Privacy Policy
Last updated: [EFFECTIVE DATE] · Version 1.0
This policy explains what personal information noPain collects, why, how we protect it, and the rights you have over it. We have tried to write it in plain language. It applies to the website nopain-nopain.com and the noPain mobile app (together, the “Service”).
Health information. noPain lets you log pain and related wellness data. In some regions this is treated as a special / sensitive category of personal data and gets extra protection. We process it only with your explicit consent and only to provide the Service to you — never to sell, and never for advertising.
On this page
1. Who we are
The data controller responsible for your personal information is [LEGAL ENTITY NAME] (“noPain”, “we”, “us”), registered at [REGISTERED ADDRESS]. You can reach us about privacy at privacy@nopain-nopain.com.
2. What we collect
| Category | Examples |
|---|---|
| Account data | Email address, and a display name if you provide one. |
| Wellness & pain data | Pain entries you log: body zone, intensity, what you were doing, how you felt, whether a protocol helped. |
| Apple Health data (optional) | If you grant permission, selected metrics such as heart-rate variability, sleep, stand hours, or activity — used only on your device and to personalize your experience. |
| Usage & device data | App version, device type, OS, crash logs, and basic interaction events needed to run and improve the Service. |
| Communications | Messages you send us, and your waitlist email if you sign up. |
| Subscription data | Plan and status. Payments are handled by the Apple App Store / Google Play — we never receive your full card details. |
We practice data minimisation: we ask for the least we need to make the Service work for you.
3. Why we use it & our legal basis
For users in the EEA/UK, we rely on the following legal bases:
| Purpose | Data | Legal basis |
|---|---|---|
| Create and run your account | Account data | Performance of a contract |
| Generate and personalize protocols | Pain & wellness data, Apple Health data | Your explicit consent (for health data) |
| Keep the Service working, secure & debugged | Usage & device data | Legitimate interests |
| Improve the Service | Aggregated / de-identified usage | Legitimate interests |
| Waitlist & product emails | Your consent | |
| Comply with the law | As required | Legal obligation |
Where we rely on legitimate interests, we have weighed them against your rights and use only what is necessary. You can object at any time (see your rights).
4. Health & sensitive data
Pain logs and Apple Health metrics describe your body, so we treat them with extra care:
- We process them only with your explicit consent, which you can withdraw at any time.
- We use them only to provide and personalize the Service — never for advertising, and never sold.
- Apple Health data obtained through HealthKit is used in line with Apple’s requirements: it stays tied to your in-app experience and is not shared with third parties for marketing or used to build advertising profiles.
- You can disconnect Apple Health or delete your pain history at any time from within the app.
5. Who we share it with
We share personal data only with service providers who help us run noPain, under contracts that bind them to protect it:
- Amazon Web Services — cloud hosting and storage (United States).
- Amazon Bedrock — the AI layer that personalizes your protocols. Your inputs are processed to generate a response for you and are not used to train third-party foundation models.
- Apple / Google — app distribution and subscription billing.
- [EMAIL PROVIDER] — transactional and waitlist email.
- Authorities or advisers where required by law, or to protect rights and safety.
We do not sell your personal data, and we do not share it for cross-context behavioural advertising.
6. International transfers
noPain is hosted in the United States. If you use the Service from the EEA or UK, your data is transferred to the US. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum) to protect it. You can request a copy of the safeguards at privacy@nopain-nopain.com.
7. How long we keep it
We keep personal data only as long as needed for the purposes above:
- Account & pain data — while your account is active, then deleted or anonymised within [RETENTION PERIOD, e.g. 30 days] of account closure.
- Waitlist email — until launch or until you unsubscribe.
- Logs — kept for a short period for security and debugging, then rotated.
You can ask us to delete your data sooner (see below).
8. How we protect it
We use technical and organisational measures appropriate to the data, including encryption in transit and at rest, access controls on a least-privilege basis, and isolation of sensitive data. No system is perfectly secure, but we work to keep yours safe and will notify you and the relevant authority of a qualifying breach as required by law.
9. Your rights (EEA / UK)
If you are in the EEA or UK, you have the right to:
- Access — get a copy of the data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — have your data deleted in certain circumstances.
- Restriction — limit how we process it in certain circumstances.
- Portability — receive data you gave us in a portable format.
- Object — to processing based on legitimate interests, and to marketing.
- Withdraw consent — at any time, without affecting prior processing.
To exercise any right, email privacy@nopain-nopain.com. We respond within one month (extendable for complex requests) and never charge for it in normal cases.
10. California & other US state rights
If you are a California resident, the CCPA/CPRA gives you the right to know, delete, and correct your personal information, and to be free from discrimination for exercising these rights. Similar rights apply in several other US states.
- Right to know / access the categories and specific pieces of personal information we collect, use, and disclose.
- Right to delete personal information we hold, subject to legal exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing — we do not sell or share your personal information as those terms are defined under the CPRA, so there is nothing to opt out of.
- Right to limit use of sensitive personal information — we use sensitive information (such as health data) only to provide the Service you requested, which is a use the CPRA does not require us to offer a limit on.
To make a request, email privacy@nopain-nopain.com. We will verify your identity before responding, and you may use an authorised agent.
11. Children
The Service is intended for adults and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.
12. Automated processing & AI
noPain uses automated processing (our “Applied Intelligence” layer) to personalize protocols from your inputs and history. This helps tailor suggestions to you; it does not make decisions that produce legal or similarly significant effects on you, and it never replaces professional medical judgment. You can contact us with questions about how a suggestion was generated.
13. Cookies & tracking
Our website is intentionally lightweight. It does not use advertising cookies or third-party behavioural trackers. We load web fonts from a third-party provider to render the site; if we add any non-essential analytics in future, we will ask for your consent first and update this policy.
14. Changes to this policy
We may update this policy as the Service evolves. We will revise the date at the top and, for material changes, give you reasonable notice in the app or by email.
15. Contact & complaints
Privacy questions or requests: privacy@nopain-nopain.com.
If you are in the EEA or UK and believe we have mishandled your data, you may lodge a complaint with your local supervisory authority (in the UK, the ICO at ico.org.uk). California residents may contact the California Privacy Protection Agency or the State Attorney General. We would appreciate the chance to address your concern first.