Privacy Policy
Effective date: June 15, 2026
This Privacy Policy describes how PainPal (“we”, “us”, “our”) handles personal information when you use our mobile and web applications (the “Service”). PainPal is operated by Josh Roberts as an individual. If you have questions about anything below, contact us at joshdroberts2010@gmail.com.
Who we are
PainPal is a personal endometriosis symptom journal: you log your symptoms, meals, menstrual cycle and flow, ovulation and fertility signals, intimacy, and medications; the app shows you trends, suspected triggers, and cycle predictions; and an optional AI assistant analyzes your history to surface patterns. PainPal is an iOS app distributed via the Apple App Store. Our website at https://painpal-endo.com hosts this policy along with our Terms and Support pages.
Health information notice
The symptoms and pain locations, menstrual cycle and flow, ovulation and fertility signals (such as basal body temperature, ovulation-test results, and cervical mucus), intimacy / sexual activity, medications, surgical and pregnancy-related history, foods, health context, and any sleep and body-temperature data you import from Apple Health are sensitive personal health information — including reproductive and sexual health data. We treat it accordingly: it is stored only to operate the Service for you, it is never sold or used for advertising, and the only time it leaves our systems is when you ask for an AI analysis — at which point the relevant portions are sent to our AI provider to generate your results (see “Third parties”).
What we collect
We only collect what you give us. There is no advertising, no third-party analytics, and no tracking across other apps. The following is the full list of data we store about you:
- Account information: username, display name (optional), and a one-way hashed password. We do not require an email address to create an account.
- Symptom logs: the symptoms you record, their intensity or size rating, the body regions where you mark pain, the date, and any per-entry notes.
- Food logs: the free-text meal descriptions you type, the meal type, the trigger tags applied (auto-inferred and the ones you confirm), and any per-entry notes.
- Menstrual cycle & flow: the cycle-day number you enter (or that we derive from your logged periods) and the flow level you record for a date.
- Ovulation & fertility signals: basal body temperature, ovulation-test (OPK) results, and cervical-mucus observations you choose to log. We also use your logged period dates to estimate a fertile window and ovulation — these are estimates, not contraception or medical guidance.
- Intimacy / sexual activity: when you choose to log it — the date, an optional count, whether protection was used, and whether it was painful. Recorded only to correlate with your symptoms (e.g. painful intercourse) and your cycle.
- Medications & treatments: medications or treatments you add (name, dose, category, schedule, start/stop dates) and any per-day intake you record.
- Medical & surgical history: surgeries and pregnancy-related events (including pregnancy loss) you choose to record — date, type, and an optional note. These entries are private by default and are included in an AI analysis or clinician report only if you explicitly turn that on for the entry.
- Apple Health data (optional, iOS): if you connect Apple Health and leave the relevant syncs on, PainPal reads your menstrual flow, basal body temperature, and (for the AI import) your nightly sleep duration and sleeping wrist temperature from Apple Health and stores them on our server so they appear in your cycle history and can enrich your analysis. See the “Apple Health” section below for exactly what is read, what is written, and how to control it.
- Custom catalog: any custom symptoms or food tags you define, including the keywords you attach to a tag.
- Health context: the health conditions you toggle on and the free-text “other context” (medications, surgeries, family history, etc.) you enter on the Settings page — these flow into the AI analysis prompt when you use it.
- AI analysis history: for each analysis you run, we store the model used, the JSON bundle we sent, the assistant’s response, and per-run token + cost metadata.
- Subscription state: your account tier and (once subscriptions launch) the current subscription expiry date. We do not store payment information.
- Feedback: if you submit feedback via Settings → Send feedback, we store the message, the originating client (web or iOS), and link it to your account.
- Authentication tokens: when you sign in we issue a JSON Web Token (JWT). The JWT is stored locally on your device (iOS Keychain on iOS, browser local storage on the web) — never on our servers.
We do not collect device identifiers (such as IDFA), location, contacts, photos, advertising data, or analytics events.
How we use your data
- Operate the Service — display your logs, compute trends and the symptom heatmap, surface suspected food triggers, and store your history so you can review it over time.
- Run AI analysis — when you tap “Analyze” (or generate a pre-appointment summary), we send a JSON bundle containing your logged symptoms and pain locations, food tags, menstrual cycle and flow, ovulation and fertility signals, intimacy entries, medications, the health context you entered, any medical-history entries you opted in, and — if you imported them from Apple Health — your nightly sleep and sleeping wrist temperature, to Anthropic’s Claude API. We do not include your password or any payment information. See “Third parties” below.
- Account communication — only as needed for service-related issues, such as responding to feedback you submit.
We do not sell, rent, or share your data for marketing, advertising, or any commercial purpose unrelated to operating the Service.
Apple Health
On iOS, you can optionally connect PainPal to Apple Health. Nothing is read or written until you connect and grant permission, and you choose what to allow in Apple’s own permission screen. You can turn any sync off at any time in Settings → Apple Health in the app, or change what PainPal may read or write in iOS Settings → Health → Data Access & Devices → PainPal.
What PainPal reads from Apple Health and stores on our server (so it appears in your history and can enrich your analysis):
- menstrual flow and basal body temperature (two-way sync); and
- if you turn on the sleep & wrist-temperature import: your nightly sleep duration and Apple Watch sleeping wrist temperature (read-only — never written back).
What PainPal writes to Apple Health (from what you logged in the app, so it shows in Health and on your Apple Watch): periods, basal body temperature, ovulation-test results, cervical mucus, your symptoms (mapped to Apple’s matching symptom categories), and — only if you turn the intimacy sync on — sexual-activity entries. These are export-only; PainPal does not read them back from Health.
Health data we read is treated exactly like the rest of your health information here: it is used only to provide the Service to you (your cycle history and the analyses you request), never used for advertising or marketing, and never sold or shared, except that — like your other logs — sleep and wrist-temperature data is included in the bundle sent to our AI provider when you yourself run an AI analysis. We do not use Apple Health data for any other purpose.
Third parties
We use the following service providers. They process your data only as needed to provide their services, and they are governed by their own privacy policies.
- Anthropic (Claude API) — receives the bundle described above (symptoms and pain locations, food tags, cycle & flow, fertility signals, intimacy, medications, health context, opted-in medical history, and any imported sleep and sleeping wrist temperature) when you run an AI analysis. Anthropic’s API policy retains submissions for a limited safety-review period and does not use API data to train its models. Anthropic provides the same or equal protection of this data as described in this policy. See Anthropic’s privacy policy.
- Cloudflare — provides our public HTTPS edge and the Cloudflare Tunnel between Cloudflare and our backend. Cloudflare sees request metadata (timestamps, IPs, paths) for security and routing. See Cloudflare’s privacy policy.
- Apple — if you download the app from the App Store or manage a subscription, Apple’s standard data handling applies. See Apple’s privacy policy.
- Google (Gmail SMTP) — feedback you submit through the in-app feedback form is delivered to the developer’s inbox via Google’s SMTP service. The email contains your username, display name, and the message you typed.
Security
- All traffic between your device and the Service is encrypted in transit (HTTPS / TLS).
- Passwords are stored as one-way hashes and are never recoverable.
- Auth tokens (JWTs) live in iOS Keychain on iOS and browser local storage on the web.
- The database is on a private network and is not directly reachable from the public internet.
No system is perfectly secure. If we discover a security incident that materially affects your data, we will notify affected accounts.
Your rights and controls
- Access — every piece of data we hold about you is visible inside the app: your symptom logs, food logs, cycle & flow, fertility signals, intimacy entries, medications, medical history, any imported Apple Health metrics, custom catalog, health context, and AI analysis history.
- Correction — edit any of the above directly in the app.
- Deletion — Settings → “Delete account” immediately locks your account and signs you out, and schedules it for deletion along with all associated data (symptom logs, food logs, cycle & flow, fertility signals, intimacy entries, medications, medical history, imported Apple Health metrics, custom symptoms and tags, health context, AI analysis history, and any photo attachments). You can restore your account by signing back in within 30 days; after that, the account and all of that data are permanently deleted and cannot be recovered. Data PainPal previously wrote into Apple Health stays in Apple Health — remove it in the Health app, or revoke access in iOS Settings → Health. Past feedback submissions are kept but anonymized: the message is retained, the link to your account is removed.
- Subscription management — subscriptions are managed via the App Store on iOS (Settings app → Apple ID → Subscriptions). Cancellations take effect at the end of the current billing period.
Subscriptions and billing
Once paid plans launch:
- On iOS, subscriptions are processed by Apple through the App Store. We receive only the entitlement status (active / expired) and the expiry date — not your payment information.
- Web-based subscriptions are not currently offered. If we add them in a future update, this policy will be updated to name the payment processor and what we receive from it.
Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us data, contact us and we will delete it.
Cookies and similar technology
The web app uses one item of browser local storage (et_token) to keep you signed in between visits. We do not use analytics cookies, advertising cookies, or third-party tracking cookies.
Changes to this policy
We may update this policy when the Service changes — for example, when we add a new third-party processor or change what data is collected. The “Effective date” at the top of this document reflects the most recent revision. Material changes will be announced in-app.
Contact
Questions, requests, or notices regarding this policy should go to:
Josh Roberts
Email: joshdroberts2010@gmail.com