Nimbus Migraine Tracker

GDPR Privacy Notice

Effective Date: May 1, 2025

This GDPR Privacy Notice applies to users of Nimbus Migraine Tracker ("Nimbus", "we", "us", or "our") located in the European Union (EU), the European Economic Area (EEA), the United Kingdom (UK), and Switzerland. It supplements our general Privacy Policy.

We are committed to protecting your personal data and processing it in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, and applicable data protection laws.

1. Data Controller

The data controller for your personal data is:

Nimbus Peak Solutions, LLC
support@nimbusmigraine.health

2. Legal Bases for Processing

We process your personal data only when we have a legal basis to do so. These bases include:

  • Consent – when you voluntarily provide data (e.g., tracking migraine symptoms).
  • Contract – when processing is necessary to provide you with our Service.
  • Legal obligation – when required to comply with legal duties.
  • Legitimate interests – to improve and secure the Service, provided these interests are not overridden by your rights and freedoms.

3. Types of Personal Data Collected

We may collect:

  • Identity and contact data (e.g., name, email – only if provided).
  • Health-related data (e.g., migraine patterns, symptoms, medications).
  • Technical and usage data (e.g., IP address, browser type, device info, usage metrics).

Health data is considered a special category of data under GDPR. We process such data only with your explicit consent, which you give by voluntarily submitting it via the Nimbus app.

4. How We Use Your Data

Your personal data is used to:

  • Provide and maintain the Nimbus Service.
  • Personalize your experience within the app.
  • Communicate important updates or support responses.
  • Improve and analyze features for research and development purposes.

5. Aggregated and Anonymized Data

We may use aggregated and anonymized data that cannot reasonably identify you to:

  • Train machine learning and statistical models.
  • Improve our algorithms and service performance.
  • Conduct health-related or technical research.
  • Generate insights, publications, or analytics.

This data is not considered personal data under the GDPR and may be retained or used indefinitely.

6. International Data Transfers

Nimbus is based in the United States. By using the Service, you acknowledge that your data may be transferred to, stored in, or processed in the U.S. or other countries outside the EU/EEA.

We implement appropriate safeguards to protect your data during such transfers, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described above or as required by law. Aggregated and anonymized data may be retained without limitation.

8. Your Rights Under the GDPR

You have the following rights under GDPR:

  • Access – Request a copy of the personal data we hold about you.
  • Rectification – Request corrections to your data if inaccurate.
  • Erasure ("Right to be Forgotten") – Request deletion of your data.
  • Restriction – Request that we limit how your data is used.
  • Objection – Object to processing based on legitimate interests.
  • Data Portability – Request a copy of your data in a portable format.
  • Withdraw Consent – You may withdraw your consent at any time.

To exercise any of these rights, please contact us at:
support@nimbusmigraine.health

9. Lodging a Complaint

If you believe that we have violated your data protection rights, you have the right to lodge a complaint with your local Data Protection Authority.

A list of EU Data Protection Authorities is available at:
https://edpb.europa.eu/about-edpb/board/members_en

10. Contact

For GDPR-related questions or requests, please contact:

Nimbus Peak Solutions, LLC
Email: support@nimbusmigraine.health