When you create an account or sign in, we may collect:
We do not collect or store passwords from third-party login providers.
You may choose to enter:
This data is stored only for your personal use within the app and to generate personalised insights.
If you choose to connect supported services, we may collect health-related data such as:
This data is only collected if you explicitly enable the integration and grant the required permissions. You can disconnect any integration at any time.
If you grant permission, MigraineMe may collect the following device-based metrics:
Each of these requires explicit user permission and can be individually disabled at any time in the app's Data Settings.
If enabled, MigraineMe collects approximate daily location data to retrieve local weather conditions and associate environmental factors with migraine patterns. Location collection is optional, requires explicit permission, can be disabled at any time, is stored at daily resolution (not continuous tracking), and is used solely to fetch weather data for your area.
If you log food or connect a nutrition source, we may process food names, meal types, macro and micronutrient values, and migraine-relevant exposure flags (tyramine, alcohol, gluten, caffeine). Nutrition data is used to identify dietary trigger patterns.
Your data is used to authenticate your account, store and display your migraine and health history, calculate personalised risk scores and trigger analysis, generate AI-powered daily insights (premium), synchronise enabled third-party health data, and improve app functionality and reliability.
MigraineMe uses artificial intelligence to generate personalised daily insights for premium users. This involves aggregating and summarising your health data, then sending this summarised data to OpenAI's API (GPT-4o-mini) to generate actionable advice.
Important: Only aggregated summaries are sent to the AI service — not raw personal identifiers. The data sent does not include your name, email, or account information. OpenAI's API data usage policy states that API inputs are not used to train their models.
MigraineMe supports login via email and password, Google Sign-In, Facebook Login, and Apple Sign-In. When using a third-party provider, authentication is handled securely by the provider and Supabase. MigraineMe receives a session token and basic profile identifier only — we never receive access to your provider password.
All data is stored securely using Supabase, a managed backend platform built on PostgreSQL, hosted in the European Union. Security measures include:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Backend, database, authentication | All app data (encrypted) |
| RevenueCat | Subscription management | User ID, purchase status |
| OpenAI | AI daily insights (premium) | Aggregated health summaries (no personal identifiers) |
| Google / Facebook / Apple | Authentication (optional) | Session token only |
| WHOOP / Garmin | Health metrics (optional) | Health data via authorised API |
| Open-Meteo | Weather data | Approximate location coordinates |
Each third-party service is governed by its own privacy policy. MigraineMe only accesses the minimum data required for functionality.
| Permission | Purpose | Required? |
|---|---|---|
| Internet | Core app functionality | Yes |
| Location (approximate) | Weather data for trigger correlation | Optional |
| Microphone | Ambient noise level sampling | Optional |
| Health Connect | Sleep, heart rate, activity data | Optional |
| Notifications | Reminders and check-in prompts | Optional |
| Usage Stats | Screen time tracking | Optional |
All optional permissions can be granted or revoked at any time through your device settings or the app's Data Settings screen.
Your data is retained as long as your account remains active, or until you request deletion. If you disconnect a third-party service, no new data will be collected from that provider. Previously collected data remains unless you delete it.
You have full control over your data.
To request complete deletion of your account and all associated data, visit our account deletion page or email us directly:
📧 help@migraineme.app — Subject: "MigraineMe Data Deletion Request"
Include the email address used to sign in. Your request will be processed within 30 days.
You may request a copy of all your stored data by contacting us at the email address above.
Your data is stored on servers within the European Union. If you access MigraineMe from outside the EU, your data will be transferred to and processed in the EU. For the AI insights feature, aggregated (non-identifying) health summaries may be processed by OpenAI's servers in the United States.
MigraineMe is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it.
We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. If we make material changes, we will notify you through the app.
If you have questions or concerns about this Privacy Policy or your data: