Migraine Logger ("the app", "we", "our") is an independent iOS application for tracking migraine attacks, daily wellbeing, and identifying personal triggers. It is developed by an independent developer based in Istanbul, Türkiye. Contact: migraintracker@gmail.com.
This policy applies to the Migraine Logger app for iOS, watchOS, and the associated widgets and Live Activities. It does not apply to any third-party service you may choose to connect to (Apple Health, iCloud, Open-Meteo, Anthropic, OpenAI, or Google) — those services have their own privacy policies, summarised below.
The app stores the following data on your device and in your private iCloud:
| Category | Examples | Where it lives |
|---|---|---|
| Migraine attacks | Start time, end time, intensity (1–10), pain location, type, triggers, aura, prodrome, medications taken, free-text notes, optional voice-note transcripts | On-device + your iCloud |
| Daily wellbeing | Sleep hours, stress level, mood, hydration, caffeine, alcohol, exercise minutes, optional menstrual cycle phase, free-text notes | On-device + your iCloud |
| Drink & nap logs | Drink type and time; nap duration and quality | On-device + your iCloud |
| HealthKit reads (optional) | Sleep duration, heart rate variability, resting heart rate, exercise minutes, menstrual flow | Apple Health (we read; we never copy permanently) |
| HealthKit writes (opt-in, off by default) | Ended migraine attacks written to Apple Health under "Headache" | Apple Health on your device |
| Location | Coarse location for local barometric pressure / weather. Background ("Always") location is opt-in only and used only to refresh weather when you travel | Sent to Open-Meteo's API; not stored by us |
| Voice notes | Microphone audio captured during attacks for hands-free note-taking | Transcribed on-device by Apple Speech; original audio is never saved |
| API keys (optional) | Your personal API keys for Anthropic, OpenAI, or Google, only if you choose to use AI features | iOS Keychain on your device |
| App settings | Reminder times, notification preferences, language choice | On-device (UserDefaults) |
By default, your migraine and wellbeing data is synchronised across your Apple devices via Apple's CloudKit service, using your private iCloud database. We never see this data. It is end-to-end encrypted by Apple and governed by Apple's privacy policy. You can disable iCloud sync in Settings → Integrations.
Local barometric pressure is a clinically established migraine trigger, so the app fetches current weather conditions from Open-Meteo, a free non-commercial weather API. We send only your latitude and longitude. Open-Meteo does not require an account, does not log requests for tracking purposes, and is GDPR-compliant. We do not store your location after the request.
Migraine Logger includes optional AI-powered pattern analysis and daily forecast features. These require your own API key for one of the supported providers:
When — and only when — you press "Analyse" or have the daily forecast enabled, the app sends a structured summary of your recent attacks and daily logs directly to your chosen provider, using your own API key. The data goes from your device to the provider; it does not pass through our servers because we don't have any. Each provider's privacy policy governs what they do with the request. You can disable these features at any time in Settings, and you can revoke your API key in Settings → AI Insights → Settings & keys.
If you grant HealthKit permission, the app reads sleep, heart rate variability, resting heart rate, exercise minutes, and menstrual flow to improve risk scoring. We do not copy this data into our own store — we read it on demand. If you opt in to "Write attacks to Apple Health" (off by default), ended migraine attacks are written to Apple Health under the Headache category. You can revoke either permission at any time in iOS Settings → Apple Health → Sharing → Migraine Logger.
Voice notes use Apple's Speech framework. Where supported by your device, transcription happens entirely on-device and audio never leaves the phone. On older devices Apple's Speech framework may use server-side recognition; in that case audio is processed under Apple's Siri & Dictation policy. We never store the original audio, only the resulting transcript inside your migraine note.
| Permission | Why | Default |
|---|---|---|
| HealthKit (read) | Sleep / HRV / exercise / menstrual data for risk scoring | Off — opt in |
| HealthKit (write) | Write ended attacks to Apple Health Headache log | Off — opt in |
| Location: When-In-Use | Local weather and barometric pressure | Off — opt in |
| Location: Always (background) | Pre-emptive risk alerts when you travel | Off — opt in only after explicit "why we ask" sheet |
| Notifications | Daily check-in reminder, pressure-drop alerts, attack reminders | Off — opt in |
| Microphone | Voice notes during attacks | Off — requested only when you press the mic button |
| Speech Recognition | On-device transcription of voice notes | Off — requested with the microphone |
Migraine and wellbeing data is, by its nature, sensitive personal information. We treat it accordingly:
The app is informational, not diagnostic. Risk scores, MOH warnings, and chronic-pattern flags are educational signals to discuss with a qualified healthcare professional — they are not medical advice and they are not a substitute for clinical evaluation.
Migraine Logger is not designed for children under the age of 16. We do not knowingly collect data from anyone under 16. The App Store age rating reflects the inclusion of medical/treatment information.
Because all your data lives on your device and in your iCloud, you have full and immediate control over it at any time:
If you are in the EU, the UK, or another GDPR-aligned jurisdiction, the legal basis for processing the personal data the app handles is Article 6(1)(a) consent (you opt in to each feature) and Article 9(2)(a) explicit consent for special-category health data. You can withdraw consent at any time without affecting the lawfulness of prior processing.
If you are in California (CCPA): we do not sell or share personal information. There is nothing to opt out of.
If you are in Türkiye (KVKK): kişisel verileriniz cihazınızda saklanır, tarafımızca toplanmaz veya işlenmez. Sağlık verileriniz özel nitelikli kişisel veri kategorisinde olup, açık rızanızla yalnızca uygulama içinde yerel olarak işlenir. Tüm verilere uygulama içinden erişebilir, düzeltebilir veya silebilirsiniz.
We don't retain anything because we don't receive anything. Data on your device is retained until you delete it. iCloud data follows Apple's retention rules — typically until you remove it from iCloud or close your Apple ID.
Local data is protected by iOS file-level encryption (your device passcode / Face ID / Touch ID). iCloud sync uses Apple's CloudKit, which encrypts data in transit and at rest. API keys are stored in the iOS Keychain. Network calls to Open-Meteo and the AI providers use HTTPS/TLS.
When you opt in to an AI feature, your request is sent directly from your device to your chosen provider's servers, which may be located outside your country (typically in the United States for Anthropic, OpenAI, and Google). Each provider has its own safeguards for international transfer (Standard Contractual Clauses, etc.). Open-Meteo is headquartered in Switzerland.
If we update this policy, the "Last updated" date at the top will change and a notice will appear in the app. Material changes will require your explicit re-acknowledgement before continued use of affected features.
Questions, concerns, or requests: migraintracker@gmail.com. We respond within 7 days.