Privacy Policy

Last updated: September 2, 2024

Your privacy is our priority

At Rin: Migraine Tracker, we understand that your health data is extremely sensitive and personal. This policy explains how we collect, use, store and protect your information.

1. Information We Collect

Authentication Information

When you register using Google or Apple, we collect:

  • Name and email address from your account
  • Unique user ID provided by Google/Apple
  • Profile photo (optional, only if publicly available)

Health Data

Information you voluntarily record about your migraines:

  • Symptoms: Type of pain, intensity, location, duration
  • Trigger factors: Foods, weather, stress, activities
  • Lifestyle: Sleep, exercise, hydration, habits
  • Medications: Names, doses, effectiveness, side effects
  • Social and emotional impact: Impact on work, relationships, mood
  • Dates and times: When episodes occur

Technical Information and Analytics

  • Application version and operating system
  • Basic device information (model, language, timezone)
  • Error and crash logs (Firebase Crashlytics - without health data)
  • Anonymous usage data (Firebase Analytics)
  • Advertising identifier (IDFA) on iOS - only with your ATT consent

2. How We Use Your Information

Purpose Data Used Legal Basis
App functionality Authentication data Consent
Storing records Health data entered Explicit consent
Personal analysis and patterns Migraine history Consent
Technical support Email and technical data Legitimate interest
Anonymous usage analysis Firebase Analytics Legitimate interest
Error detection and correction Firebase Crashlytics Legitimate interest
Ad tracking (iOS) IDFA (only with ATT consent) Explicit consent

Important: Your health data is NEVER used for advertising, marketing or sold to third parties. Only you have access to this information.

3. How We Protect Your Data

Technical Security Measures

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256)
  • Secure authentication: We use OAuth 2.0 with Google and Apple
  • Local storage: Data is primarily stored on your device
  • Limited access: Only you can access your health data
  • Secure backups: Backups are encrypted

Organizational Measures

  • Restricted data access by development team
  • Regular security audits
  • Strict data handling policies
  • Privacy training for team members

4. Sharing Information

Main rule: We do NOT share, sell or rent your personal or health data.

Limited Exceptions:

  • Legal requirements: Only if required by court order
  • Medical emergencies: If there is immediate risk to life (with your consent when possible)
  • Service providers: Essential technical services under strict confidentiality agreements

Third-Party Services We Use:

  • Google/Apple: Only for secure authentication
  • Firebase (Google): For analytics, crash reporting, authentication and storage
  • Apple ATT: iOS tracking consent system

5. App Tracking Transparency (iOS)

What is ATT?

On iOS 14.5+, we use Apple's App Tracking Transparency system to request your consent before any tracking:

What does "tracking" mean? Access to your IDFA (advertising identifier) to link data from our app with data from other apps or websites.

Your Options:

  • "Allow tracking": Enables access to IDFA for improved analytics
  • "Ask not to track": We don't access IDFA, limited to anonymous data

Important: Declining ATT tracking does NOT affect any app functionality. All your health data remains completely secure regardless of your choice.

6. Your Rights and Controls

Complete Control of Your Data

  • Access: View all your data anytime
  • Edit: Modify or update any recorded information
  • Delete: Remove individual episodes or your entire account
  • Export: Download your data in standard format
  • Correct: Update incorrect information

How to Exercise Your Rights

  • Within the app: Settings > Privacy and Data
  • Delete account: Settings > Delete Account (irreversible)
  • Change ATT preferences (iOS): iPhone Settings > Privacy > Tracking
  • Support: privacy@rinzenapp.com

7. Data Retention

Retention Periods:

  • Health data: Kept until you delete your account
  • Authentication data: While you maintain your account
  • Firebase Analytics data: Automatically deleted after 14 months
  • Crashlytics logs: Deleted after 90 days
  • Tracking data (IDFA): Processed in real-time, not stored
  • Deleted data: Complete erasure within 30 days maximum

Automatic deletion: If you don't use the app for more than 3 years, we'll contact you before automatically deleting data.

8. Minors

Rin: Migraine Tracker is intended for users over 16 years old. If you are under 16, you need parental or guardian consent to use the application.

If we identify that a user under 13 has registered without parental consent, we will immediately delete their account and all associated data.

Special note: For minors under 16 on iOS, ATT consent must be managed by parents through Screen Time and parental settings.

9. International Transfers

Your data may be stored on servers located in different countries through Firebase (Google), always complying with:

  • Data protection regulations (GDPR, CCPA)
  • Google Cloud international security standards
  • Appropriate data transfer contracts (Google DPA)
  • Encryption during all transfers
  • Certified data centers in appropriate regions

10. Changes to This Policy

We may update this privacy policy occasionally to reflect:

  • Changes in our data practices
  • New app features
  • Updates in privacy regulations
  • Security improvements

We'll notify you of important changes through:

  • Prominent notification in the app
  • Email to your registered address
  • Date update on this page
  • Request for new consent if necessary

11. Legal Basis (GDPR)

For users in the European Union, we process your data based on:

  • Consent: For health data and core functionalities
  • Explicit consent (ATT): For advertising tracking on iOS
  • Legitimate interest: For anonymous analytics, security, fraud prevention and technical support
  • Legal compliance: When required by law

You can withdraw your consent at any time by deleting your account or changing tracking settings.

12. Contact and Control Authority

For Privacy Inquiries:

Control Authorities:

If you believe we haven't properly handled your personal information, you have the right to file a complaint with your country's data protection authority.

13. Community Commitment

Our commitment: Rin: Migraine Tracker is a project created by and for people who suffer from migraines. Your privacy and wellbeing are more important than any commercial gain.

We commit to:

  • Keep the application free and ad-free
  • Be transparent about any changes
  • Prioritize privacy in all development decisions
  • Respond quickly to your questions and concerns
  • Continue improving security and privacy

Executive Summary

In short:

  • Your health data is completely private and secure
  • Only you can access your medical information
  • We don't sell, share or monetize your data
  • You can delete everything at any time
  • We use Firebase to improve the app (anonymous data)
  • On iOS, your ATT consent is optional and respected
  • We comply with the strictest privacy regulations
  • The application is and will remain completely free

About Firebase and Analytics:

We use Firebase only to improve app functionality. Analytics data is completely anonymous and never includes your personal health information. You can disable these services at any time.