Privacy Policy

Who we are

PainPal is a personal endometriosis symptom journal: you log your symptoms, meals, menstrual cycle and flow, ovulation and fertility signals, intimacy, and medications; the app shows you trends, suspected triggers, and cycle predictions; and an optional AI assistant analyzes your history to surface patterns. PainPal is an iOS app distributed via the Apple App Store. Our website at https://painpal-endo.com hosts this policy along with our Terms and Support pages.

Health information notice

The symptoms, menstrual cycle and flow, ovulation and fertility signals (such as basal body temperature, ovulation-test results, and cervical mucus), intimacy / sexual activity, medications, foods, and health context you enter are sensitive personal health information — including reproductive and sexual health data. We treat it accordingly: it is stored only to operate the Service for you, it is never sold or used for advertising, and the only time it leaves our systems is when you ask for an AI analysis — at which point the relevant portions are sent to our AI provider to generate your results (see “Third parties”).

What we collect

We only collect what you give us. There is no advertising, no third-party analytics, and no tracking across other apps. The following is the full list of data we store about you:

• Account information: username, display name (optional), and a one-way hashed password. We do not require an email address to create an account.
• Symptom logs: the symptoms you record, their intensity or size rating, the date, and any per-entry notes.
• Food logs: the free-text meal descriptions you type, the meal type, the trigger tags applied (auto-inferred and the ones you confirm), and any per-entry notes.
• Menstrual cycle & flow: the cycle-day number you enter (or that we derive from your logged periods) and the flow level you record for a date.
• Ovulation & fertility signals: basal body temperature, ovulation-test (OPK) results, and cervical-mucus observations you choose to log. We also use your logged period dates to estimate a fertile window and ovulation — these are estimates, not contraception or medical guidance.
• Intimacy / sexual activity: when you choose to log it — the date, an optional count, whether protection was used, and whether it was painful. Recorded only to correlate with your symptoms (e.g. painful intercourse) and your cycle.
• Medications & treatments: medications or treatments you add (name, dose, category, schedule, start/stop dates) and any per-day intake you record.
• Custom catalog: any custom symptoms or food tags you define, including the keywords you attach to a tag.
• Health context: the health conditions you toggle on and the free-text “other context” (medications, surgeries, family history, etc.) you enter on the Settings page — these flow into the AI analysis prompt when you use it.
• AI analysis history: for each analysis you run, we store the model used, the JSON bundle we sent, the assistant’s response, and per-run token + cost metadata.
• Subscription state: your account tier and (once subscriptions launch) the current subscription expiry date. We do not store payment information.
• Feedback: if you submit feedback via Settings → Send feedback, we store the message, the originating client (web or iOS), and link it to your account.
• Authentication tokens: when you sign in we issue a JSON Web Token (JWT). The JWT is stored locally on your device (iOS Keychain on iOS, browser local storage on the web) — never on our servers.

We do not collect device identifiers (such as IDFA), location, contacts, photos, advertising data, or analytics events.

How we use your data

• Operate the Service — display your logs, compute trends and the symptom heatmap, surface suspected food triggers, and store your history so you can review it over time.
• Run AI analysis — when you tap “Analyze,” we send a JSON bundle containing your logged symptoms, food tags, menstrual cycle and flow, ovulation and fertility signals, intimacy entries, medications, and the health context you entered to Anthropic’s Claude API. We do not include your password or any payment information. See “Third parties” below.
• Account communication — only as needed for service-related issues, such as responding to feedback you submit.

We do not sell, rent, or share your data for marketing, advertising, or any commercial purpose unrelated to operating the Service.

Third parties

We use the following service providers. They process your data only as needed to provide their services, and they are governed by their own privacy policies.

• Anthropic (Claude API) — receives the bundle described above (symptoms, food tags, cycle & flow, fertility signals, intimacy, medications, and health context) when you run an AI analysis. Anthropic’s API policy retains submissions for a limited safety-review period and does not use API data to train its models. See Anthropic’s privacy policy.
• Cloudflare — provides our public HTTPS edge and the Cloudflare Tunnel between Cloudflare and our backend. Cloudflare sees request metadata (timestamps, IPs, paths) for security and routing. See Cloudflare’s privacy policy.
• Apple — if you download the app from the App Store or manage a subscription, Apple’s standard data handling applies. See Apple’s privacy policy.
• Google (Gmail SMTP) — feedback you submit through the in-app feedback form is delivered to the developer’s inbox via Google’s SMTP service. The email contains your username, display name, and the message you typed.

Security

• All traffic between your device and the Service is encrypted in transit (HTTPS / TLS).
• Passwords are stored as one-way hashes and are never recoverable.
• Auth tokens (JWTs) live in iOS Keychain on iOS and browser local storage on the web.
• The database is on a private network and is not directly reachable from the public internet.

No system is perfectly secure. If we discover a security incident that materially affects your data, we will notify affected accounts.

Your rights and controls

• Access — every piece of data we hold about you is visible inside the app: your symptom logs, food logs, cycle & flow, fertility signals, intimacy entries, medications, custom catalog, health context, and AI analysis history.
• Correction — edit any of the above directly in the app.
• Deletion — Settings → “Delete account” permanently removes your account and all associated data (symptom logs, food logs, cycle & flow, fertility signals, intimacy entries, medications, custom symptoms and tags, health context, and AI analysis history). Past feedback submissions are kept but anonymized: the message is retained, the link to your account is removed. The deletion is immediate and not recoverable.
• Subscription management — subscriptions are managed via the App Store on iOS (Settings app → Apple ID → Subscriptions). Cancellations take effect at the end of the current billing period.

Subscriptions and billing

Once paid plans launch:

• On iOS, subscriptions are processed by Apple through the App Store. We receive only the entitlement status (active / expired) and the expiry date — not your payment information.
• Web-based subscriptions are not currently offered. If we add them in a future update, this policy will be updated to name the payment processor and what we receive from it.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us data, contact us and we will delete it.

Cookies and similar technology

The web app uses one item of browser local storage (et_token) to keep you signed in between visits. We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

Changes to this policy

We may update this policy when the Service changes — for example, when we add a new third-party processor or change what data is collected. The “Effective date” at the top of this document reflects the most recent revision. Material changes will be announced in-app.

Contact

Questions, requests, or notices regarding this policy should go to:

Josh Roberts
Email: [email protected]