PatientSpotlight, by PanaceaIntelPatientSpotlight

Resources

Privacy

What we collect, what we don't, and how to reach us about anything data-related. The short version: we do not track readers.

The short version

PatientSpotlight runs no tracking cookies, no third-party advertising, no remarketing pixels, and no fingerprinting. Reading content on this site does not add you to any list, register your visit with any marketing or identity platform, or place any persistent identifier on your device. We do collect anonymous, aggregate audience signal - described below - using a cookieless tool from our hosting platform.

What the site sets

PatientSpotlight itself does not set cookies. No login, no session, no consent banners, no preference tokens, no remarketing pixels.

Aggregate audience measurement

We use Vercel Web Analytics, a first-party measurement tool provided by our hosting platform. It is cookieless and stores no identifier on your device. It generates a per-request hash from coarse inputs (such as the request and the day) so that repeated visits within a short window can be deduplicated, and that hash is rotated regularly and never associated with you across sessions.

What this gives us, in aggregate: which pages were viewed, the referring source (e.g., Google, an RSS reader, a direct link), country, and a coarse device class (mobile or desktop). What it does not give us: your IP address (it is hashed, not stored), your name, your email, a profile of your reading history across visits, or a way to reach you.

This tool requires no consent banner under GDPR and PECR because it stores no identifier on your device and does not collect personal data. If we ever switch to anything that does store an identifier, we will turn it off until consent mechanics are in place and disclose the change here first.

Alongside pageviews, we record a small set of custom events via the same tool - also cookieless, also first-party, attached to the same anonymous session as the pageviews: which key sources readers click through to from articles, which terms readers search for via the on-site search, newsletter signup attempts (the result, not the email), clicks on RSS feed links, and a milestone event when a reader has been on a page for ninety seconds. These are editorial signals - they help us understand which sources are load-bearing for readers, which topics readers are looking for that we have not covered, and which pieces actually get read versus bounced. None of these events carry personal information; search-query strings are forwarded as typed but truncated and not linked to any visitor identity.

What the hosting platform sees

The site is served by Vercel, our hosting platform. Vercel receives standard HTTP request information when pages are requested - the request URL, the visitor's IP address, the user-agent string, timestamps, and the response size and status. This is used for routing, performance, security, and abuse prevention, which are the standard purposes of hosting-level request logs. It is not used to profile readers.

Vercel's own privacy disclosures describe its practices as an infrastructure provider. Those disclosures apply in addition to this page for anything at the hosting-platform layer.

Search engines and aggregators

Search engines (Google, Bing, and others) and content aggregators may index the site and display its content in their own results pages. Those are not actions by PatientSpotlight; they are standard behaviour of the public web. If a piece of PatientSpotlight content appears in a search result or an AI assistant's answer, that is because the content is public and has been crawled, not because any reader data has been shared.

RSS feed

The RSS feed at /feed.xml is a plain, static endpoint. Subscribing to the feed in a reader or aggregator is anonymous to us - we see only that the feed URL is being requested, at the hosting-platform level described above.

Newsletter

PatientSpotlight operates an opt-in email newsletter, described on the newsletter page. The provider is Buttondown, chosen because it is single-operator, ships no tracking pixels by default, and supports double opt-in out of the box.

When you submit the signup form, your email address is forwarded to Buttondown so that the confirmation message and subsequent newsletter issues can be delivered. Buttondown is the data processor for the subscriber list. We do not log your email anywhere on our side, and we do not share or sell the list. Buttondown's own privacy disclosures describe its practices as a service provider; those apply in addition to this page for anything at the newsletter-provider layer.

Double opt-in means you will receive a confirmation message before any newsletter is sent - if you do not confirm, no further mail is delivered. Unsubscribing is a one-click link in any issue, and the unsubscribe is honoured by Buttondown immediately.

The newsletter is the only mailing list we operate. We do not send promotional or transactional email beyond the newsletter itself.

Accessibility and performance data

We do not currently run any real-user accessibility or performance monitoring on the site. If we add either in the future - for example, a Vercel-native privacy-preserving performance tool - the disclosure will be added to this page, and the tooling selection will be biased toward options that do not fingerprint readers.

Contact

PatientSpotlight is published by PanaceaIntel. For any question about data practices on this site, including questions about hosting-level logs or a request to have a specific request record purged where that is operationally possible, please contact the PanaceaIntel editorial team. Contact details are published with our editorial policy.

Updates to this page

If our data practices change in any way - new tooling, newsletter, any form of reader-level measurement - this page will be updated before the change takes effect, and the change will be reflected in the page's publish date on the site footer. This page is reviewed as part of the same editorial workflow as the rest of the site.