ProAct
FeaturesHow It WorksDownload

Privacy Policy

Your privacy matters. Here's exactly how we handle your data.

Last updated: June 26, 2026

The Short Version

Health Data is Transient

Your HealthKit data is used only to generate predictions and is never stored on our servers.

Stay Anonymous

No email, name, or account required. You're identified only by an anonymous device ID.

Your Data, Your Control

Delete individual entries or all your data anytime. No questions asked.

What Data Do We Collect?

TransientHealth Data (Not Stored)

When you request a migraine risk prediction, we temporarily process health data to generate your prediction. This data is never saved to our servers.

  • From Apple HealthKit (with your permission): Heart rate variability (HRV), resting heart rate, sleep duration, sleep quality
  • Environmental data: Barometric pressure, pressure changes, temperature, humidity
  • Attack context: Recent attack counts, days since last attack, identified triggers
Why transient? This data is sent to our AI model, processed instantly, and discarded. We never build a health profile on our servers.

StoredData You Explicitly Log

We only store data that you choose to log in the app:

  • Migraine attack logs: When attacks occurred, pain intensity, symptoms, medications, triggers, relief methods, your notes
  • Manual wellness entries: Sleep quality, stress level, hydration, activity level, energy level
  • Engagement data: When you open the app, complete protocols, or log attacks (for streaks and insights)

StoredDevice & Technical Data

  • Device ID: A random identifier generated by your phone (stored in iOS Keychain)
  • Timezone: For accurate prediction timing
  • Push notification token: If you enable notifications
  • Subscription status: Your subscription tier and expiration (via RevenueCat)

How Do We Use Your Data?

Predict Migraine Attacks

Your health metrics feed our AI model to predict your risk up to 48 hours in advance.

Generate Insights

Your attack logs help identify patterns, triggers, and what relief methods work for you.

Send Notifications

Alert you when your risk is elevated or send daily/weekly summaries.

Improve the App

Anonymous usage analytics help us understand which features are valuable.

What We Don't Do

  • We do not sell your data to anyone, ever
  • We do not share your health data with third parties
  • We do not use your health data for advertising or marketing
  • We do not require an account, email, name, or other personal information

About Advertising

We advertise ProAct on platforms like Meta (Facebook and Instagram) to help people discover the app. You never need an account to use ProAct, and we never attach your name or email to anything - but to measure whether our ads actually work, we send Meta a limited set of conversion events from our servers when a free trial starts or a subscription is purchased.

  • What Meta receives: your device's advertising identifier (a persistent device ID Meta can use to match the conversion to an ad - shared only if you allow tracking when iOS asks), a Facebook-supplied anonymous ID, your IP address, basic device and app info, and the subscription event with its purchase amount.
  • What Meta never receives: your health data, attack logs, name, email, or phone number.
  • Your control: if you decline the App Tracking Transparency prompt in iOS, we do not share your advertising identifier with Meta.

Third-Party Services

We use carefully selected services to provide ProAct. Here's exactly what each one receives:

ServicePurposeWhat They Receive
Anthropic ClaudeAI-powered predictionsHealth metrics (processed instantly, not stored by Anthropic)
Apple APNsPush notificationsPush token only (no health data)
RevenueCatSubscription managementSubscription events (no health data)
PostHogUsage analyticsAnonymous events with device ID (no health data)
SentryError trackingError reports only (health data explicitly filtered out)
SupabaseDatabase hostingStored data (attack logs, entries, device info)
MetaAd measurement & optimizationSubscription conversion events, advertising identifier (with your consent), IP, device info (no health data, no name or email)
About our AI: We use Anthropic's Claude API for predictions. Per Anthropic's privacy policy, API requests are not used to train their models and are not stored beyond what's needed to process your request.

How Is Your Data Secured?

Encrypted Transport

All data travels over HTTPS (TLS 1.3) - encrypted end-to-end.

Three-Layer Authentication

App secret + device JWT token + device ID verification on every request.

Row-Level Security

Your device can only access your own data - enforced at the database level.

Rate Limiting

Protection against abuse and excessive requests.

Your Rights & Choices

What You Can Do

  • View your data: See all your attack logs and health entries in the app
  • Delete individual items: Remove any attack log or health entry anytime
  • Revoke push notifications: Disable notifications in iOS Settings
  • Request full deletion: Contact us to completely remove all your data
  • Export your data: Request a copy of all your data (coming soon)

For California Residents (CCPA/CPRA)

You have the right to know what personal information we collect, request deletion, and opt out of the sale or sharing of personal information. We do not sell your data. We do share a limited advertising identifier with Meta to measure and optimize our ads (see About Advertising above). You can opt out of this sharing by declining the App Tracking Transparency prompt in iOS, which stops us from sharing your advertising identifier.

For European Users (GDPR)

You have the right to access, rectify, erase, and port your data. You can also object to processing or withdraw consent. Contact us at support@proactmigraine.com to exercise these rights.

How Long Do We Keep Your Data?

Data TypeRetention PeriodCan You Delete?
Attack logsUntil you delete or request removalYes
Manual health entriesUntil you delete or request removalYes
Device registrationUntil you request removalYes
Prediction cache1 hour (automatic expiration)Automatic
Analytics (PostHog)90 daysThird-party

Special Note About Health Data

Your health data is the most sensitive information you share with us. We take extra care:

  • HealthKit data is never stored: It's processed for prediction and immediately discarded
  • Error tracking is filtered: We explicitly filter health data from Sentry error reports
  • Analytics never see health data: PostHog only receives anonymous event names
  • No health profiles: We cannot and do not build a health history on our servers
Not Medical Advice: ProAct is not a medical device and predictions are not medical advice. Always consult healthcare professionals for medical decisions.

Children's Privacy

ProAct is designed for adults 18 and older. We do not knowingly collect data from children under 13. If you believe a child's data was collected, please contact us immediately at support@proactmigraine.com.

Changes to This Policy

We may update this policy as our service evolves. For material changes, we'll notify you through the app before they take effect. Your continued use after changes means you accept the updated policy.

Contact Us

For privacy questions or data requests:

  • Email: support@proactmigraine.com
  • Response time: Within 30 days for data requests
ProAct

See it coming. 48 hours ahead.

Product

FeaturesHow It WorksDownload

Support

Email Support

ProAct is not a medical device and does not provide medical advice. Always consult a qualified healthcare provider for diagnosis or treatment.

© 2026 ProAct. All rights reserved.

PrivacyTermsContact