Data Policy

Data and Privacy Policy

This privacy policy covers all PainTrek (“we”, “us”, “our”) consumer software applications, including, without limitation, the PainTrek apps for Android and Apple devices and the PainTrek website (PainTrek.net).


We recognize the sensitive nature of health and personal data that you may store inside our mobile app and strongly believe in transparency and honesty. We follow strict HIPAA regulations to ensure your data is secure and follows the same privacy policies as leading hospitals, clinics, and government institutions. As a result we cannot sell or share your personal data without your explicit consent, unlike other many websites and apps.


This policy is designed to give you more information on what we collect and how it is used. By using our products and services, you are accepting the practices described in this Privacy Policy and consenting to our use of your information as described here. For any questions about this policy or our operations please Contact Us

To register an account and use the PainTrek apps, you will need to enter your email address, username, and choose a password. We will send emails to the email address you provided to confirm your identity and send updates on service related updates. We will not sell your email to any 3rd party without your explicit consent.

Once you have registered, you will benefit from the following functionality:

  • Access to the PainTrek suite of apps and services.

  • Automatic encryption and backup of your data to our HIPAA secure servers.

  • Restore and recover your account and it’s associated data on another device.

First and foremost it is vital for us to stress that we do not and will never sell any personal data about you to third parties. Even though we follow very strict practices to protect your privacy and data (HIPAA), you may still feel uncomfortable storing health information to a connected device. Therefore, you should consider the safety and privacy of your personal data before using the PainTrek app generally. You should refrain from sharing or exporting data unless you are certain that the receiving email address is authorized, credible, and secure.

When you use the PainTrek app, or when you visit our website, PainTrek collects, stores, and uses some personal and non-personal data. We mainly do this to provide you with our services, and our lawful basis for this processing is that it is necessary for the performance of a contract with you (i.e. see our Terms and Conditions).

We may also occasionally send you informational and promotional messages about our services, as well as reminders to your smartphone via local and/or push notifications. We will only send you such messages with your prior consent and they are fully configurable from within the PainTrek app.

We are very thoughtful and selective about what we communicate and how often. You always remain in full control of your communication preferences and can unsubscribe to our messaging at any time.

We also process your entered data in order to understand your needs, your use of our app and website, to analyze bugs and fix issues, and to bring you more useful features. To sum it up, we process this data to provide you the best and most reliable experience of our services. These processing activities are based on our legitimate interests in providing a reliable service to you, and improving it.

Note:

We do not process personal data that directly identifies you as a person (such as your first name, surname, email, etc.).

More explicitly, we may use your data in the following ways:

  • Provide you with analysis of your data to help you manage your health, such as trended reports of how your pain has changed over time.

  • Provide technical product support, such as updates to software apps and notices of service changes.

  • Share your information with individuals and organizations of your choosing, such as your doctor, other healthcare providers, your family members, or support organizations, at your specific direction from within our software.

  • Create health databases for research purposes. Health databases do not include your contact information or personal demographics and contain only de-identified health information for aggregate analysis of populations.

We may also disclose your information to third parties as reasonably required to protect or exercise our legal rights, to protect the rights and safety of any person (such as to legal representatives and law enforcement), as you expressly permit, and as required by law (such as the result of a court subpoena).


DEVICE DATA

This data informs us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device. This data is used solely for bug reports and fixing issues with the PainTrek apps or website.

EVENT AND USAGE DATA

When you use the app, or when you go our website, our servers process anonymized data in order to understand your usage of our services, for example, which pages you visit or which tab in the app you open. We collect this information and use it as aggregate data to allow us to better understand which features are the most relevant or useful to our users as whole, and to communicate with you about relevant and timely information and promotional content. We do not connect this data to a specific user.

IP ADDRESS

We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes.

LOCATION

The PainTrek apps may track your location to provide location-based services for your pain entries such as weather information (pressure, temperature, etc.). If enabled, coarse location information is collected from your device once every few minutes. The data accuracy is limited to your zip code or general region (500m accuracy). We have no interest in precise location tracking, and would simply like to provide you the additional environmental data needed to better understand your pain. You must Opt-In to take advantage of this feature, and you can change these settings at any time in the PainTrek apps. When the app is closed, or in the background, we disable any location tracking and reinstate it when the app is re-opened (only if you gave us permission to do so).

HEALTH RELATED DATA

The data you track in the PainTrek apps about your health and activities is considered sensitive personal data. PainTrek does not store sensitive personal data without your explicit consent. It is only when you give us explicit consent by creating a PainTrek account, and initial login to our services, that we start storing your entered health and sensitive data on our secured servers.

You can withdraw your consent at any time by simply deleting your account in the app.

Health information that you volunteer to better provide you summaries and insight to your condition. Data may include location and intensity of your pain symptoms, the impact of pain on your daily activities, your medication use, and other health management details. The data is encrypted both locally on the device and on our HIPAA and HITRUST compliant servers. Collected health data is not attached to any personal data (e.g. email, name, etc.) and remain de-identified on our servers.


NOTE:

All the data we collect at PainTrek is necessary for us to deliver the services you use. The amount we collect has been minimized wherever possible to respect your privacy.

If you create an account with PainTrek, your personal data, including sensitive data and data related to your health, is stored on your device and is also stored and processed on PainTrek servers. This is done so we can offer you the option of backing up your data and to enable additional features (such as the ability to transfer, restore, and recover data between Apple and Android devices).

By creating an account with us you explicitly consent that:

  • PainTrek may store and process personal data you provide through the usage of the PainTrek apps and through the account creation process solely for the purpose of providing PainTrek services to you and to improve PainTrek’s service features. Such PainTrek services may include sending you information and reminders through the PainTrek apps, e.g. via push notification or to the email address you provided to PainTrek, where you have separately agreed to receive such messages.

  • Such personal data you provide to PainTrek through the account creation process for the purpose of providing PainTrek’s service includes personal data you enter into the PainTrek apps, such as your account data (e.g. your email address), and your health data which may include your mood levels and individual symptom levels, your medication and supplements and other health factors you track in the app (e.g. sleep quality, pain symptoms, diary entries, etc.). All of your health data is encrypted on your device and on the server end and cannot be read by anyone but yourself orr key members of the PainTrek support team.


NOTE:

You may withdraw your consent to this use of your data at any time by deleting your PainTrek account. This can be requested from within the app or by e-mailing pain-trek@umich.edu. You can also delete your data from the settings page within the PainTrek Apps.

We believe that data privacy is a basic human right. At PainTrek we strive to ensure that your rights are respected.

  1. Our products and services have been designed to minimize the use of your personal data. We only collect and process your personal data for the purposes that have been previously outlined.

  2. Your data is highly secured on our HIPAA compliant and HITRUST certified servers. You can contact us at pain-trek@umich.edu if you have any questions about the security of our services.

  3. We do not retain your personal data in an identifiable format for longer than necessary to deliver our services or satisfy HIPAA regulatory requirements.

  4. PainTrek does not engage in any automated decision-making or profiling activities.

As a user of the PainTrek apps and website, you may exercise your user rights to:

  1. Request information on, or a copy of, your personal data collected by PainTrek. Upon your request, this information will be provided to you electronically or can be downloaded directly from within the PainTrek apps. Localized pain data will be abstracted to avoid adversely affecting our rights to protect Intellectual Property and "know-how" as allowed under GDPR.

  2. Correct your personal data and health data in the app settings and in the tracking categories available in the PainTrek app.

  3. Withdraw your consent from data processing at any time by deleting your account (as explained in the support section of the app) or by pain-trek@umich.edu.

  4. Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to pain-trek@umich.edu. Your data will be deleted within 30 days.

  5. Object to our processing of your personal data, or ask us to restrict your personal data pending a decision on whether we can lawfully continue to process it.

  6. File a complaint with the relevant supervising authority if you believe PainTrek is processing your personal data under violation of applicable data protection regulations.

The privacy and security of your information is important to us. We follow industry best practices in securing your data to protect it from unauthorized access. Your information is encrypted and fully HIPAA compliant. All data is stored and transmitted using a 128-bit (or higher) cipher and transmitted using a minimum of Transport Layer Security of 1.2. Your information is password protected. You should not share your password with anyone.

We exercise all reasonable efforts to protect the confidentiality of your information. However, internet communications protected by industry standard security technology cannot be made absolutely secure. Therefore, we shall not be liable for unauthorized disclosure of confidential information due to no fault of ours including, but not limited to, errors in transmission and unauthorized acts of third parties.

PainTrek does not knowingly collect or use personal data from children. By registering to a PainTrek account you are required to confirm that you are or proper age.

If PainTrek gains actual knowledge that the information has been collected from children under the age of thirteen in the United States in contradiction with the Children’s Online Privacy Protection Act (COPPA) of 1998 and the regulation thereunder, PainTrek will not disclose this data and reserves the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.

If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country or if you have the consent of your parent or legal guardian. If you are a parent and learn that your child is using the PainTrek apps without your permission, or if you have any specific question about data privacy at PainTrek, do not hesitate to get in touch with us at pain-trek@umich.edu.

PainTrek reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of PainTrek’s services, or advances in technology. Please check this page periodically for changes. If we make a change to this Privacy Policy that, in our sole discretion, is material, we will notify you by posting notice of these changes in this Privacy Policy.