Privacy Notice

PainMap (the "Service") is operated by PainMap ("we", "us", "our"), acting as the data controller for personal data described in this notice. If you have questions about your data, contact us via the support channel inside your account, or reply to any email we send you.

• Account data: email address, login credentials, optional display name.
• Content you submit: pains, votes, comments, flags, bookmarks, and form responses.
• Support messages: any messages or feedback you send to us.
• Usage and telemetry: pages visited, interactions, referrer, approximate location derived from IP.
• Device data: browser type, device identifiers, IP address, and similar technical information.

Payment data (card details, billing address, tax IDs) is collected directly by our Merchant of Record, Paddle. We do not store your card details.

• Provide the Service (account creation, voting, submissions): performance of a contract.
• Subscription management via Paddle: performance of a contract and legal obligation.
• Security and fraud prevention: legitimate interests in protecting users and the Service.
• Product improvement and analytics: legitimate interests in improving the Service.
• Customer support: performance of a contract and legitimate interests.
• Marketing emails (newsletter, digests): consent, which you may withdraw at any time.

• Service providers / subprocessors: hosting, database, email delivery, analytics, and customer-support tooling.
• Paddle as our Merchant of Record: for the sale of subscriptions, subscription management, payments, tax compliance, invoicing, refunds, and chargeback handling.
• Professional advisers: lawyers, accountants, and auditors where reasonably necessary.
• Authorities: when required by law, court order, or to protect rights, property, or safety.
• Successors: in the event of a merger, acquisition, or asset sale, subject to equivalent protection.

We do not sell your personal data.

Your data may be processed outside your country, including outside the UK and EEA. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions.

We keep your personal data only for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymise it. Account data is retained while your account is active and for a reasonable period after deletion to handle disputes and meet legal obligations.

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent for processing based on consent.
• Lodge a complaint with your local data protection authority.

We aim to respond to verified requests within one month. To exercise any right, contact us using the details in section 1.

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and least-privilege practices. No system is perfectly secure, but we work to limit risk and respond quickly to incidents.

We use a small number of essential cookies and similar technologies to keep you signed in, remember your preferences, and operate basic analytics. You can control cookies in your browser settings; disabling essential cookies may break parts of the Service.

We may display advertising on the Service through Google AdSense and other third-party ad networks. These vendors, including Google, use cookies and similar technologies to serve ads based on a user's prior visits to this website and other websites on the internet.

• Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visit to this site and/or other sites on the Internet.
• Users may opt out of personalised advertising by visiting Google Ads Settings.
• Users may also opt out of a third-party vendor's use of cookies for personalised advertising by visiting www.aboutads.info.

For users in the EEA, UK, and other regions requiring consent, we rely on the IAB Transparency & Consent Framework where applicable, and Google's EU user consent policy. You can review and change your consent choices at any time via your browser settings or the consent banner shown on the Service.

We may update this notice from time to time. Material changes will be highlighted in the Service or by email. The "Last updated" date above shows the most recent revision.