the iOS and web apps so we can find and fix bugs. The Sentry client is configured with sendDefaultPii = false; device identifiers, IP addresses, and user contexts are not included by default, and every event passes through a PHI-stripping callback before leaving the device. See Section 4 for full Sentry details.

13. Contact for Privacy Requests

For any privacy-related questions, requests, or concerns, contact us at:

14. App Store Privacy Nutrition Labels Summary

This section summarizes the data types we have disclosed to Apple via App Store Connect's Privacy Nutrition Labels. Each row corresponds to a category Apple displays on the App Store listing for Panora Health AI. None of the data listed below is used for cross-app tracking; we do not use any third-party advertising, do not share data with data brokers, and do not sell personal information (see Section 7).

Data Linked to You:

• Email Address— App Functionality (account creation, login, password recovery; support correspondence is handled via email and is bundled under this purpose by Apple's taxonomy).
• Name — App Functionality (display name used to greet you in the app and to populate shared summary headers).
• Health — App Functionality, Product Personalization, Analytics (the core product purpose; aggregated, de-identified analysis is used internally to improve AI accuracy).
• Fitness — App Functionality, Product Personalization, Analytics (workouts, wearable data, and similar fitness signals; same scope as Health).
• Coarse Location — App Functionality (ZIP / postal code only, used for the doctor referral feature).
• Sensitive Info (racial / ethnic data) — App Functionality, Product Personalization, Analytics (optional ethnicity field used for ethnicity-aware reference ranges where peer-reviewed research supports them, and for de-identified demographic AI-fairness review; see Section 1b).
• Photos or Videos — App Functionality (meal photos, supplement labels, blood-work document scans, when you choose to upload them).
• Other User Content — App Functionality, Product Personalization, Analytics (free-form text from the daily check-in chat and onboarding intake; see Section 1a).
• User ID — App Functionality, Analytics (Supabase auth identifier, used for row-level security and aggregate cohort metrics).
• Purchase History — App Functionality, Analytics (subscription tier — Free / Plus / Pro / Family — used for feature gating, billing reconciliation, and aggregate paid-vs-free analytics; payment cards are never seen by Panora and are handled by Stripe — see Section 4).
• Product Interaction— App Functionality, Analytics (aggregate page-view and feature-usage events; on the web via PostHog, on iOS via Apple's standard frameworks — see Sections 1c and 4).

Data Not Linked to You:

• Crash Data — App Functionality, Analytics (Sentry, configured with sendDefaultPii = false and a PHI-stripping callback — see Section 4).
• Performance Data — App Functionality, Analytics (aggregate launch time, hang rate, error rates; see Sections 1c and 4).

If you believe any of the disclosures on the App Store do not match this Policy, please contact us at admin@panorahealth.ai with the subject line "App Store Disclosure Question."

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you through the Service or by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.