Privacy Policy

Version 1.0 – last updated June 2026

This privacy policy explains how personal data is processed when you use the “Migrania” app (the “App”) and this website. We provide this information pursuant to Art. 13 of the General Data Protection Regulation (GDPR).

1. Controller

Christopher Brock
Vennhauser Allee 196 C
40627 Düsseldorf
Germany

Email: contact@migrania.app (full details in the legal notice).

A data protection officer is not appointed, as we are not required to appoint one at this scale. For any privacy questions, please use the contact email above.

3. Categories of personal data

We process — or, in the case of your health data, enable you to store — the following categories:

• Health and tracking data: migraine attacks, medication intakes, symptoms, free-text notes, and the contents of PDF reports. This data is stored only locally on your device and is never transmitted to us. You can export it yourself as an encrypted backup file or as a PDF report (see section 2).
• Product analytics (optional): if you opt in, anonymous usage analytics are collected via PostHog (EU endpoint). Analytics are off by default, contain no free-text and no direct identifiers, exclude all health content, and are limited to a fixed allowlist of events.
• Crash reporting (optional): if you opt in, technical crash data is collected via Sentry (EU/Germany region). Crash reporting is off by default and limited to technical diagnostic data.
• Website: if web analytics are used, they are cookieless and self-hosted (page URL, referrer, browser type). No cookies and no persistent identifiers are set.

4. Purposes and legal bases

• Health and tracking data (purpose: letting you record and review your own wellness data on your device): your explicit consent under Art. 9(2)(a) GDPR in conjunction with Art. 6(1)(a) GDPR. As this is special-category data (Art. 9 GDPR), it is processed only on the basis of your explicit consent given in the App.
• Product analytics and crash reporting (purpose: improving stability and the product): your consent under Art. 6(1)(a) GDPR, which you give by opting in and can withdraw at any time.

5. Recipients and processors

Your health and tracking data is not shared with any processor — it never leaves your device except through a backup file or PDF that you create and control yourself. The only processors we engage relate to the optional, opt-in features, each under a data processing agreement (DPA / AVV):

• PostHog (EU): optional, opt-in product analytics, processed on EU infrastructure.
• Sentry (EU/Germany): optional, opt-in technical crash data.

6. Third-country transfers

Processing by our processors takes place within the EU/EEA. We do not transfer your data to a third country. Any backup files or PDF exports you create are stored wherever you choose, which is under your sole control.

7. Retention

Your health and tracking data is kept on your device until you delete it; you remain in control of it at all times and can delete all data within the App. Optional analytics and crash data are retained only for as long as necessary for the stated purpose and are deleted according to the respective provider’s retention windows. Cookieless website logs are kept only briefly for operational and security purposes.

8. Is providing data mandatory?

You are not legally or contractually obliged to provide data. The App is fully usable for tracking without enabling analytics or crash reporting, which are optional and off by default. Not enabling them has no negative consequences for your use of the App.

9. No automated decision-making

There is no automated decision-making or profiling within the meaning of Art. 22 GDPR. Migrania does not predict migraine attacks and does not infer causal triggers; it only displays the data you have entered yourself.

10. Your rights

Under the GDPR you have the right to:

• access your personal data (Art. 15);
• rectification of inaccurate data (Art. 16);
• erasure (Art. 17);
• restriction of processing (Art. 18);
• data portability (Art. 20) — you can export all your data yourself as a backup file at any time;
• object to processing (Art. 21);
• withdraw your consent at any time (Art. 7(3)), without affecting the lawfulness of processing before withdrawal. Withdrawal is possible at any time in the App’s settings.

Because your health data is stored only on your device, you can exercise most of these rights directly in the App (e.g. by editing, exporting, or deleting your entries).

11. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. The authority competent for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2–4
40213 Düsseldorf
Germany
ldi.nrw.de

12. Changes to this policy

We may amend this privacy policy, for example following changes to the App, to processors, or to the legal framework. The current version is always available on this page.

The German version of this privacy policy is the legally authoritative one.