Privacy Policy

Your privacy matters. Here's exactly how we handle your data.

Last updated: December 11, 2025

The Short Version

Health Data is Transient

Your HealthKit data is used only to generate predictions and is never stored on our servers.

Stay Anonymous

No email, name, or account required. You're identified only by an anonymous device ID.

Your Data, Your Control

Delete individual entries or all your data anytime. No questions asked.

What Data Do We Collect?

TransientHealth Data (Not Stored)

When you request a migraine risk prediction, we temporarily process health data to generate your prediction. This data is never saved to our servers.

  • From Apple HealthKit (with your permission): Heart rate variability (HRV), resting heart rate, sleep duration, sleep quality
  • Environmental data: Barometric pressure, pressure changes, temperature, humidity
  • Attack context: Recent attack counts, days since last attack, identified triggers
Why transient? This data is sent to our AI model, processed instantly, and discarded. We never build a health profile on our servers.

StoredData You Explicitly Log

We only store data that you choose to log in the app:

  • Migraine attack logs: When attacks occurred, pain intensity, symptoms, medications, triggers, relief methods, your notes
  • Manual wellness entries: Sleep quality, stress level, hydration, activity level, energy level
  • Engagement data: When you open the app, complete protocols, or log attacks (for streaks and insights)

StoredDevice & Technical Data

  • Device ID: A random identifier generated by your phone (stored in iOS Keychain)
  • Timezone: For accurate prediction timing
  • Push notification token: If you enable notifications
  • Subscription status: Your subscription tier and expiration (via RevenueCat)

How Do We Use Your Data?

Predict Migraine Attacks

Your health metrics feed our AI model to predict your risk up to 48 hours in advance.

Generate Insights

Your attack logs help identify patterns, triggers, and what relief methods work for you.

Send Notifications

Alert you when your risk is elevated or send daily/weekly summaries.

Improve the App

Anonymous usage analytics help us understand which features are valuable.

What We Don't Do

  • We do not sell your data to anyone, ever
  • We do not share your health data with third parties
  • We do not use your data for advertising or marketing
  • We do not track you across other apps or websites
  • We do not require personal information like email or name

Third-Party Services

We use carefully selected services to provide ProAct. Here's exactly what each one receives:

ServicePurposeWhat They Receive
Anthropic ClaudeAI-powered predictionsHealth metrics (processed instantly, not stored by Anthropic)
Apple APNsPush notificationsPush token only (no health data)
RevenueCatSubscription managementSubscription events (no health data)
PostHogUsage analyticsAnonymous events with device ID (no health data)
SentryError trackingError reports only (health data explicitly filtered out)
SupabaseDatabase hostingStored data (attack logs, entries, device info)
About our AI: We use Anthropic's Claude API for predictions. Per Anthropic's privacy policy, API requests are not used to train their models and are not stored beyond what's needed to process your request.

How Is Your Data Secured?

Encrypted Transport

All data travels over HTTPS (TLS 1.3) - encrypted end-to-end.

Three-Layer Authentication

App secret + device JWT token + device ID verification on every request.

Row-Level Security

Your device can only access your own data - enforced at the database level.

Rate Limiting

Protection against abuse and excessive requests.

Your Rights & Choices

What You Can Do

  • View your data: See all your attack logs and health entries in the app
  • Delete individual items: Remove any attack log or health entry anytime
  • Revoke push notifications: Disable notifications in iOS Settings
  • Request full deletion: Contact us to completely remove all your data
  • Export your data: Request a copy of all your data (coming soon)

For California Residents (CCPA)

You have the right to know what personal information we collect, request deletion, and opt-out of the sale of personal information. We do not sell your data.

For European Users (GDPR)

You have the right to access, rectify, erase, and port your data. You can also object to processing or withdraw consent. Contact us at support@proactmigraine.com to exercise these rights.

How Long Do We Keep Your Data?

Data TypeRetention PeriodCan You Delete?
Attack logsUntil you delete or request removalYes
Manual health entriesUntil you delete or request removalYes
Device registrationUntil you request removalYes
Prediction cache1 hour (automatic expiration)Automatic
Analytics (PostHog)90 daysThird-party

Special Note About Health Data

Your health data is the most sensitive information you share with us. We take extra care:

  • HealthKit data is never stored: It's processed for prediction and immediately discarded
  • Error tracking is filtered: We explicitly filter health data from Sentry error reports
  • Analytics never see health data: PostHog only receives anonymous event names
  • No health profiles: We cannot and do not build a health history on our servers
Not Medical Advice: ProAct is not a medical device and predictions are not medical advice. Always consult healthcare professionals for medical decisions.

Children's Privacy

ProAct is designed for adults 18 and older. We do not knowingly collect data from children under 13. If you believe a child's data was collected, please contact us immediately at support@proactmigraine.com.

Changes to This Policy

We may update this policy as our service evolves. For material changes, we'll notify you through the app before they take effect. Your continued use after changes means you accept the updated policy.

Contact Us

For privacy questions or data requests: