Introduction
PanOph ("we", "our", or "us") operates the PanOph mobile application and the website at panoph.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
By creating an account or using the Service, you consent to the collection, use, and processing of your information as described in this Privacy Policy, in accordance with the Digital Personal Data Protection Act, 2023. If you do not agree with this policy, please do not use the Service.
Information We Collect
Account Information
When you sign in with Google, we receive your name, email address, profile picture, and account identifiers necessary for authentication from your Google account. We use your name and email to create and manage your PanOph account. Your profile picture is only displayed back to you (e.g. in the navigation bar) and is not used for any other purpose.
Usage Data
We collect information about how you use the Service, including scenarios attempted, scores, progress through learning modules, and feature interactions. This data is used to track your learning progress and improve the Service.
Device & Analytics Data
We use Firebase Analytics to collect usage statistics such as app opens, screen views, search queries, content interactions, scores, and feature engagement. Analytics events are linked to your user account to help us understand per-user engagement and improve the Service. Firebase Analytics may also automatically collect device information such as device model, operating system version, and app version. We do not use advertising identifiers for ad targeting and we do not track you across other apps or websites. We do not serve ads in the Service.
User-Submitted Content
If you voluntarily submit feedback, error reports, topic requests, or testimonials through the Service, we store that content along with your name and email address. Testimonials may be displayed within the Service with your name.
Referral Data
If you arrive at PanOph via a referral link, we store a referral cookie on your device to attribute the referral. When you create an account, this referral code is permanently associated with your account. The cookie is used solely for referral attribution and expires after 90 days.
Local Storage
We store your learning progress locally on your device using browser local storage and IndexedDB (web) and Hive (mobile) for offline access and faster load times. Firebase Authentication also uses IndexedDB to maintain your sign-in session. This data stays on your device unless you sign in, at which point your progress is synced to our servers.
How We Use Your Information
- To provide and maintain the Service
- To save and sync your learning progress across devices
- To manage your account and subscription status
- To analyze usage patterns and improve the Service
- To attribute referrals to content creators
- To communicate important updates about the Service
Data Sharing
We do not sell, trade, or rent your personal information to any third party. We do not share your personal data with third parties for their own marketing or advertising purposes.
Your data is shared only with the following service providers, solely for the purpose of operating the Service:
- Google Firebase — authentication and analytics
- Cloudflare — application backend, database, object storage, and content delivery
- Google Sign-In — account authentication
- Vercel — website hosting and content delivery (may process server access logs including IP addresses for security and performance purposes)
These service providers process data on our behalf and are bound by their own privacy policies and data processing agreements.
Data Storage & Security
Your app data (learning progress, scores, favourites, and subscription status) is stored securely through our application backend using managed cloud database and storage infrastructure. All data transmission is encrypted using TLS, and stored data is encrypted at rest by our infrastructure providers.
Your authentication data (name, email, profile picture, and sign-in metadata) is processed by Google Firebase Authentication, which is a global service operated by Google with servers that may be located outside India. This is limited to the information required to verify your identity and maintain your sign-in session. Analytics data is processed by Google Firebase Analytics, which may also use servers outside India. Our hosting and backend providers may also process requests through global edge infrastructure, which means server logs including IP addresses may be processed outside India.
Data Retention
We retain your account and progress data for as long as your account is active. If you request deletion of your account, we will delete your personal data from our application database within 30 days of receiving your request. We will also reset your user identifier in our analytics systems so that future data is no longer linked to your identity. Analytics data that has been aggregated or anonymised and cannot reasonably be used to identify you may be retained.
Account Deletion
You can request deletion of your account and all associated personal data at any time by emailing us at support@panoph.com with the subject line "Account Deletion Request".
Upon receiving your request, we will delete your personal data from our database within 30 days. Data stored locally on your device can be removed by uninstalling the app or clearing the app's data.
Your Rights
Under the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000, you have the right to:
- Access and request a copy of the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion of your data and account
- Withdraw consent for data processing
- Nominate another person to exercise these rights on your behalf
- Lodge a complaint with the Data Protection Board of India
You may withdraw consent by requesting deletion of your account. Withdrawal of consent will result in deletion of your account and personal data, and you will no longer be able to use the Service. To exercise any of these rights, contact us at the email address below or reach out to our Grievance Officer.
Age Restriction
The Service is intended for medical professionals and students and is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected personal data from a person under 18 without appropriate consent, we will delete that data promptly.
Data Breach Notification
In the event of a personal data breach that is likely to cause harm, we will notify the Data Protection Board of India and affected users as required under the Digital Personal Data Protection Act, 2023.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.
Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in New Delhi, India.
Grievance Officer
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the Grievance Officer for the purpose of this Privacy Policy is:
Garvit Galgat
Co-founder, PanOph
Email: support@panoph.com
We will acknowledge your complaint promptly and aim to resolve it within 30 days of receipt.
Contact Us
If you have any questions about this Privacy Policy, please contact us at: