When you tap a pain level, the application sends a simple number (0 to 4) to the server along with the current time. That's it — just a number and a timestamp. No personal details, no device information, no location data.
If you add an optional note, it is encrypted on your device before it leaves. The server receives and stores a scrambled version that it cannot read. Only your device can unscramble it later.
Pain Recorder uses your device's built-in biometric hardware (fingerprint reader or face recognition) instead of passwords. There is nothing to remember, nothing to type, and nothing that can be stolen in a data breach.
Your biometric data (fingerprint image, face scan) never leaves your device. The device simply confirms "yes, this is the owner" to the application. The server never sees or stores any biometric information.
Think of it like a lockbox that only your device has the key to:
Nobody else — not the server operator, not another user, not even someone with direct access to the database — can read your notes.
The server does not store your name, email, or any personal information. Instead, it knows you by a random code that was generated when you registered.
Even this random code is scrambled (hashed) before being stored with your pain records. This means that even if someone accessed the database directly, they would see pain levels attached to meaningless codes — with no way to trace them back to you.
When you open the Day view, your pain events are listed with the time and severity level. If an event has a note attached, a small + button appears next to it.
Notes are kept collapsed by default so you can scan your day at a glance and only expand the entries you want to read. If you are on a different device that does not have your decryption key, the note will show as [encrypted] — confirming it is safely protected.
Here is what happens when you record a pain level with a note:
The server stores only the number, the encrypted note (which it cannot read), and a scrambled user code.