ManicGrin
Media Production Company

Where Does It Hurt Privacy Policy

Last updated: 22 September 2025

This Privacy Policy explains how Where does it hurt? (“the App”) processes your information. It uses Apple technologies (Core Data, StoreKit, CloudKit) and the Anthropic API to provide medical phrase translation. This policy is intended for users in the United Kingdom and aligns with UK GDPR and the Data Protection Act 2018.

Who we are

 What we process and why

App content you provide:

  • Symptom descriptions and other text you type in the App.
  • Purpose: to translate medical phrases between languages and generate consultation notes.
  • Lawful basis: performance of a contract (providing the App’s core functionality). Where content may reveal health information, we rely on your explicit action to provide it for the purpose of translation; do not include personal identifiers you do not want processed.

Translation data

  • The App sends text you provide to Anthropic’s API to obtain translations.
  • The App caches translations (including original text and translated text) in Apple’s CloudKit public database to avoid repeating identical work and to improve speed/cost.
  • Lawful basis: legitimate interests (efficient service and cost control). You can opt out of using translation features by not adding any additional notes.

Consultation records (on your device)

  • The App stores consultation snapshots locally using Apple Core Data: created date/time, selected patient language, your structured symptom report, and a dictionary of translated phrases.
  • Lawful basis: performance of a contract.

Purchase and subscription data

  • Apple processes payments and maintains your subscription status via StoreKit. We receive non-financial data from Apple (product IDs, entitlement status, expiration dates) to determine premium access.
  • Lawful basis: performance of a contract and legitimate interests (fraud prevention).

Usage counters

  • A local counter tracks the number of translations used in a month to enforce the free tier limit.
  • Lawful basis: legitimate interests (operating a fair free tier).

Special category data

  • You may choose to enter health-related text in the notes section. We process such text solely to provide translations/consultation notes at your request. Do not include names, contact details, or other personal identifiers in free-text fields.

Where your data lives

On-device storage:

  • Consultation snapshots and usage counters are stored on your device.

Cloud services

  • Anthropic API: receives text you send for translation. Data is transmitted securely over TLS.
  • Apple CloudKit (public database): stores translation cache records containing original text, translated text, language codes, text type, and timestamps. These records are not linked to your Apple ID by this App and are not intended to identify you, but they may be readable by the App’s CloudKit environment according to its configuration. Avoid entering personal identifiers in text you ask to translate.
  • Payments: Apple handles payment information. We do not receive your card details.

International transfers

Anthropic and Apple may process data on servers outside the UK (e.g., the United States). Transfers are protected using appropriate safeguards such as Standard Contractual Clauses or Apple’s enterprise protections.

Retention

  • On-device consultation records: remain until you delete them (you can delete individual consultations in the App).
  • Translation cache in CloudKit public database: retained for operational efficiency and may be pruned periodically. Because cache entries are not linked to an account, we may not be able to locate and delete a specific entry if it contains free-text you provided. Please avoid including personal identifiers in text you translate.
  • Diagnostic logs: minimal runtime errors may be printed to console during your session; we do not store persistent analytics logs.

Your rights (UK GDPR)

  • Access, rectification, erasure, restriction, objection, and portability (where applicable).
    • For App Store purchases/subscriptions, you can manage data held by Apple via your Apple ID settings.
    • To exercise your rights for data we control, contact us at hello@manicgrin.com. We may ask for information to verify your request.

Security

  • Data in transit is encrypted (TLS). On-device data uses Apple’s data protection. No method is 100% secure; we continually review safeguards.

Children

  • The App is not directed to children under 13. Do not use the App if you are under the age where you cannot consent.

Not medical advice

  • The App provides translation assistance only and does not diagnose, treat, or replace professional medical advice.

Changes

  • We may update this policy from time to time. We will post the latest version in the App and update the “Last updated” date.

Contact and complaints

Contact: hello@manicgrin.com

UK regulator: Information Commissioner’s Office (ICO). You can lodge a complaint at https://ico.org.uk.