At a glance

1.Who we are

Penumbra is operated by Smart IT US Inc., a company incorporated in Wyoming, United States.

Our mailing address is: 30 N Gould St Ste R, Sheridan, Wyoming 82801, USA · Contact: support@smart-it.io

For any privacy questions, you can always reach us at legal@smart-it.io.

In this Privacy Policy, "we," "us," and "our" refer to Smart IT US Inc. doing business as Penumbra. "You" means anyone who visits penumbra.health or interacts with our services.

2.What we collect

Information you give us

When you sign up or fill out a form on our site, we ask for your first name and your email address. That's it. We don't ask for your last name, phone number, mailing address, payment card details, or any other personal information on this site.

Information collected automatically

When you visit our site, we automatically collect device and browser information (IP address, browser type and version, operating system, screen size, language); usage information (pages viewed, links clicked, time spent on each page, referring website, scroll depth); and cookie and tracker data — see our Cookie Policy for the full list.

We use this technical data to understand how our site performs, to detect fraud and abuse, and to improve the experience.

Voice logging in the Penumbra app

In the Penumbra mobile app you can record a migraine entry by speaking. Your speech is transcribed to text by your device's operating system (Apple or Google speech recognition), which may process the audio on-device or on its own servers under its own terms. Penumbra never stores or uploads the audio recording — only the resulting text transcript is sent to our service, and on to our AI provider (Anthropic), to structure it into an attack entry. You can also type entries instead of speaking.

Location and weather

If you allow it, Penumbra reads your device location only while the app is in use to look up your local barometric pressure and weather — common migraine triggers. Only the coordinates are sent to our weather provider (OpenWeatherMap); we do not store your location or use it to track you or for advertising. You can decline location access and still use the app.

Health data (Apple Health / Google Health Connect)

With your permission, Penumbra reads health data you choose to share — such as sleep, menstrual cycle, and workouts — to show context and correlations alongside the migraine attacks you log, and it can write the headache episodes you log back to Apple Health. Health readings are processed on your device to compute summaries; the migraine entries you save (including a barometric-pressure reading captured at the time) are stored in your account. Health data obtained through Apple Health / Health Connect is never sold, never shared with third parties, and never used for advertising, marketing, or data-mining. You control this access in your system Health settings at any time.

Profile details you provide

In the app you can add your name and date of birth. These are stored in your account and used to personalise the app and tailor insights to your age. Your account itself is created through Firebase Authentication using Sign in with Apple, Google, or email.

3.How we use your information

We do not use your information for automated decision-making that has legal or similarly significant effects on you.

4.Legal basis (for visitors from the EU/UK)

If you're in the EU or UK, we rely on the following legal bases under GDPR and the UK Data Protection Act:

You can withdraw consent at any time without affecting the lawfulness of processing we did beforehand.

5.Payments

Penumbra is in pre-launch testing. We do not collect payment information or process payments on penumbra.health — there is no checkout, and we never ask for card details.

We only collect your first name and email address, so we can let you know when Penumbra is ready. If you ever see a charge claiming to be from us related to this site, it isn't us — please contact legal@smart-it.io right away.

6.Who we share it with

We share your information with a small set of trusted service providers who help us run our business. Each one is bound by contract to use your data only for the purposes we specify.

ProviderWhat they receiveWhat for
HubSpotName, email, marketing engagement dataEmail communications and CRM
Google (Analytics, Ads, Search Console, Tag Manager)Usage data, IP, device infoSite analytics, search performance, advertising
Meta (Facebook, Instagram)Usage data, IP, device info (via Meta Pixel)Advertising and audience analysis

We may also share your information if required by law, to protect our rights and safety, or in connection with a business transfer (you'll be notified). We do not sell your personal information to third parties for money.

7.How long we keep it

If you ask us to delete your data, we'll do so within 30 days unless we have a legal obligation to keep it longer.

8.Your rights

You have the right to:

To exercise any of these rights, just email legal@smart-it.io. We'll respond within 30 days. We may need to verify your identity first to protect against fraud.

Depending on where you live, you may have additional rights — see our regional addenda (GDPR, UK DPA, CCPA) for details.

9.Cookies and tracking

We use cookies and similar technologies on penumbra.health. The full list — what each cookie does, who sets it, and how long it lasts — is in our Cookie Policy.

You can manage your cookie preferences anytime via the cookie banner on our site, or through your browser settings.

10.Adults only (18+)

Penumbra is intended for adults 18 years of age or older. We don't knowingly collect information from anyone under 18. By using the site, you confirm you are 18 or older.

If you believe someone under 18 has given us their information, please email legal@smart-it.io and we'll delete it.

11.International transfers

We're based in the United States (Wyoming). When you give us your data, it is transferred to and processed in the United States.

Most of our key service providers (Google, Meta, HubSpot) are based in the United States and process data there. Your data may therefore be processed in multiple jurisdictions.

For transfers involving EU or UK residents' data, we rely on appropriate safeguards under EU GDPR and UK GDPR — including Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), or each provider's equivalent safeguards. Copies are available on request at legal@smart-it.io.

12.Security

We protect your information with industry-standard safeguards — encryption in transit (HTTPS everywhere), encryption at rest where applicable, limited employee access, and regular security reviews of our providers.

No system is 100% secure, but we work to keep yours as safe as reasonably possible.

13.Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll change the "Effective Date" at the top and, for material changes, notify you by email (if we have your email) or via a notice on the site.

The current version is always available at https://www.penumbra.health/penumbra-privacy.html.

14.Contact us

For any privacy questions, requests, or concerns:

Email: legal@smart-it.io
Mail: Smart IT US Inc., 30 N Gould St Ste R, Sheridan, Wyoming 82801, USA · Contact: support@smart-it.io

Regional addenda

If you're in one of the regions below, additional rights and protections apply: