Your medical narrative, yours alone.

Last updated: April 23, 2026

Short version. PainJournal (Tactu) stores your entries, flares, medications, and settings on your device only. When you record or type a pain entry, the audio and text transit our server briefly on the way to OpenAI — they're forwarded, not stored. Every request from the app is cryptographically signed by your iPhone using Apple App Attest, so we can verify it came from a genuine, unmodified copy of the app. No accounts. No tracking. No ads.

1. What's stored where

PainJournal is designed to keep your medical data on your device.

On your iPhone (local only)

Pain entries — transcripts, clinical notes, NRS pain scores, body locations, contributing factors, medications taken, weather snapshot, and Apple Health context.
Flare episodes — start dates, end dates, durations.
Medication list — the meds you log in Settings.
Settings — profile name, appearance preference, daily reminder time, home city.
App Attest key ID — a random identifier generated by iOS on first launch, associated with a keypair held in your device's Secure Enclave. Used only to prove to our server that a request is genuine.

On our server (minimotactu.com)

Your App Attest key ID and public key — stored in an encrypted key-value store (Upstash Redis on Vercel) so we can verify request signatures. This does not identify you personally.
Nothing else is persisted. When you record or type a pain entry, the audio and text pass through our server on the way to OpenAI; we do not write them to disk, log them, or retain them after the response is returned.

2. Third-party services

OpenAI (Whisper + GPT-4o)

When you record or type a pain entry, its audio (for transcription) and text (for clinical translation and Doctor Report generation) are forwarded from our server to OpenAI. We do not store your content; OpenAI's handling is governed by their API data usage policy, which as of the date above states API inputs are not used to train their models by default.

Open-Meteo (weather)

For the automatic weather feature, your device sends a latitude/longitude (from your home city or your current GPS location) to Open-Meteo, which returns current conditions. We do not route this through our server, and Open-Meteo is a free, non-commercial service that does not require an account.

Our hosting (Vercel + Upstash)

The proxy endpoints that forward your requests to OpenAI run on Vercel. Your App Attest keys are stored in Upstash Redis. Like any HTTP service, these providers receive TCP/HTTP metadata (IP address, timestamps) in the normal course of routing traffic. Vercel's privacy policy and Upstash's privacy policy apply to that metadata. We do not enable any application-level analytics.

Apple services (on your device only)

Apple Health (HealthKit) — if you grant permission, the app reads your sleep, step count, and resting heart rate to attach as context. This data stays on your device; nothing is sent to us or to third parties. The app does not write to Apple Health.
MapKit (city geocoding) — if you set a home city in Settings, Apple converts that name to coordinates so we can fetch weather. Governed by Apple Maps & Privacy.
Location (CoreLocation) — used only to fetch weather when you have not set a home city. Never stored, never shared.
Microphone — used only to record the voice note you explicitly initiate (max 10 seconds per recording).
Notifications — only if you enable the daily reminder, scheduled locally by iOS.
DeviceCheck / App Attest — generates the Secure Enclave key used to authenticate your app to our server.

3. What we do not do

No accounts, sign-ups, or passwords.
No analytics, crash reporting, or telemetry sent to us.
No advertising networks. No cookies (this website uses no cookies or trackers).
No selling or sharing of your medical data.
No storage of your audio, text, or clinical notes on our server.

4. Your control

You can delete any entry by swiping in the Journal.
You can delete all entries from Settings → Data → Delete All.
You can revoke Apple Health access in iOS Settings → Privacy & Security → Health → Tactu.
You can revoke location access in iOS Settings → Privacy & Security → Location Services → Tactu.
You can uninstall the app to wipe every piece of local data. Your App Attest key ID will remain in our key store but is unlinkable to you personally; contact us if you want it purged.

5. Children

Pain Journal is not intended for use by children under 13. We do not knowingly collect any data from children.

6. Clinical disclaimer

Pain Journal is a self-tracking tool, not a medical device. Clinical notes are generated by AI and use the McGill Pain Questionnaire lexicon (Melzack, 1975) for NRS estimation. Always discuss your symptoms and treatment with a licensed healthcare provider. Do not rely on this app for medical decisions.

7. Changes

If this policy changes, we'll update the date at the top. We'll note material changes on the app landing page.

8. Contact

Questions about privacy? Get in touch — we read every message.