Penlago

Privacy Policy

Effective April 18, 2026

Summary

  • We store what you type in. Age, weight, height, blood pressure, glucose. And if you join the waitlist, your first name, email, and preferred messaging platform.
  • We don't sell your data. Ever. Not to advertisers, data brokers, insurers, or anyone else.
  • You can delete everything we have on you. Email [email protected] and we'll wipe it within 30 days.

What we collect

When you use the MetaAge calculator, we store:

  • Your age, weight, height, systolic and diastolic blood pressure, and fasting glucose — both in the units you entered and in canonical units used for calculation.
  • The computed MetaAge and BMI values.
  • The date and time of submission.

If you join the waitlist, we additionally store:

  • Your first name.
  • Your email address.
  • Your preferred messaging platform (iMessage, WhatsApp, or Telegram).
  • A reference to the MetaAge result that prompted your signup.

We do not collect your real name, address, phone number, government ID, payment information, IP-based location, or any browser fingerprint beyond standard server logs.

How we use it

  • To calculate your MetaAge score and render your shareable graphic.
  • To contact you when our product Mika becomes available, if you joined the waitlist.
  • To improve how the scoring algorithm works in aggregate, using anonymous statistics.
  • To comply with legal obligations if we ever receive a valid request.

We do not use your data for targeted advertising, behavioral profiling, or any purpose beyond those listed here.

Who sees it

Your data is stored in a managed PostgreSQL database operated by our hosting provider. The only people with access are Penlago's technical operators.

We do not share your biometric values with:

  • Advertisers or ad networks.
  • Data brokers.
  • Health insurance companies.
  • Employers.
  • Any third party that has not been contracted to operate the service on our behalf.

When we do contract with a service provider (email delivery, messaging platforms, analytics), we require them to handle your data only on our instructions and to delete it when we ask.

Shared results URLs

When you submit the calculator, we generate a short random identifier for your result (the "zid") and use it in the URL of your results page — for example, /results/abcdefghij. This identifier is not predictable. If you share the URL, anyone with the link can view the result.

The zid is not linked to your identity unless you subsequently join the waitlist from that page. If you never join the waitlist, the result is anonymous.

Cookies

We use a single functional cookie to maintain your browser session and protect forms against cross-site request forgery. We do not use analytics, tracking, or advertising cookies on any page.

How long we keep it

  • MetaAge results are kept indefinitely while the service is operating. We will anonymize or delete them if you ask.
  • Waitlist signups are kept until you ask us to delete them, or until we send a final notice that we're no longer operating.
  • Server logs (request metadata, error reports) are kept for up to 30 days.

Your rights

Regardless of where you live, you can ask us to:

  • Show you the data we hold on you.
  • Correct it, if it's wrong.
  • Delete it entirely.
  • Export it in a portable format.
  • Stop contacting you.

Send any request to [email protected]. We'll respond within 30 days. For Thai residents under the Personal Data Protection Act (PDPA), EU/UK residents under GDPR, and California residents under CCPA, these rights are statutory and we honor them without requiring proof of residency.

Where your data lives

Penlago is operated from the Kingdom of Thailand. By using the Service, you consent to your data being transferred to, and processed in, Thailand and any country where our hosting provider operates servers. Data-protection laws in these jurisdictions may differ from those in your country of residence.

Children

Penlago is only for adults aged 18 and older. We do not knowingly collect data from anyone under 18. If you believe we've received data from a minor, contact [email protected] and we will delete it.

Security

We use industry-standard measures — TLS in transit, access controls at rest, encrypted backups — to protect your data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we ever become aware of a breach that affects your data, we will notify you by email without undue delay.

Changes to this policy

We may update this Privacy Policy as the product evolves. If we make a material change (for example, starting to use analytics, or adding a new recipient of your data), we will update the "Effective" date at the top and, if you're on the waitlist, email you before the change takes effect.

Contact

Questions, data requests, or a heads-up about something we've missed? Email [email protected].