Consumer Health Data Privacy Policy

Last Updated: March 11, 2026

1. Introduction & Commitment to Privacy

At Migraine Trail LLC ("we," "us," or "our"), your privacy is our fundamental priority. We understand that your health data is deeply personal, and we are committed to protecting it with the highest standards of security and transparency.

This Consumer Health Data Privacy Policy ("Health Privacy Policy") supplements our general Privacy Policy and explicitly details how we collect, use, process, share, and protect your Consumer Health Data. This policy is designed to comply with global privacy frameworks, including the General Data Protection Regulation (GDPR), theCalifornia Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Washington's My Health My Data Act (MHMDA), and other applicable state and international laws.

Our Promise: We will never sell your health data. We do not use your health data for advertising purposes. Your health journey is yours alone, and our role is solely to provide you with tools to manage it.

2. Scope and Definitions

"Consumer Health Data" means any personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.

This includes, but is not limited to, data related to:

  • Individual health conditions, treatment, diseases, or diagnosis.
  • Social, psychological, behavioral, and medical interventions.
  • Health-related surgeries or procedures.
  • Use or purchase of prescribed medication.
  • Bodily functions, vital signs, symptoms, or measurements.
  • Diagnoses or diagnostic testing, treatment, or medication.
  • Gender-affirming care information.
  • Reproductive or sexual health information.

3. Information We Collect

To provide our services, specifically the tracking and analysis of migraine patterns, we may collect the following categories of Consumer Health Data directly from you:

Migraine Episode Data

Start/end times, duration, intensity scores (0-10), pain location, and attack type (e.g., aura, without aura).

Symptom & Trigger Data

Specific symptoms (nausea, light sensitivity, etc.), potential triggers (foods, weather, stress, hormonal changes), and premonitory symptoms.

Medication & Treatment

Names of medications taken (acute or preventative), dosages, time taken, and perceived effectiveness.

Voice Recordings & Transcripts

Audio recordings used exclusively for the voice-logging feature. These are processed to extract data and then deleted or anonymized consistent with your settings.

Derived Insights

Inferences made by our system based on your data, such as likely triggers, pattern analysis, and weather-related risk assessments.

Apple Health & Google Health Connect

If you explicitly opt-in, we may sync your health data with Apple HealthKit or Google Health Connect. We do not use this data for marketing or advertising.

Anonymous Mode

If you use the App in Anonymous Mode, all health data is stored locally on your device and is not linked to an identifiable account. If you delete the App, this data is permanently lost.

4. Legal Basis for Processing (GDPR & UK GDPR)

For users in the European Economic Area (EEA), United Kingdom (UK), and Switzerland, we process your personal data under the following legal bases:

  • Explicit Consent (Art. 9(2)(a) GDPR): As your data includes special categories of personal data (health data), we process this data only with your explicit consent, which you provide when you enable tracking features or input health information. You may withdraw this consent at any time.
  • Contractual Necessity (Art. 6(1)(b) GDPR): We process account and subscription data to fulfill our contract with you (providing the App's services).
  • Legal Obligation (Art. 6(1)(c) GDPR): We may process data to comply with legal requirements (e.g., tax laws, legal requests).

5. How We Use Contumer Health Data

We use your Consumer Health Data specifically to:

  • Provide, maintain, and improve the Migraine Trail application.
  • Analyze your migraine patterns to generate personal insights and reports.
  • Provide weather-based migraine risk forecasts personalized to your history.
  • Generate PDF reports for you to share with your healthcare providers.
  • Develop new features and improve the accuracy of our tracking algorithms (using de-identified or aggregated data where possible).
  • Detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity.

6. Data Sharing and Disclosures

WE DO NOT SELL YOUR CONSUMER HEALTH DATA.

We do not exchange your health data for monetary or other valuable consideration. We do not share your health data with third parties for their own marketing purposes.

We may share Consumer Health Data with:

  • Processors and Service Providers: Trusted third companies that perform services on our behalf, such as cloud hosting (e.g., AWS, Cloudflare), AI processing providers, Mobile SDKs (e.g., RevenueCat for subscriptions, AppsFlyer for attribution), and customer support tools. These providers are bound by strict contractual obligations to keep your data confidential and use it only for the purposes we specify.
  • Legal Authorities: If required by law, court order, or subpoena, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred. We will notify you via email and/or a prominent notice on our app of any change in ownership or uses of your Consumer Health Data.

7. Your Privacy Rights (US States: CA, WA, NV, VA, CO, CT)

Residents of California, Washington, Nevada, Virginia, Colorado, Connecticut, and other states with specific privacy laws have the following rights regarding their Consumer Health Data:

Right to Know / Access

You have the right to confirm whether we are collecting, sharing, or selling your Consumer Health Data and to access that data, including a list of all third parties and affiliates with whom we have shared your data.

Right to Withdraw Consent / Limit Use

You have the right to withdraw your consent for the collection and sharing of your Consumer Health Data at any time. You can also limit the use of your sensitive personal information to that which is necessary to perform the services.

Right to Delete

You have the right to request the deletion of the Consumer Health Data we have collected concerning you.

Right to Correct

You have the right to correct inaccuracies in your Consumer Health Data.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality.

How to Exercise Your Rights: To exercise any of these rights, please email us at privacy@migrainetrail.com or use the "Delete Account" feature within the app settings. We will respond to verified requests within 45 days.

Additional Disclosures for Washington (MHMDA) & Nevada (SB 370)

If you are a resident of Washington or Nevada, you have specific rights regarding "Consumer Health Data" as defined by state law. We strictly prohibit the sale of Consumer Health Data. We do not implement geofencing around entities that provide in-person health care services.

8. International Data Transfers

Migraine Trail operates globally. Your personal information may be transferred to, stored, and processed in a country different from your own.

If we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework (where applicable), to ensure your data remains protected.

9. Data Retention

We retain your Consumer Health Data only for as long as is necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

  • Active Accounts: We retain data while your account is active to provide you with history and analytics.
  • Deleted Accounts: When you request account deletion, we will delete or anonymize your Consumer Health Data within 30 days.
  • Backups: Residual copies in backup systems will be deleted in accordance with our backup retention schedule (typically within 90 days).

10. Security of Your Information

We maintain comprehensive administrative, technical, and physical safeguards designed to protect your Consumer Health Data. These include:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Strict access controls and multi-factor authentication for administrative access.
  • Regular security assessments and vulnerability scans.
  • Data minimization practices to collect only what is needed.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

11. Children's Privacy

Our Service is not directed to anyone under the age of 13 (or 16 for residents of the European Economic Area (EEA) and the United Kingdom (UK)). We do not knowingly collect specific Consumer Health Data from children. If we become aware that we have collected Consumer Health Data from a child without verification of parental consent, we take steps to remove that information from our servers.

12. Exclusions and Unsolicited Information

This Health Privacy Policy does not apply to any unsolicited information you provide to us through public channels, such as social media pages, forums, or directly via email or support tickets regarding new product ideas, feature requests, or business proposals (collectively, "Unsolicited Information").

All such Unsolicited Information shall be deemed to be non-confidential, and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution. Please do not share any sensitive personal or Consumer Health Data in public forums or social media comments.

13. Medical Disclaimer

Not Medical Advice: Migraine Trail is designed to help you track, analyze, and communicate your health data. However, under no circumstances is our App meant to make a medical diagnosis, provide treatment recommendations, or replace professional medical advice. For a proper diagnosis of your medical condition or treatment plan, we strongly advise you to consult a licensed physician or relevant healthcare professional.

14. Contact Us

If you have any questions about this Consumer Health Data Privacy Policy, please contact our Data Protection Officer (DPO) and privacy team:

Migraine Trail Privacy Team

Email: privacy@migrainetrail.com

Note to Users: This policy is a legally binding agreement between you and Migraine Trail regarding the use of your health data. Please read it carefully.