penster
← Back to Home

Privacy Policy

Last updated: May 6, 2026

About Penster

Penster is a healthcare technology platform developed and managed by PENSTER TECHNOLOGIES PRIVATE LIMITED. We provide AI-powered marketing automation for healthcare practices via penster.ai and the Penster App registered with Meta, including Facebook Page management, Instagram Business content publishing, and Marketing API access. For Meta review identification, the Penster Meta Developer App ID is 896072779937643. This Privacy Policy applies to all data processed by Penster across these surfaces. PENSTER TECHNOLOGIES PRIVATE LIMITED is the data controller for users accessing services in India.

Data Controller contact: [email protected] · General contact: [email protected]

Penster ("we," "us," or "our") operates the website penster.ai and the Penster marketing automation platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you interact with us, including:

  • Account information: name, email address, phone number, practice name, and specialty when you sign up or book a demo or request access.
  • Communication data: messages, feedback, and support requests you send us via email or contact forms.
  • Content you upload: photos, images, text, and other user-generated materials you provide for marketing content creation through our platform, including materials involving patients, practitioners, staff, clinic visitors, or third parties where you choose to provide them.
  • Billing information: payment details processed through our third-party payment processor. We do not store full credit card numbers on our servers.

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information through cookies and similar technologies:

  • Usage data: pages visited, time spent on pages, click patterns, scroll depth, and navigation paths.
  • Device information: browser type, operating system, screen resolution, and device identifiers.
  • Location data: approximate geographic location based on IP address.
  • Referral data: the website or source that referred you to our Service.

1.3 Information from Third Parties

We may receive information from third-party services you connect to our platform, such as social media accounts (Instagram, Facebook, LinkedIn), advertising platforms (Meta Ads, Google Ads), and Google Business Profile (formerly Google My Business) listings that you authorize or select for use with our Service.

1.4 Connected Social Media Accounts and Platform Integrations

If you choose to connect third-party platforms to Penster, we may collect and store the information reasonably necessary to authenticate the connection, display the connected account in your workspace, publish approved content, and report on the performance of that content.

  • Connected account details: account, page, or profile identifiers, usernames or handles, profile names, profile images, Google Business Profile listing details, and related business account metadata made available by the platform.
  • Authentication and authorization data: access tokens, permission scopes, and related connection metadata required to maintain your authorized integrations.
  • Content and publishing data: drafts, captions, images, videos, scheduled posts, publication status, and related delivery or moderation information returned by the connected platform.
  • Performance and reporting data: account-level insights, post-level metrics, ad account data, and attribution or campaign information that you authorize us to access.
  • Brand and listing data: business name, category, address, phone number, website, public listing content, photos, reviews or rating summaries where available, and other details used to prepare brand information for your review and approval.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service.
  • Authenticate and maintain your connected social media, publishing, and advertising integrations.
  • Generate marketing content (social media posts, website pages, ad campaigns) on your behalf, subject to your approval before publication.
  • Display connected account information in your dashboard, schedule or publish approved content, and generate reporting related to connected platform activity.
  • Extract, prepare, and present brand details from user-selected business listings for your review and approval before content or creatives are generated from that information.
  • Process transactions and send related billing information.
  • Send you updates, marketing communications, and support responses. You can opt out of marketing emails at any time.
  • Analyze usage patterns to improve our platform, features, and user experience.
  • Detect, prevent, and address technical issues and security threats.
  • Comply with legal obligations and enforce our Terms of Service.

3. Analytics and Tracking Technologies

We use the following third-party analytics and tracking services on our website:

3.1 Google Analytics 4

We use Google Analytics 4 to understand website traffic and user behavior. Google Analytics collects data such as pages visited, session duration, and demographic information. This data is processed by Google in accordance with Google's Privacy Policy. You can opt out using the Google Analytics Opt-out Browser Add-on.

3.2 Meta Pixel and Conversions API (CAPI)

We use Meta Pixel and Meta's Conversions API (CAPI) after you accept analytics and advertising cookies to measure the effectiveness of our advertising and understand user actions on our website (such as page views, button clicks, and demo booking actions). Meta Pixel sends limited browser event data to Meta, and CAPI forwards matching event data through our servers for attribution and deduplication. You can manage your ad preferences in your Facebook Ad Settings.

3.3 PostHog

We use PostHog for product analytics, including page views, feature usage, and session analysis. PostHog processes data in accordance with its privacy policy. We use the "identified_only" person profile mode, meaning anonymous visitors are tracked without personal identification unless they voluntarily identify themselves.

3.4 Demo Requests and Email Verification

When you book a demo or request access, we may collect your name and email address and may send a one-time verification code (OTP) to confirm the address. We retain request records to manage onboarding availability and follow-up.

4. Cookies and Local Storage

We use the following cookies and browser storage:

  • Essential cookies: required for the website to function, including theme preferences stored in your browser's local storage.
  • Analytics cookies: used by Google Analytics, and PostHog to collect usage data as described above.
  • Advertising cookies: used to support Meta Pixel and CAPI event attribution (such as first-party _fbp and _fbc cookies).

You can control cookies through your browser settings. Disabling certain cookies may limit your experience on our website.

5. Patient Data and HIPAA

Penster is a marketing automation platform and does not require, collect, or store Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). Our Service is designed to function without access to patient records or medical data.

If you choose to upload patient photos (such as before-and-after images), testimonials, practitioner or staff images, clinic visitor images, or other user-generated content for marketing purposes, you are responsible for obtaining proper consent, releases, licenses, and permissions in accordance with HIPAA, applicable state laws, advertising rules, and professional standards before uploading or using such content through our platform. We recommend consulting with your compliance team or legal counsel regarding consent requirements.

6. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service providers: third-party vendors who assist us in operating the Service (hosting, payment processing, analytics, email delivery).
  • Social media and ad platforms: when you authorize us to publish content or run campaigns on your behalf, we share necessary data with the relevant platforms (Meta, Google, LinkedIn).
  • Legal compliance: when required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6.1 Government Requests and Legal Compliance

We may disclose information when required by applicable law, regulation, legal process, or an enforceable governmental request. Before responding to such requests, we review them for legal validity and scope and, where permitted, may challenge requests that we believe are unlawful, overly broad, or inconsistent with applicable privacy protections.

When disclosure is required, our practice is to limit the information shared to the minimum reasonably necessary to comply with the request. We also maintain internal records of legal requests and our responses for accountability, security, and compliance purposes.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. If you cancel your account, we will retain your data for a reasonable period to fulfill legal obligations, resolve disputes, and enforce our agreements. Marketing content created through our platform remains yours, and you may export it at any time.

For connected third-party platform accounts, we retain account connection metadata and access credentials only while the integration remains active or as needed for security, troubleshooting, audit logging, and legal compliance. If you disconnect an account or revoke access, we will stop collecting new data from that integration and delete, deauthorize, or rotate stored credentials within a reasonable period, subject to legal obligations and routine backup retention.

8. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS/SSL), encrypted storage, access controls, and regular security audits. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

Access credentials and connected account data are protected using reasonable technical and organizational safeguards designed to limit unauthorized access, use, or disclosure.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction or deletion of your personal information.
  • Object to or restrict the processing of your data.
  • Request portability of your data in a structured, commonly used format.
  • Withdraw consent where processing is based on consent.
  • Opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

To exercise any of these rights, contact us at [email protected].

9a. Data Deletion

You can request deletion of all personal data Penster holds about you at any time. We will action verified deletion requests within 30 days, retaining only data we are legally required to keep (e.g. tax records).

  • Email request: send "Delete my data" from your registered address to [email protected]. Include any account or workspace identifiers if known.
  • Connected Meta accounts: if you connected a Facebook Page, Instagram Business account, or Meta Ad Account to Penster, you can revoke Penster's access at any time via Facebook Settings → Business Integrations. On revocation, Penster ceases all data collection from that integration and deletes stored authentication credentials and cached platform data within 30 days.
  • Account closure: if you close your Penster account, we will delete your account data within 90 days, subject to legal retention obligations.

Confirmation of deletion is sent to your registered email address once complete. For Meta-specific data deletion requests under Platform Terms 4.b, this URL serves as the documented mechanism: https://penster.ai/privacy#data-deletion.

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

11. International Data Transfers

Penster primarily operates from India. Your information may be processed in India and, where required to provide hosting, analytics, communications, security, payment, or infrastructure services, by trusted service providers in other jurisdictions. We use reasonable contractual, technical, and organizational measures designed to safeguard cross-border transfers where they occur.

12. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

PENSTER TECHNOLOGIES PRIVATE LIMITED
Hyderabad, Telangana, India
Privacy & data requests: [email protected]
General contact: [email protected]