Privacy Policy

Last updated: January 25, 2026

Effective Date: January 25, 2026

1. Our Commitment to Your Privacy

At Migraine Journey ("we," "us," or "our"), your privacy is our top priority. We understand that health data is among the most sensitive personal information, and we are committed to protecting it with the highest standards of security and transparency.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our migraine tracking application and website (collectively, the "Service"). Please read this policy carefully. If you do not agree with our policies and practices, please do not use our Service.

2. Guest Mode — Zero Data Collection

🔒 100% Private Local Storage

When using Migraine Journey in Guest Mode (without creating an account), ALL your data stays exclusively on your device. We do not collect, store, transmit, or have any access to your information. Your privacy is absolute in Guest Mode. Data is stored in your browser's local storage and is never sent to our servers.

3. Information We Collect (Registered Users)

For users who create an account, we collect:

3.1 Information You Provide

  • Account Information: Email address, name, password (encrypted and hashed using bcrypt)
  • Health Data: Migraine entries, dates, duration, severity, triggers, symptoms, medications, notes, and any other information you choose to log
  • Documents: Any medical documents or images you upload
  • Settings & Preferences: Your customization choices and app settings

3.2 Information Collected Automatically

  • Usage Data: How you interact with features, pages visited, features used
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address (anonymized), access times, error logs

3.3 Third-Party Sign-In

If you sign in with Google OAuth, we receive your email address and name from Google. We do not receive or store your Google password. You can revoke this access anytime through your Google account settings.

4. How We Use Your Data

We use your information to:

  • Provide, maintain, and improve the migraine tracking Service
  • Sync your data across devices when logged in
  • Generate analytics, insights, and pattern analysis for YOUR data only
  • Send you account-related notifications (if enabled)
  • Respond to your support requests and inquiries
  • Detect and prevent fraud, abuse, and security issues
  • Comply with legal obligations

🚫 We will NEVER:

  • Sell your personal or health data to third parties
  • Share your health information without your explicit consent
  • Use your data for advertising or marketing purposes
  • Share your data with insurance companies, employers, or data brokers
  • Use your health data for purposes other than providing the Service

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted via HTTPS/TLS encryption
  • Encryption at Rest: Data stored encrypted on secure servers
  • Password Security: Passwords hashed using bcrypt with salt
  • Access Controls: Strict authentication and authorization
  • Secure Infrastructure: Hosted on secure cloud infrastructure (Cloudflare, AWS)
  • Regular Audits: Periodic security reviews and updates

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

  • Active Accounts: Data retained as long as your account exists
  • Deleted Accounts: Data permanently deleted within 30 days of account deletion
  • Backups: Backup data may be retained for up to 90 days after deletion
  • Legal Requirements: Certain data may be retained longer if required by law

7. Your Rights

You have the following rights regarding your data:

✓ Right to Access

Export all your data at any time via Settings

✓ Right to Correction

Edit or update your information anytime

✓ Right to Deletion

Permanently delete your account and all associated data

✓ Right to Portability

Download your data in standard formats (CSV, PDF)

✓ Right to Object

Opt-out of certain data processing activities

✓ Right to Restriction

Request limitation of processing in certain circumstances

To exercise any of these rights, please contact us at [email protected].

8. Third-Party Services

We use the following third-party services:

  • Cloudflare: For security, CDN, and performance optimization
  • Cloud Storage (R2): For secure document storage
  • Analytics: Anonymous usage analytics to improve the Service (no personal data)
  • OpenAI: For AI-powered insights (data is processed but not stored by OpenAI)

Each third-party service has its own privacy policy. We recommend reviewing their policies.

9. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use:

  • Third-party advertising cookies
  • Cross-site tracking cookies
  • Behavioral targeting cookies

10. International Users & GDPR

Migraine Journey complies with the General Data Protection Regulation (GDPR) for users in the European Union and similar data protection regulations worldwide.

Legal Basis for Processing (EU Users):

  • Consent: You consent to data processing when creating an account
  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interest: For security, fraud prevention, and Service improvement

Data Transfers: Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place for international transfers.

11. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. Users aged 13-18 should have parental consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Website: Contact Form

Data Protection Officer: For GDPR-related inquiries, please contact us at the email above with "DPO Request" in the subject line.

Terms of ServiceMedical Disclaimer← Back to Home