Consumer Health Data Privacy Policy
Last updated: July 2, 2026
This Consumer Health Data Privacy Policy supplements The Migraine Network LLC’s general Privacy Policy and applies specifically to “consumer health data,” as defined under applicable state privacy laws, including Washington’s My Health My Data Act (“MHMDA”), Nevada’s SB 370, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”). Where this policy and our general Privacy Policy differ as to consumer health data, this policy controls. Capitalized terms not defined here have the meaning given in our general Privacy Policy.
Our commitment is simple: your migraine information belongs to you. We do not sell it, we do not use it for advertising, and we only collect it with your consent and to provide the service to you.
The Migraine Network is not a doctor, hospital, insurer, or other entity covered by HIPAA, so HIPAA does not govern this app. The state consumer health data laws described below exist to protect health information that HIPAA does not cover, and we follow them.
What consumer health data we collect
“Consumer health data” broadly means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. For The Migraine Network, this includes:
- Your migraine tracker entries, including pain level, dates and times, symptoms, pain locations, medications you take and whether they helped, how long attacks last, and any private notes you write.
- Menstrual and cycle information, but only if you turn on period tracking in the tracker. This includes the start and end dates you log and any patterns we show you between your cycle and your migraine attacks. This is reproductive health information, and we protect it with the same care as the rest of your tracker.
- Location data, but only if you turn on weather tracking. We use it to show weather that may relate to your migraine attacks. Because it is tied to your migraine activity, we treat your location as consumer health data.
- Inferences or patterns we generate from the above to help you understand your migraine.
- Health details you choose to share in the members’ community, and automated safety signals. Anything you write about your health in the community is visible to other members (see our general Privacy Policy for how public content works). To help keep the community safe, our system automatically checks posts and replies for language that may signal a crisis or self-harm and may flag a post to our moderators so we can share support resources. That automated flag is a health-related inference. We use it only for member safety, never for advertising, and we never sell it.
We do not collect consumer health data from any source other than what you choose to provide or enable in the app.
Why we collect it
We collect consumer health data only to:
- Provide the core features of the service, such as your tracker and any weather insights you enable.
- Let you understand your own patterns and create summaries to share with your doctor if you choose.
- Help keep the community safe, such as recognizing when a member may be in crisis so we can offer support resources.
- Keep the service secure and meet our legal obligations.
We do not use your consumer health data for advertising, to target you, or to build advertising profiles. We never sell it.
How we share it
Your tracker is built to be private to you. Other members cannot see it, and moderators cannot see your tracker. We share consumer health data only in these limited situations:
- Service providers, such as our database and hosting providers and our weather data provider (Open-Meteo), strictly to operate the service for us and under terms that prohibit them from using it for their own purposes. When you enable weather tracking, we send your location to Open-Meteo only to retrieve local weather for you; it is not used for advertising or any other purpose. Our payment and shipping partners never receive your health data.
- Our moderators, but only the automated safety flag and the community post you already chose to make public, and only so a trained person can respond with support resources. Moderators never see your private tracker.
- With your explicit consent, when you direct us to share it (for example, a future feature you choose to enable).
- When required by law, or to protect someone’s safety, in which case we limit disclosure to what is necessary.
We may use aggregated or de-identified information that cannot reasonably be linked back to you to understand and improve the service, and to share anonymous statistics (such as regional or age-range trends) with sponsors who support the service. These statistics are combined across many members, use only coarse location, are drawn from general site usage and analytics rather than the contents of your tracker, and cannot identify you. We do not attempt to re-identify de-identified information, and we contractually require anyone who receives it not to re-identify it.
Your rights: Washington residents (MHMDA)
If you are a Washington resident, you have the right to:
- Consent. We obtain your consent before collecting or processing your consumer health data, and separate consent before sharing it.
- Withdraw consent. You can withdraw your consent at any time, and we will stop the relevant collection or processing promptly.
- Confirm. You can confirm whether we are collecting, processing, or sharing your consumer health data, and with whom.
- Access. You can request a copy of your consumer health data in a portable format.
- Delete. You can request deletion of your consumer health data. We remove it from our live systems right away and from backups within 30 days.
- No retaliation. We will not deny you service or charge you a different price for exercising these rights.
Washington protections we apply: we do not sell your consumer health data; we share it only with your consent or as required by law; we do not use geofencing around health-care facilities to track you or collect your data; and we practice data minimization, collecting only what is needed to provide the service.
Your rights: Nevada residents (SB 370)
If you are a Nevada resident, you have the right to: know what consumer health data we collect and how we use it; request deletion of your consumer health data; opt out of the sale of consumer health data (we do not sell it); and request correction of inaccurate consumer health data. We obtain appropriate consent for processing health data, use it only for the purposes disclosed here, and limit sharing with third parties.
Your rights: California residents (CCPA/CPRA)
Health information is “sensitive personal information” under the CCPA/CPRA. If you are a California resident, you have the right to: know what sensitive personal information we collect and how we use it; access and obtain a portable copy; correct inaccurate information; delete it; opt out of any sale or sharing (we do not sell or share it for advertising); and limit our use of sensitive personal information to what is necessary to provide the service. We do not use your health information or location for purposes beyond providing the service to you, and we will not discriminate against you for exercising your rights.
Your rights: Connecticut residents
If you are a Connecticut resident, the Connecticut Data Privacy Act, as amended to address consumer health data, gives you the right to access, correct, delete, and obtain a portable copy of your data, and to opt out of its sale and of targeted advertising. We obtain your consent before processing consumer health data. We do not sell your consumer health data or use it for targeted advertising, and we collect it only with your consent and to provide the service to you.
Other states
Maryland and a growing number of other states provide additional protections for consumer health data. Maryland’s Online Data Privacy Act, for example, allows us to collect, process, or share consumer health data only when strictly necessary to provide the service you have asked for, a standard we meet. Because we treat all health data as sensitive, require your consent to collect it, and never sell it or use it for advertising, our practices are designed to honor these protections for all users, wherever you live. As new laws take effect, we will update this policy and may provide additional protections beyond what the law requires.
Consent and location features
Before you use the tracker or turn on weather or period tracking, we ask for your clear, opt-in consent to collect the related consumer health data. These features are off until you enable them. You can withdraw consent or turn the features off at any time in your account settings, and you can delete your data at any time.
How to exercise your rights
You can manage your data and consent directly in your account, or contact us and we will help. We will verify your request as required by law and respond within the timeframes the law requires.
The Migraine Network LLC
Email: support@themigrainenetwork.com
1600-B SW Dash Point Road #1083
Federal Way, WA 98023, United States
If we deny your request, you may appeal by emailing us, and you may also contact your state attorney general.