Your Health Data is Yours.

We built MigraineTracker because we were tired of health apps that sell patient data. Here is our plain-English privacy promise to you.

Total Deletion Control

We believe the "Right to be Forgotten" shouldn't require emailing support and waiting 30 days. You have granular control directly in the app settings:

Reset Calendar

Wipe your pain history and stats without losing your medication settings.

Scrub Meds

Clear all medication usage logs while keeping your daily pain records.

Delete Account

Instantly purges 100% of your data, logins, and subscriptions from our servers.

Where is my data stored?

Your data is stored securely in Google Firebase (Firestore), utilizing industry-standard encryption at rest and in transit. Authentication is handled directly by Google's secure identity platform.We do not have access to your password.

Administrative Access

As the developers and maintainers of the service, authorized administrators have technical access to the database. This access is strictly limited to:

  • Performing necessary database maintenance or upgrades.
  • Debugging technical issues or errors.
  • Providing customer support when explicitly requested by you.

We treat your health data with the highest level of confidentiality and never access specific user records without a valid technical or support reason.

How are reports generated?

PDF reports are generated locally on your device using client-side code. Unlike many other health apps, we do not send your monthly health summaries to a separate processing server to create the PDF. This minimizes the number of places your sensitive report exists.

Cookies & Local Storage

We do not use tracking cookies, pixel tags, or advertising scripts. We rely on Local Storage on your device for strictly necessary features to make the app work:

  • isDarkModeRemembers your visual theme preference.
  • printOptionsSaves your last used PDF settings.
  • firebase:authMaintains your secure login session.
  • stripe_midRequired by Stripe for payment security.

Full Legal Privacy Policy

Effective Date: January 2, 2026

Data Controller: SME Web Designs (trading as Migraine Tracker)

1. Introduction

SME Web Designs ("we", "us", or "our") operates the Migraine Tracker mobile application and website (migrainetracker.co.uk). We are committed to protecting your personal data. This policy details how we collect, use, and safeguard your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller Contact

3. The Data We Collect

A. Identity & Contact Data (Required for Account)

  • Email Address: Used for secure authentication and account management.
  • Name (Optional): Used only for personalizing your interface and reports.

B. Health & Usage Data (Special Category Data)

This app is designed to track health metrics. By using the app, you explicitly consent to the processing of the following "Special Category" data:

  • Pain History: Daily logs of migraine severity (Green/Amber/Red scales) and time periods.
  • Medication Logs: Names of medications, dosages, and timestamps of when they were taken.
  • Health Flags: Indicators for "Depressive Days" and "Important Days".
  • Notes: Free-text notes you append to specific days, which may contain health-related descriptions.

C. Technical Data

  • Device Information: We store strictly necessary tokens (e.g., firebase:auth) to maintain your login session.
  • Payment Data: Transaction history (e.g., subscription status). Note: We do not store your full credit card number; this is handled securely by Stripe.

4. Lawful Basis for Processing

We process your data under the following lawful bases:

  1. Consent: You provide explicit consent for us to process your health data when you enter it into the tracker. You may withdraw this consent at any time by deleting your data.
  2. Contract: We process your email and payment status to fulfill the service (Premium features) you have requested.
  3. Legal Obligation: We retain invoice records to comply with HMRC tax requirements.

5. Third-Party Data Processors

We use trusted third-party service providers to power our infrastructure. We have verified that they are GDPR-compliant:

ProviderPurposeLocation
Google FirebaseDatabase (Firestore), Auth, Cloud FunctionsGlobal (Encrypted)
StripePayment ProcessingUSA / Global
NetlifyWebsite HostingGlobal

No Ad Tracking: We do not use Google Analytics, Meta Pixels, or third-party advertising trackers.

6. Data Retention & Deletion

We retain your data only as long as you have an active account.

  • Granular Deletion: You may delete only your medication history or only your calendar history via the "Danger Zone" in the app settings.
  • Account Deletion: You may delete your entire account instantly via the app settings. This action permanently removes your data from our live database.

7. Your Rights

Under the UK GDPR, you have the right to:

  • Access: Request a copy of your data (available via our "JSON Backup" feature).
  • Portability: Download your data in a machine-readable format (CSV or JSON).
  • Erasure: Request that we delete your data (available via the in-app "Delete Account" button).
  • Rectification: Correct inaccurate data (e.g., renaming medications).

8. Complaints

If you have concerns about how we handle your data, please contact us at support@migrainetracker.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).