Privacy

Privacy Policy

Effective date: 1 January 2025
Last updated: January 2025
Version 1.0
🔒
No data selling
We never sell your personal or health data to third parties. Ever.
🛡️
Encrypted storage
Your data is encrypted at rest and in transit via Firebase's security infrastructure.
⚙️
You stay in control
Export or delete your data at any time, directly from within the app.
🚫
No ads, no tracking
Alera contains no advertising SDKs and does not track you across other apps or websites.

1. Overview

Alera ("we", "us", "our") is a personal migraine tracking application. This Privacy Policy explains how we collect, use, store, and protect information about you when you use the Alera iOS app ("App").

We take your privacy seriously — particularly because Alera handles sensitive health-related information. This policy is written to be clear and readable, not to bury important things in legal language.

Short version: We collect only what we need to run the app. We don't sell it. We protect it. You can delete it anytime.

By using Alera, you agree to the collection and use of information in accordance with this policy. This Privacy Policy is incorporated into and forms part of our Terms of Service.

2. Data We Collect

We collect the minimum information necessary to provide the App's functionality.

Account information

When you sign in with Apple Sign-In, we receive the information Apple provides, which may include a unique user identifier and, optionally, your name and email address depending on your Apple privacy settings. We do not receive your Apple ID password.

Health and tracking data you enter

The core data in Alera is the information you log yourself:

Data type What it includes Purpose
Migraine events Date, start time, duration, intensity (1–10), symptoms Core logging functionality
Trigger data Sleep duration, stress level, food entries, weather conditions, custom triggers Pattern detection and correlation
App usage Log frequency, feature usage, session counts App improvement (aggregated, not individual)

Device and technical information

We may collect limited technical data to ensure the App functions correctly, including device model, iOS version, App version, and crash logs. This data is not linked to your health records.

What we do not collect

  • Location data (unless you choose to log weather, which may use a coarse location)
  • Contacts, calendar, or camera access
  • Browsing history or data from other apps
  • Biometric data beyond what you manually enter

3. How We Use Your Data

We use the data we collect for the following purposes only:

  • Providing the App: Storing and displaying your migraine logs, triggers, and history.
  • Pattern analysis: Generating insights and correlations within your personal data to surface patterns visible only to you.
  • Account management: Authenticating your session, managing your subscription, and enabling account deletion.
  • App improvement: Using aggregated, anonymised usage data to understand which features are working well and which need improvement. This is never linked to individual user records.
  • Legal obligations: Complying with applicable laws or responding to valid legal requests.

We do not use your data to build advertising profiles, sell to data brokers, train AI models for third parties, or share it with insurers, employers, or healthcare providers without your explicit consent.

4. Third-Party Services

Alera uses a small number of trusted third-party services to operate. Each is bound by its own privacy commitments:

Service Purpose Data shared
Firebase (Google) Authentication and secure data storage (Firestore) Account identifiers and encrypted health logs
RevenueCat Subscription and purchase management App Store purchase receipts, subscription status
Apple Sign-In User authentication Apple-provided user token (no password)

We do not share your personal data with any other third party unless required by law. We do not integrate advertising networks, social media tracking pixels, or data broker APIs.

Each third-party service listed above has its own privacy policy governing how they handle data on our behalf. We review these relationships regularly to ensure ongoing compliance.

5. Storage & Security

Your data is stored in Google Firebase Firestore, a cloud database with enterprise-grade security. Data is encrypted both in transit (using TLS) and at rest.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, or destruction. These include:

  • Encryption of all stored health data
  • Role-based access controls limiting who can access the database
  • Firestore security rules ensuring users can only access their own records
  • Regular security reviews of our infrastructure

Note: No system is completely secure. While we take strong precautions, we cannot guarantee absolute security. If you become aware of any security concern related to Alera, please contact us immediately at security@aleraapp.com.

Your data is stored in data centres within the Google Cloud Platform. Data may be processed in multiple regions as part of Firebase's global infrastructure. We rely on Firebase's data processing agreements to ensure appropriate safeguards apply.

6. Data Retention

We retain your personal data for as long as your account is active, or as needed to provide the App's services. Specifically:

  • Account data: Retained until you delete your account or request deletion.
  • Health and tracking data: Retained as long as your account exists. This data is central to the App's value — historical records are what make pattern detection possible.
  • Crash logs and technical data: Retained for up to 90 days for debugging purposes.
  • Subscription records: Retained for up to 7 years as required by financial and tax regulations.

When you delete your account, your personal and health data is permanently removed from our systems within 30 days. Aggregated, anonymised data derived from your records (if any) is not individually identifiable and may be retained for product improvement.

7. Your Rights

Depending on where you live, you may have certain rights over your personal data. Alera respects these rights regardless of jurisdiction:

👁️ Right to access
You can view all your logged data directly within the App at any time.
✏️ Right to correct
You can edit or update any migraine log, trigger entry, or account detail.
🗑️ Right to delete
Delete your account and all associated data from within App settings. Deletion is permanent.
📦 Right to portability
Request an export of your data in a machine-readable format by contacting us.
⛔ Right to object
You can object to certain uses of your data by contacting us. We will respond within 30 days.
🔕 Right to restrict
In certain circumstances, you can ask us to restrict processing of your data while a concern is resolved.

To exercise any of these rights, contact us at privacy@aleraapp.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you are located in the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under the GDPR, UK GDPR, or CCPA respectively. These are outlined below.

GDPR / UK GDPR (EEA and UK residents)

Our legal basis for processing your personal data is primarily your consent (given at sign-up and logging) and our legitimate interest in providing and improving the App. Where we process health data (a special category under GDPR), we rely on your explicit consent. You may withdraw consent at any time by deleting your account.

CCPA (California residents)

We do not sell your personal information. California residents have the right to know what personal information we collect, to request deletion, and to opt out of sale — the last of which is not applicable as we do not sell data.

8. Children's Privacy

Alera is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal data, we will delete it promptly.

If you are a parent or guardian and believe your child has provided data to Alera without your consent, please contact us at privacy@aleraapp.com.

9. Health Data

Alera collects and processes health-related information, including migraine frequency, symptom severity, and lifestyle triggers. This is sensitive data and we treat it accordingly.

Key commitments regarding your health data:

  • Never sold: We will never sell, rent, or share your health data with any third party for commercial purposes.
  • Never shared with insurers: Your health data will never be disclosed to insurance companies, employers, government agencies, or healthcare providers without your explicit consent or a valid legal requirement.
  • Not used for advertising: Your health data is never used to build advertising profiles or target you with ads.
  • User-controlled: You can delete your health data at any time, entirely, from within the App.

Future versions of Alera may offer optional HealthKit integration. Any HealthKit data will be governed by Apple's HealthKit framework rules, which apply additional restrictions on how health data may be used, and we will update this policy accordingly if that feature is introduced.

10. Analytics & Tracking

Alera is a native iOS application and does not use browser cookies. The App does not contain advertising SDKs, social media tracking pixels, or cross-app tracking libraries.

We may use basic, privacy-preserving analytics to understand aggregate usage patterns (e.g., which screens are most used, crash frequency). This data:

  • Is aggregated and does not identify individual users
  • Is never combined with your health records
  • Is used solely to improve App stability and usability

Alera complies with Apple's App Tracking Transparency (ATT) framework. We do not request permission to track you across apps or websites operated by third parties.

11. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, the App's functionality, or applicable law. When we do, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you within the App for material changes
  • Where required by law, seek your renewed consent

We encourage you to review this page periodically. Continued use of the App after changes are posted constitutes your acceptance of the revised policy.

12. Contact

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please reach out:

Privacy enquiries: privacy@aleraapp.com
Security issues: security@aleraapp.com
General support: support@aleraapp.com

We aim to respond to all privacy-related enquiries within 30 days. For data deletion requests, please allow up to 30 days for complete removal from our systems.

Also see our Terms of Service for the full legal framework governing your use of Alera.