Privacy Policy

MigraineMatters Privacy Policy

Effective date: November 11, 2025

MigraineMatters (the "App") helps people track migraine related information they choose to record. Your trust matters. This Privacy Policy explains what personal information we collect, how we use it, how it's shared, and the choices and rights you have. If anything here conflicts with local law, we follow the rule that provides you the most protection.

1. Who we are

• Controller/Provider: Axona Labs Corp., doing business as MigraineMatters, 1004-750 W Broadway, Vancouver, BC, Canada. • Contact (privacy): admin@axona.ca | 1004-750 W Broadway, Vancouver, BC, Canada • Data hosting & infrastructure provider (processor/sub processor): Base44 (cloud hosting and related services) operating on Amazon Web Services (AWS) infrastructure. We maintain a data processing agreement with Base44 that includes confidentiality, security, and sub processor controls.

2. What we collect

We only collect data you provide or that is necessary to operate the App safely and effectively.

2.1 Data you choose to enter (user submitted) • Migraine journal entries: dates/times, duration, severity, prodrome/aura, triggers, symptoms, disability level, medications (name, dose, timing, response), adverse effects, rescue medication use, menstruation status, sleep, hydration, diet, stress, exercise, notes. • Health history (optional): migraine subtype, diagnosis dates, comorbidities, allergies, past treatments/procedures. • Uploaded content (optional): images/files (e.g., headache diaries, test results). • Care team information (optional): provider names/contacts for sharing summaries. Sensitive data. Some information you enter may be considered health or other sensitive data. We process it only with your explicit action (entering/saving it) and to provide the App's features you request. 2.2 Account & app data • Account details: name/alias, email, password hash, time zone, language. • Device & app diagnostics: app version, OS, crash logs, performance metrics. • Usage events: button taps, screens viewed, feature use (aggregated/limited to product improvement), and feedback submissions you choose to send via the in app feedback button. 2.3 Automatically collected technical data • Network/technical: IP address, device identifiers, browser/OS info, and standard cookies or similar technologies if you use our web app. We do not collect precise geolocation unless you enable a location based feature (specifically, weather linked trigger tracking). If enabled, you can turn it off at any time in settings. 3. Why we collect it (purposes) • Provide core features: create and store entries, show trends and analytics, generate summaries/reports for you or your clinician, reminders/notifications you enable (including iOS push notifications when available). • Support & safety: diagnose outages, fix bugs, prevent abuse, ensure integrity and security of the service. • Product improvement: aggregate/anonymize usage to understand which features work and where to improve. • Research using de identified data (optional): we may use de identified data for research, publications, or to develop algorithms. You can opt out at any time in Settings; we will not attempt to re identify you. • Legal & compliance: meet legal obligations, enforce terms, protect the rights, property, or safety of users and the public. 4. When required by law, we rely on: • Consent (Art. 6(1)(a), 9(2)(a)) for processing health/sensitive data you enter and for any optional research, marketing, or location features. • Contract (Art. 6(1)(b)) to provide the App and customer support. • Legitimate interests (Art. 6(1)(f)) for security, anti fraud, and product improvement using minimal, privacy preserving data. • Legal obligation (Art. 6(1)(c)) when we must retain or disclose data to comply with the law. You can withdraw consent (including location and marketing) or opt out of de identified research at any time in the App or by contacting us.

5. How we use and share information

We do not sell your personal information.

We share data only with: • Service providers / processors: e.g., Base44 (hosting), email delivery, analytics, crash reporting, customer support tools—bound by contracts to protect your data, use it only for our instructions, and delete it when no longer needed. • Your direction: if you choose to export or share summaries with a clinician or third party, we will transmit the selected data as you instruct. • Business transfers: if we undergo a merger, acquisition, or asset sale, we will continue to protect your data and notify you of material changes. • Legal reasons: to comply with valid law enforcement or regulatory requests; we scrutinize requests and push back when appropriate. We may share aggregated or de identified information that cannot reasonably identify you (e.g., average monthly headache frequency across all users) for research, public health, or product insights.

6. Data retention

• Your entries: kept until you delete them or close your account. • Account data: retained while your account is active and for a limited period afterwards to meet legal, tax, fraud prevention, or backup requirements. • Backups/logs: rotate on fixed schedules; deletion requests cascade to backups within 60 days. We keep data no longer than necessary for the purposes described above.

7. Your controls & rights

7.1 In app controls • Access & export: view and export your data (e.g., CSV/PDF) from the App. • Edit & delete: update or delete entries at any time. Deletions are permanent from active systems and will be removed from backups within 60 days. • Account deletion: delete your account in settings or by contacting us. This will remove your personal data from active systems. • Preferences: manage notifications, marketing, research participation, and location permissions.

8. Security We use administrative, technical, and physical safeguards designed to protect your data, including: • Encryption in transit (TLS) and at rest for stored data. • Role based access controls, least privilege principles, audit logging. • Vulnerability management, secure software development, and employee confidentiality agreements. • Infrastructure security via Base44's independently audited security program and certifications (e.g., SOC 2/ISO 27001, as applicable). No system is perfectly secure. If we identify a breach that affects your data, we will notify you and regulators as required by law.

9. International transfers Data may be processed outside your region (including in countries where AWS operates).

10. Children's privacy MigraineMatters is intended for individuals 16+ (or the age required by your jurisdiction). We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe a child has provided data, contact us to delete it.

11. Cookies & similar technologies If you use our web app or site, we use strictly necessary cookies for security and session management. With your consent, we may use optional analytics cookies to improve the product. You can manage preferences via our cookie banner (granular controls for necessary, analytics, and preferences) or your browser settings.

12. Communications • Service emails: account, security, and transactional messages (cannot opt out). • Product updates & marketing (optional): sent only with your consent; you can opt out anytime via the email footer or in settings.

13. Third party links The App may contain links to third party sites or services. Their privacy practices are governed by their own policies; we encourage you to review them.

14. Automated decision making We do not use automated decision making that produces legal or similarly significant effects without human involvement. If we introduce such features, we will provide notice and obtain any required consent.

15. Changes to this policy We may update this policy to reflect product, legal, or operational changes. We will post the updated version and revise the Effective date above. For material changes, we will provide additional notice (e.g., in app prompt or email) and, where required, request your consent.

16. How to contact us - Email: admin@axona.ca Postal: Axona Labs Corp., 1004-750 W Broadway, Vancouver, BC, Canada EU/UK representative: Not appointed (we will update this policy if that changes) 17. Jurisdiction specific disclosures (summary) • California: We do not sell/share your personal information for cross context behavioral advertising; we honor the right to limit use of sensitive personal information to what is necessary to perform services reasonably expected by an average consumer. • Canada: We identify purposes before or at the time of collection; we obtain meaningful consent; you may withdraw consent subject to legal or contractual restrictions and reasonable notice. A detailed mapping of data categories, purposes, recipients, retention, and legal bases is available upon request.

19. Your choices (quick reference) • Delete data: in App > Settings > Delete Entries / Delete Account or email us. • Export data: in App > Settings > Export. • Opt out of marketing: unsubscribe link or Settings. • Withdraw research consent: Settings or email us. • Change permissions: OS app settings (notifications, location).

20. Definitions • "Personal data / personal information" means information that identifies or can reasonably be linked to an identifiable person. • "Sensitive data" includes health/medical information you choose to input. • "Processing" means any operation on personal data (collection, storage, use, disclosure, etc.). • "Controller/Processor" have the meanings given in applicable law.

21. Governing law and venue Except where a different jurisdiction is required by mandatory law that cannot be varied by agreement, this Privacy Policy, your use of the App, and any dispute, claim, or legal action arising out of or relating to it or to our processing of your personal data will be governed by the laws of the Province of British Columbia and the federal laws of Canada applicable therein, without regard to conflict of law principles. You agree that any such dispute, claim, or legal action must be brought exclusively in the courts located in the City of Vancouver, British Columbia, Canada, and in no other jurisdiction, and you irrevocably submit to the personal jurisdiction and venue of those courts for that purpose. Appendix A — Subprocessors (current) • Base44 — cloud hosting, storage, backups, security controls (on AWS infrastructure). • Apple Push Notification service (APNs) — iOS push notifications (when enabled). • [No third party analytics/crash reporting at this time] — users can submit issues via the in app feedback button. Appendix B — Security highlights • TLS 1.2+ in transit; AES 256 at rest. • Hashing & salting for passwords; MFA is not currently available. • Principle of least privilege; periodic access reviews; audit logging. • Regular backups; disaster recovery and business continuity plans. Plain language summary: You control what you put in MigraineMatters. We use your data to provide the features you ask for, keep the service secure, and improve the product. You can access, export, and delete your data any time. We don't sell your data. We work with trusted providers like Base44 under strict contracts.

Privacy Policy

Contact us