Painless is a chronic pain recovery program created by Tony McShane. This policy explains what personal information we collect, why we collect it, how we use it, and your rights regarding that information.

It applies to the Painless website, web application, and all associated services. By using Painless, you agree to the collection and use of information as described here.

Information We Collect

Account information

When you create an account, we collect your name, email address, and profile image. Account creation and authentication are managed through our authentication provider, Clerk.

Health and symptom data

As part of the program, you may provide health-related information including assessment responses about your symptoms, pain level scores, mood ratings (before and after activities), and information about your conditions. This data is used to personalise your program experience and track your progress.

Journal entries

The program includes guided journaling. Your written responses, mood and pain scores associated with journal entries, and any checklist selections are stored to provide the journaling features and allow you to review past entries.

Evidence list

You can create personal evidence items as part of the program. These are free-text entries you write and are stored to provide the evidence list feature.

Program activity data

We track which program activities you complete, including audio exercise sessions and their duration, educational content you view, books you mark as read, and your overall daily progress through the 30-day program.

Preferences

Your chosen settings such as theme preference, notification preferences, reminder times, and timezone are stored to provide a personalised experience.

Payment information

Payments are processed entirely by Stripe. We do not receive, store, or have access to your full credit card number. Stripe provides us with limited transaction details (such as confirmation of payment and the last four digits of your card) to manage your account entitlements.

Analytics data

We use Mixpanel to understand how people use the application. This includes page views and interactions with features. Mixpanel uses your browser's localStorage to maintain analytics sessions. We use this data in aggregate to improve the program.

Technical data

Like most web services, our hosting and analytics providers automatically collect technical information such as your browser type, device information, and IP address.

How We Use Your Information

We use the information we collect to:

• Provide and personalise the 30-day program experience
• Track your progress through the program, including pain scores, mood, and activity completions
• Process payments and manage your account access
• Send reminders and notifications you have opted into
• Respond to support enquiries
• Improve the program through anonymised, aggregate analytics

Third-Party Services

We use the following third-party services to operate Painless. Each receives only the data necessary for its function, and each has its own privacy policy governing how it handles that data.

• Clerk — Manages account creation, login, and authentication. Receives your email, name, and profile image.
• Supabase — Hosts our database. Stores your program data, journal entries, activity progress, and preferences.
• Stripe — Processes payments. Handles all payment card data directly. We do not store your card details.
• Mixpanel — Provides analytics. Tracks page views and feature interactions to help us understand usage patterns.
• Vercel — Hosts the application. May collect technical data such as IP addresses and request logs.

Data Security

All data is transmitted over encrypted connections (HTTPS). Authentication is managed through Clerk's security infrastructure. Payment data is handled entirely by Stripe, which is PCI-DSS compliant. Database access is restricted through application-level controls.

That said, no system connected to the internet is completely secure. We take reasonable measures to protect your data, but we cannot guarantee absolute security.

Data Retention

Your account and program data are retained for as long as your account is active. If you request deletion of your account, we will remove your personal data from our systems within 30 days, except where we are required by law to retain certain records.

Analytics data is retained according to Mixpanel's own retention policies. Payment records are retained as required by financial regulations and Stripe's policies.

Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data and account
• Opt out of analytics tracking

For users in the EU/EEA (GDPR)

You additionally have the right to data portability, the right to restrict processing, and the right to object to processing. Our legal basis for processing your data is your consent (provided when you create an account and use the service) and our legitimate interest in providing and improving the program.

For users in California (CCPA)

You have the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information.

To exercise any of these rights, contact us at support@painless.health. We aim to respond to all requests within 30 days.

Cookies and Local Storage

Clerk uses cookies to manage your authentication session and keep you logged in. Mixpanel uses your browser's localStorage to maintain analytics sessions.

We do not use third-party advertising cookies or tracking pixels.

Children's Privacy

Painless is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will remove it.

Changes to This Policy

We may update this privacy policy from time to time. When we do, we'll update the effective date at the top of this page. Continued use of Painless after changes are posted constitutes your acceptance of the updated policy.