PanomaraBack to home

Legal

Privacy Policy

Effective date: May 4, 2026  ·  Last updated: May 4, 2026

Panomara (“we”, “our”, or “us”) operates the Panomara platform at panomara.io. This Privacy Policy explains how we collect, use, and protect information about you when you use our service. By using Panomara, you agree to the practices described in this policy.

1. Information We Collect

Account information

When you create a Panomara account, we collect your name, email address, agency name, and a password. This information is used to create and manage your account.

Google API data

Panomara connects to Google services on your behalf to pull marketing performance data into client reports. We request read-only access to the following APIs:

  • Google Analytics (GA4) — session counts, traffic sources, user engagement metrics, and conversion events for connected properties.
  • Google Search Console — organic search impressions, clicks, average position, and top search queries for verified websites.
  • Google Ads — campaign spend, impressions, clicks, and conversion data for linked advertising accounts.

We never request write, edit, or administrative access. We cannot create, modify, or delete any data in your Google accounts.

Usage and log data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used solely for security monitoring and debugging.

Payment information

Payments are processed by Paddle. We never store your full credit card number. Paddle provides us with a transaction reference and billing details (name, email, country) necessary to manage your subscription.

2. How We Use Your Information

We use the information we collect exclusively to provide and improve the Panomara service. Specifically:

  • To authenticate your account and maintain your session.
  • Google API data is used only to generate client reports within your Panomara account. It is never used for advertising, profiling, or any purpose unrelated to producing those reports.
  • To send transactional emails such as password resets or subscription receipts.
  • To detect and prevent fraud, abuse, or security incidents.
  • To improve Panomara’s features and performance through aggregated, anonymized analytics.

Our use of data obtained from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

3. Data Sharing and Third Parties

We do not sell your data. Ever.

We do not sell, rent, trade, or otherwise transfer your personal information or your clients’ marketing data to any third party for commercial purposes.

We share information only in these limited circumstances:

  • Supabase — our database and authentication provider. Data is stored in Supabase-managed PostgreSQL instances with encryption at rest.
  • Paddle — our payment processor. Receives only the billing information necessary to process your subscription.
  • Resend — our transactional email provider. Receives your email address to deliver account emails.
  • Legal requirements — if required by law, court order, or to protect the rights and safety of Panomara or its users.

All sub-processors are contractually required to maintain appropriate data security and to use data only for the purposes for which it was shared.

4. Google API Limited Use Disclosure

Panomara’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Google API data is used only to provide and improve Panomara’s client reporting features — the stated purpose for which you granted access.
  • We do not use Google API data to develop, improve, or train generalized AI or machine learning models.
  • We do not allow humans to read your Google API data unless you have explicitly requested support that requires it, or we are required to do so for security or legal reasons.
  • We do not transfer Google API data to third parties except as necessary to provide the service (sub-processors listed above), and never for advertising purposes.

5. Revoking Google Access

You can revoke Panomara’s access to your Google accounts at any time without affecting your Panomara account:

  1. 1. Go to your Google Account permissions page.
  2. 2. Find “Panomara” in the list of connected apps.
  3. 3. Click Remove access.

After revoking access, any connected integrations in Panomara will stop syncing data. Existing report data already pulled will remain in your account unless you choose to delete it. You can also disconnect individual integrations from within the Panomara dashboard under each client’s Integrations tab.

6. Data Retention

We retain your account data for as long as your account is active. If you cancel your account, we will delete your personal information and associated report data within 30 days, except where we are legally required to retain it longer (e.g., billing records for tax purposes, which are retained for 7 years).

Google API data cached for reports is retained only as long as your account is active. You may request early deletion at any time by contacting us.

7. Security

We protect your data using industry-standard security practices:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Data at rest is encrypted in our Supabase-managed database.
  • OAuth tokens are stored encrypted and never exposed in logs or error messages.
  • Row-level security (RLS) policies ensure strict data isolation — agency A can never access agency B’s data.
  • Portal passwords are stored using secure one-way hashing.

No system is 100% secure. If you discover a security vulnerability, please contact us immediately at security@panomara.io.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — request that we delete your account and associated data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to certain types of processing, including marketing communications.

To exercise any of these rights, email us at hello@panomara.io. We will respond within 30 days.

9. Cookies

Panomara uses a minimal number of cookies:

  • Authentication cookies — required to maintain your logged-in session. These are httpOnly, secure, and expire when your session ends or after 7 days of inactivity.
  • Portal session cookies — short-lived cookies set when a client logs into their portal.

We do not use advertising cookies, tracking pixels, or third-party analytics scripts on dashboard pages. The public marketing site (panomara.io) may use privacy-respecting analytics.

10. Children's Privacy

Panomara is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice in the Panomara dashboard at least 14 days before the changes take effect. Continued use of Panomara after the effective date constitutes acceptance of the updated policy.

We encourage you to review this page periodically. The “Last updated” date at the top reflects the most recent revision.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Panomara

panomara.io

hello@panomara.io

We aim to respond to all privacy-related inquiries within 5 business days.