Privacy Policy

Effective date: June 15, 2026

This Privacy Policy describes how PainPal (“we”, “us”, “our”) handles personal information when you use our mobile and web applications (the “Service”). PainPal is operated by Josh Roberts as an individual. If you have questions about anything below, contact us at joshdroberts2010@gmail.com.

Who we are

PainPal is a personal endometriosis symptom journal: you log your symptoms, meals, menstrual cycle and flow, ovulation and fertility signals, intimacy, and medications; the app shows you trends, suspected triggers, and cycle predictions; and an optional AI assistant analyzes your history to surface patterns. PainPal is an iOS app distributed via the Apple App Store. Our website at https://painpal-endo.com hosts this policy along with our Terms and Support pages.

Health information notice

The symptoms and pain locations, menstrual cycle and flow, ovulation and fertility signals (such as basal body temperature, ovulation-test results, and cervical mucus), intimacy / sexual activity, medications, surgical and pregnancy-related history, foods, health context, and any sleep and body-temperature data you import from Apple Health are sensitive personal health information — including reproductive and sexual health data. We treat it accordingly: it is stored only to operate the Service for you, it is never sold or used for advertising, and the only time it leaves our systems is when you ask for an AI analysis — at which point the relevant portions are sent to our AI provider to generate your results (see “Third parties”).

What we collect

We only collect what you give us. There is no advertising, no third-party analytics, and no tracking across other apps. The following is the full list of data we store about you:

We do not collect device identifiers (such as IDFA), location, contacts, photos, advertising data, or analytics events.

How we use your data

We do not sell, rent, or share your data for marketing, advertising, or any commercial purpose unrelated to operating the Service.

Apple Health

On iOS, you can optionally connect PainPal to Apple Health. Nothing is read or written until you connect and grant permission, and you choose what to allow in Apple’s own permission screen. You can turn any sync off at any time in Settings → Apple Health in the app, or change what PainPal may read or write in iOS Settings → Health → Data Access & Devices → PainPal.

What PainPal reads from Apple Health and stores on our server (so it appears in your history and can enrich your analysis):

What PainPal writes to Apple Health (from what you logged in the app, so it shows in Health and on your Apple Watch): periods, basal body temperature, ovulation-test results, cervical mucus, your symptoms (mapped to Apple’s matching symptom categories), and — only if you turn the intimacy sync on — sexual-activity entries. These are export-only; PainPal does not read them back from Health.

Health data we read is treated exactly like the rest of your health information here: it is used only to provide the Service to you (your cycle history and the analyses you request), never used for advertising or marketing, and never sold or shared, except that — like your other logs — sleep and wrist-temperature data is included in the bundle sent to our AI provider when you yourself run an AI analysis. We do not use Apple Health data for any other purpose.

Third parties

We use the following service providers. They process your data only as needed to provide their services, and they are governed by their own privacy policies.

Security

No system is perfectly secure. If we discover a security incident that materially affects your data, we will notify affected accounts.

Your rights and controls

Subscriptions and billing

Once paid plans launch:

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us data, contact us and we will delete it.

Cookies and similar technology

The web app uses one item of browser local storage (et_token) to keep you signed in between visits. We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

Changes to this policy

We may update this policy when the Service changes — for example, when we add a new third-party processor or change what data is collected. The “Effective date” at the top of this document reflects the most recent revision. Material changes will be announced in-app.

Contact

Questions, requests, or notices regarding this policy should go to:

Josh Roberts
Email: joshdroberts2010@gmail.com