Privacy Policy

AndEase is operated by ØP Konsult v/Anders Ørsted Pedersen, CVR 28561571.

Registered address: Cort Adelers Gade 12, 5. th, 1053 København K, Denmark.

For privacy, legal, and support requests, contact [email protected]. No data protection officer has been appointed.

This Privacy Policy explains how AndEase handles information in the AndEase iOS app, the AndEase website, support communications, optional Secure Sync, and the AndEase Provider Portal.

AndEase is for personal tracking, informational records, and care conversations. It is not a medical device and does not provide medical advice, diagnosis, dosage instructions, treatment decisions, or emergency services.

AndEase does not replace professional medical advice or professional clinical judgment. Always consult a qualified healthcare professional for medical decisions. In an emergency, call local emergency services.

AndEase is designed to work without an account. If you do not enable Secure Sync, export, or share data yourself, your pain logs, medication logs, treatment logs, HealthKit context, schedules, and reports stay on your device.

Device backups are controlled by you and by Apple device settings. Exported reports, CSV files, and backup files leave the app only when you choose where to save or share them.

Secure Sync is optional. If you connect AndEase to a clinic or backend service, the app shows what can be shared before you connect. You choose the data types and time range to share.

Depending on your choices, Secure Sync may upload pain logs, pain areas, medication logs, medication profiles, treatment logs, treatment profiles, selected HealthKit or Fitness summaries, selected workouts, patient name, date of birth, and optional verified email.

If you do not set up Secure Sync, this data is not sent to a clinic backend.

Clinic teams can only review data shared through a supported clinic connection. A clinic or other organization may separately determine how it uses information you choose to share with it.

Clinic users may create provider portal accounts to manage clinic access and review data shared by connected patients.

Provider portal account information may include names, work email addresses, clinic details, authentication data, and access logs needed to operate, secure, support, and troubleshoot the portal.

Connected clinic users may access synced clinic data according to clinic account permissions and the patient sharing choices available in the app.

HealthKit access is optional. Health and Fitness data is used only for app functionality, such as showing trends, preparing reports, and syncing selected data when you explicitly choose Secure Sync or export.

Health and medical data is not used for ads, ad targeting, analytics profiling, or tracking.

You can change Health permissions in iOS Settings.

The AndEase website uses Aptabase analytics only if you accept analytics cookies or similar storage on the website. If you choose Necessary only, Aptabase website analytics is not loaded.

Website analytics may record safe product-interaction events such as page views, App Store clicks, portal clicks, support/contact clicks, and guide or screenshot navigation. Website analytics must not include names, email addresses, notes, patient data, clinic names, query strings, pain or medication content, or other health entry content.

The AndEase app may use limited Aptabase product-interaction analytics to understand broad app usage such as which screens are opened. App analytics events must not include pain levels, medication names, notes, HealthKit values, patient identity, reports, or other health content.

Aptabase analytics is not used for cross-app tracking or targeted advertising. The Aptabase project should be configured in the EU region or on an AndEase-controlled self-hosted Aptabase endpoint where available.

The free version may show ads in the main iOS app through Google AdMob. Ads are configured as non-personalized or contextual ads.

AndEase does not request App Tracking Transparency permission, does not access IDFA, and does not use HealthKit, medical, medication, or pain data for ad targeting.

Premium removes ads. You can manage ad privacy choices in Settings and report inappropriate or age-inappropriate ads from Settings > Report an Ad.

The website stores a necessary consent preference cookie so it can remember whether you accepted analytics or selected Necessary only. This preference is retained for up to 6 months unless you clear it earlier.

Non-essential analytics storage and analytics requests are used only after consent. You can reopen Cookie settings from the website footer and withdraw consent at any time.

The clinic inquiry form may use Cloudflare Turnstile as strictly necessary abuse-prevention functionality before the form sends an email.

The website does not use Cookiebot CMP, Google Analytics, Google Site Kit, Metabase analytics cookies, marketing pixels, or chat widgets in this implementation.

Cloudflare Web Analytics and Browser Insights are not enabled for this website implementation.

Support and legal requests are processed to respond to you, based on contract necessity or legitimate interests where applicable.

Website operation, security, abuse prevention, and essential technical logs are processed based on legitimate interests.

Cloudflare Turnstile form checks, where enabled, are processed for website security and abuse prevention.

Aptabase website analytics is processed based on your consent. You can withdraw analytics consent at any time from Cookie settings.

Secure Sync and provider portal processing is performed to provide requested clinic sharing and portal services, and may also be governed by a separate clinic agreement, data processing agreement, or patient consent flow.

Local app processing happens on your device under your control, except where you choose to export, share, back up, or sync data.

AndEase does not sell personal data or health entries.

Service providers may process limited information for hosting, authentication, support, security, analytics, and app advertising where those services are used.

Current named providers described in this policy include Cloudflare for website delivery and Turnstile abuse prevention, Aptabase for analytics including a self-hosted Aptabase endpoint where configured, and Google AdMob for app ads. Clinics may receive only the data a patient chooses to share through Secure Sync or exports.

AndEase aims to use EEA or EU-region processing where available, including EU-region or AndEase-controlled self-hosted Aptabase analytics where configured.

If a service provider processes personal data outside the EEA, UK, or your region, AndEase relies on appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, or equivalent contractual and technical safeguards.

You can export reports, CSV files, and backup snapshots. Exported files leave the app only when you choose where to save or share them.

Optional encrypted backups can be used when available. You are responsible for where you store or send exported files after they leave AndEase.

You can delete local app data from the device in Settings > Data & Privacy.

For Secure Sync, open Care Center > Secure Sync > Sync Settings to disconnect, change what is shared, or delete backend data.

Deleting backend data permanently removes synced backend records associated with the current Secure Sync connection. If you need help completing a deletion request, contact AndEase support.

If you contact support, AndEase may process the information you provide, such as your email address, device or app details, screenshots you choose to send, and the content of your request.

Do not send personal health entries unless support specifically asks for a safe export. Support communications are retained only as long as needed to handle the request and meet legal obligations.

AndEase is designed to limit unnecessary data movement and keep personal app data on device by default.

Secure Sync and provider portal access should use appropriate authentication, access controls, logging, encryption, and operational safeguards.

No system can be guaranteed completely secure. You should protect devices with passcodes or biometrics and review app permissions regularly.

Depending on your location, including the EEA and UK, you may have rights to access, correct, delete, restrict, object to, withdraw consent, or receive a copy of personal data, subject to applicable law.

You can control local app data on your device, Health permissions in iOS Settings, exports from the app, notification permissions in iOS Settings, and Secure Sync sharing from the supported app flow.

To exercise privacy rights, contact [email protected]. You may also lodge a complaint with your local data protection authority. In Denmark, the authority is Datatilsynet at www.datatilsynet.dk.

AndEase does not sell or share personal data for cross-context behavioral advertising as those terms are commonly used in US state privacy laws.

AndEase is not intended to receive or process HIPAA-covered protected health information on behalf of a US covered entity unless a separate written agreement, such as a business associate agreement where required, is in place.

AndEase is not directed to children under 16. AndEase does not knowingly collect personal data from children through the website or app support channels.

AndEase may update this Privacy Policy when features, providers, laws, or operational practices change. The Last updated date shows the current version.

Questions about this Privacy Policy can be sent to [email protected].