Privacy Policy


In the course of its business, Paindrainer is collecting and using personal information. Paindrainer operates the website (the “Website”), social media accounts, and provides the Paindrainer application (the “App”) and the Paindrainer Care Portal that is accessible by healthcare providers.

This Privacy Policy ("Privacy Policy") describes how Paindrainer AB ("Paindrainer", "we", "our" and "us"), collects, uses, and discloses information that we obtain about your personal information through the Paindrainer App and Paindrainer Care Portal. We are the controller and responsible for processing of your personal information.

As required by the privacy regulation pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Paindrainer is required by law to maintain the privacy of your protected health information (PHI) and to provide you with notice of our legal duties and privacy practices with respect to your PHI. This Privacy Policy provides you with information how Paindrainer may use and disclose your PHI; your privacy rights in your PHI; and Paindrainer’s obligations concerning the use and disclosure of your PHI.

Paindrainer respect and commit to the protection of your personal privacy and always strives to protect your personal information in the best possible way. It is Paindrainer’s goal to comply with all applicable laws and data protection rules.

This Policy is current as of the Effective Date set forth above. We reserve the right to amend this Privacy Policy at any time. If we make significant changes, we will notify you based on what is appropriate with respect to the circumstances, e.g., via an announcement on the Website, by e-mail, or by notification in the App. We are required to abide by the privacy policy currently in effect.

The latest version of the Privacy Policy is always available on our website

1. How do we process your personal information?

1.1 How we collect personal information

We collect your information when the Healthcare provider registers you through the Paindrainer Care Portal, when you enter your profile and daily logs in the Paindrainer App or otherwise use our services (“Services”).

1.1.1 Cookies and similar technologies

We do not use cookies in the Paindrainer App.

We collect information by means of technology such as cookies and local storage (e.g. in your web browser or unit). In this Privacy Policy, we use the term “Cookies” for all technology, including data and text segments, that we store in your web browser or device.

We use functional cookies to handle certain features in the Service so that your choices and settings will be remembered when you use the Service again.

We use analytical cookies to analyze and measure how our webservices are requested, used, and function when they are used. The information that we collect is used to maintain and improve the Service (again, we do not use cookies in the Paindrainer App).

We can also allow our collaborative partners to use Cookies in our webservices for the same purposes as described above. Third-party suppliers can also use Cookies on our behalf in accordance with the purposes that are described above.

Most web browsers allow you to choose how cookies should be handled. You can set the web browser to refuse to accept cookies or remove certain cookies. If you choose to block Cookies, parts of the functionality of the Service may be impaired or disappear because it assumes that Cookies are allowed.

1.2. How we share your information

If it has not been defined in this Privacy Policy or if you do not give Paindrainer permission to do so, Paindrainer will not use or share your personal information in any way other than as stated in this Privacy Policy. We will not share your information with any third party except as described below.

a. Your Healthcare provider: You may have been prescribed the Paindrainer App from a healthcare provider. In this case, your healthcare provider will have access to your personal information logged in the App. That is, Paindrainer will share your personal information with your health care provider in order to facilitate and contribute to your treatment plan produced by your clinic. Upon transfer from your Clinic to Paindrainer, the clinic in question is responsible for your Personal Information and other information. Upon transfer to your Clinic from Paindrainer, Paindrainer is responsible for your Personal Information and other information.

b. Our Suppliers: We may use third parties to handle one or more aspects of the business, including processing or handling of personal information. We may share personal information with these third parties to provide services on our behalf, such as storing our data, customer support services, analytics, marketing, advertising, and other IT services. When we use suppliers according to this paragraph, we establish personal information assistant agreements, ensure security and confidentiality requirements, and take other appropriate steps to ensure that your personal information is processed in a manner that complies with this Privacy Policy.

c. Sale or Transfer: We may transfer or transmit your personal information to a Buyer or Potential Buyer upon the sale, transfer or other transmit of all or part of our business or assets. Upon such transfer, we will take reasonable steps to ensure that the receiving party processes your information in a manner that complies with this Privacy Policy.

d. Legal Process: We may disclose your personal information in order to comply with the law, judicial proceeding, court order, or other legal process, such as response to court order or a subpoena.

1.3 How we protect your information

We have taken reasonable precautions and enforce security standards to protect your personal information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We store your personal information on files available only to a limited set of employees, our agents and our service providers who need the information for their service. We use technical tools such as firewalls and passwords, and we ensure that our employees are educated in the importance of maintaining security and confidentiality in relation to the personal information we process. Please be aware that despite our best efforts, no data security measures can guarantee security. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

1.3.1 How long we store your information

By registering as a user, we will keep your data as long as you are a registered user of the Paindrainer App and to the extent necessary for a certain period of time thereafter, for example, for the payment and fulfillment of our commitments. You can unsubscribe at any time as a user.

Customary Personal Information will be retained when binding legislation so requires, such as the Accounting Act. When the period for the binding legislation expires, the Customary Personal Information will be deleted.

Unless otherwise stated above, Paindrainer will store your information for at least 24 months after your agreement has been terminated. This is what we do for you to have access to your data. If you do not want your data stored for the specified time period, you can request that your data to be deleted as soon as our relationship has been terminated by emailing us at [email protected]. Personal Information provided to your Health Care Provider through our Services is no longer under our control and may be processed for a longer time.

2. Where we process your personal information

We guarantee an adequate level of protection for our Services by processing your personal information within the US. Other third-party IT systems, such as website and support tools, guarantee that your personal information is only processed in countries with adequate protection levels according to the European Commission and the GDPR.

3. Why we process your personal information

3.1 Purpose of treatment, legal basis and storage period

Your information will not be used in a manner that is inconsistent with the purposes for which the information was collected. We process your information for the purposes listed below.

3.1.1 Provide you with your user account

In order to provide you with our Services, a user account is required, and we collect the personal information you provide us, including your name, email, password, and birthdate (“Customary Personal Information”). We use your information to ensure your identity and prevent minors from being granted access to our Service.
The legal basis for personal information processing for this purpose is that it is necessary for us to fulfill our obligations under our agreement with you as a user.

3.1.2 Provide our services

We use your personal information to provide you with our Services, this is essential for the service to function as intended. If you have been prescribed the use of Paindrainer as part of your treatment by a clinician or other service provider, Paindrainer will process your Medical Record Number and information regarding which clinic you are receiving your treatment from (“Clinic Information”).

When using the Paindrainer App, you record and store information such as pain experience, form scores, medication adherence, progress against goals, and other metrics (“User -Generated Material”). You log information about your daily activities such as sleep, work, exercise, leisure time and other activities. We collect additional information about how you were feeling during the logged activities and the date and time when the logging occurred.

The App and the Service require us to process personal health information. Paindrainer will process such information only with your consent, except where it is allowed or required pursuant to applicable law. Please note that without your consent Paindrainer will not be able to provide you with access to the App and Service.

Customary Personal Information, User-Generated Material and Clinic Information are referred to in this Privacy Policy jointly as your “Personal Information.” The legal basis for personal information processing for this purpose is that it is necessary for us to fulfill our obligations under our agreement with you.

3.1.3 Provide support

We also use your personal information to help you if you contact us in support matters, such as if you have questions about our products or services. We use your personal information to identify you, communicate with you, and investigate any complaints or support matters. We process your personal information to provide support for at least 24 months after you have terminated your agreement with us.
The legal basis for personal information processing for this purpose is that it is necessary to fulfill our and your legitimate interest in providing support.

3.1.4 Improve our services

We will process information such as IP address, type of web browser, operating system, error logs and similar to obtain statistics on how you use our Services. This can be done by performing user satisfaction and market research or by analyzing your use of the Services.
When we use your information to improve our Services, we use your data in an aggregated form (i.e. studying overall user patterns using unidentified data) to the extent possible. We also use your data to make the Services more user-friendly, such as to troubleshoot, fix bugs, change the interface so that you can easily access the information you are looking for or highlight features in our Services that are commonly used by our users. We process your personal information to improve our Services for 24 months from the collection of the data. The legal basis for personal information processing for this purpose is that it is necessary to fulfill our legitimate interest in continuously improving the Services.

3.1.5 Distribution of service updates

We will use your Personal Information to send important notices about our services and updates concerning the Website, the App, the Service, or User Account settings. Such notices and updates will contain important information that is relevant to the use of the Website, the App, and/or the Service. The processing of your Personal Information for such purposes is necessary to perform Services.

3.1.6 Carry out research

By gaining access to and using the Service, you give Paindrainer consent to collect and anonymize User-Generated Material for the purpose of improving the Service and for scientific research purposes. This means that Paindrainer may anonymize User-Generated Material so that it can no longer be associated with you. Anonymization occurs automatically without access by any employees of Paindrainer or with a contracted third party. Subsequently the anonymized information is combined with other users’ anonymized information – this is called “Aggregated Information.”

Processing of the Aggregated Information for scientific research purposes for research projects shall be done in accordance with Paindrainer’s standard operating procedure for data protection as well as in accordance with good practice. In these cases, the information is stored under the responsibility of Paindrainer.

3.1.7 Prevent abuse

Your information can also be used to prevent abuse of our services or to prevent or investigate violations of our services. Misuse refers to suspected fraud, junk mail, harassment, attempted illegal login to user accounts and other actions prohibited by our terms or by law.

The legal basis for personal information processing for this purpose is that it is necessary for our legitimate interest in preventing our services from being abused or preventing and investigating violations against us.

3.1.8 Complete legal obligations

We may also process your information in order to fulfill our legal obligations under laws, judgments, or government decisions. The requirements may include requirements for accounting, product liability and money laundering legislation. The legal basis for personal information processing for this purpose is that it is necessary for us to fulfill our legal obligations.

4. Your rights

This section describes the rights you have as a registered User. You can always exercise these rights by contacting us at [email protected].

4.1 Right of access

If you want information about what personal information we process regarding you, you can request access to the information. The information will then be provided in the form of a registry extract which specifies the personal information we process, the purposes for which we handle them, where the information has been obtained, the third parties to whom the data has been transferred and how long the data will be stored.

4.2 Right to rectification

You are entitled to have incorrect information about you rectified without delay. You are also entitled to complete incomplete information.

4.3 Right to erasure

You may, in certain circumstances, delete your personal information if your personal information is no longer necessary for meeting the purposes for which they were collected or processed. If you have objected to the processing of personal information and we do not have a legitimate interest that weighs heavier than your interest, whether your personal information have been processed illegally or if your personal information has to be deleted to comply with a legal obligation.
However, in some cases, we are entitled to oppose the deletion of your personal information and we will inform you if applicable.

4.4 Right to restriction of processing

You are entitled to require restriction of processing of your personal information in some cases:

a. if you contest the accuracy of the personal information during the time it takes for us to check if the information is correct,

b. if the processing is illegal and you oppose the deletion of the data and request instead a restriction,

c. if we no longer need personal information but you need them to determine, enforce or defend legal claims or

d. if you have objected to a treatment based on our legitimate interest during the time we check if our interest weighs heavier than your interests.

4.5 Right to object

You are entitled to object to the processing of your personal information, which is based on our legitimate interest. If so, in order to continue the processing, we must be able to show compelling legitimate reasons that weigh heavier than your interests, rights and freedoms.

4.6 Right to data portability

If we process your personal information on the basis of an agreement with you or your consent, you are entitled to obtain the personal information you have provided to us that concerns you in an electronic format that is widely used when technically possible and this can be done by automated route. You may transfer such data to other personal information controllers (data portability) where applicable.

4.7 Right to rescind your consent

If you have granted consent, you have the right to rescind this consent at any time (without this affecting the legality of the processing before the consent was rescinded). Paindrainer then will not have the right to continue the processing in question (if there is no other legal basis for the processing).
If you want to rescind your consent, please contact us via the contact information listed in this Privacy Policy. Please indicate in which areas you want to rescind the consent, i.e., specify whether it concerns all of the provided consents or only some of these.

4.8 Right to file complaints

If you believe Paindrainer has violated your health information privacy rights, you may file a complaint with Paindrainer or with the Office for Civil Rights (OCR). OCR can investigate complaints against covered entities and their business associates.

Read more about this on the website of US department of Health and Human Services.

To file a complaint with Paindrainer, send it to the Data Privacy Officer. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

4.9 Right to breach notification and accounting of disclosure

We are obligated by law to notify you of any breach of your unsecured PHI.

Additionally, you have the right to request an “accounting of disclosure” (disclosures Paindrainer has made of your PHI). Paindrainer is not bound to account for disclosures made for purposes of health care operations or disclosures made to you. To obtain an accounting of disclosures, you must submit your request in writing to Data Privacy Officer of Paindrainer.
All requests for an “accounting of disclosure” must state a time period which may not be longer than 6 years. We will provide one list per 12-month period at no charge. Additional lists requests within the same rolling 12- month period will be charged to you. We will make every attempt to notify you of the cost involved with additional requests and you may withdraw your request before you incur any costs.

5. Contact information for personal information controller

If you have any further questions or concerns, please feel free to contact us at

Paindrainer AB
Medicon Village
SE-223 81 Lund

or by e-mail at [email protected]
or contact the Data Protection Officer at [email protected].


6.1 “Sales” of Personal Information under the CCPA

For purposes of certain state law, Paindrainer does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age as the term “sell” is commonly understood. That said, we may share information with third-party advertising partners for the purpose of promoting our Services as described above, such as for cross-context behavioral advertising. To the extent that such sharing is considered a “sale” under California law, you may limit such sharing by contacting us as set forth in Section 9 above.

The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties.

Where required by law, California residents under the age of 18 may request to have their posted content or information removed from the publicly viewable portions of the Services by contacting us directly as set forth in Section 9 above.

6.2 Supervisory Authority in Virginia

If your personal information is subject to the applicable data protection laws of Virginia, you have the right to lodge a complaint with the attorney general at Virginia Attorney General if you believe our processing of your personal information violates applicable law.

7. Effective date

January 11, 2024