Privacy Policy

The data controller for the Prevena application is Lynex Studio LLC. You can reach us with any privacy-related questions or requests at info@prevena.app.

This policy is drafted to comply with both the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and the EU General Data Protection Regulation (GDPR).

We collect data in four main categories. None of it is collected secretly — each item maps directly to a feature you use in the app.

a) Account and profile information — During onboarding you provide your age, gender (optional), name (optional), and answers about your migraine history (how long you've had migraines, monthly attack frequency, aura status, baseline stress and sleep levels).

b) Health data (special category personal data) — The records you create while using the core features of the app:

• Migraine attacks: start/end time, severity (0-10), pain regions, symptoms, triggers, medications taken, relief methods and notes
• Daily check-ins: mood, medications taken that day, current symptoms
• Journal entries: free-text notes you write
• Menstrual cycle information (optional, female users only): last period start date, average cycle length, cycle regularity, and menstrual migraine status
• List of medications you are taking

c) Device and technical data — App version, operating system, device model, language and region settings, push notification token, and basic usage events (e.g. which onboarding screen you were on). This information is required to operate the app and resolve issues.

d) Location data — Used only when you give permission, solely to calculate weather-based migraine risk. Your coordinates are not stored persistently on our servers; they are processed transiently to fetch current weather data.

We process the data we collect only for the following purposes:

• To record your attack history, daily check-ins and journal entries and show them back to you
• To calculate your next likely attack, risk level and contributing factors via our AI prediction engine
• To display a daily migraine risk score based on weather conditions
• To provide context-aware responses through the AI-powered chat feature
• To send push notifications for reminders and risk alerts when you have opted in
• To generate PDF health reports
• To verify subscription purchases and handle customer support requests
• To improve the product, fix bugs and prevent abuse

We never sell, rent or share your data with third parties for advertising purposes.

Under KVKK, our processing of special category personal data (health data) is based on your explicit consent (KVKK Art. 6/3). Under GDPR, we rely on explicit consent per Art. 9(2)(a) for health data.

Subscription and payment-related data are processed under the performance of a contract (KVKK Art. 5/2-c, GDPR Art. 6(1)(b)), while technical logs and security-related data are processed under our legitimate interests (GDPR Art. 6(1)(f)).

You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing that took place before the withdrawal.

Prevena uses Anthropic's Claude model for its chat assistant and attack prediction features. There are two important details we want to be transparent about:

a) Chat feature — When you send a message, that message and a short window of recent context is sent to Claude. To deliver better responses, selected fields from your onboarding profile (age, migraine duration, attack frequency, triggers, aura status, baseline stress and sleep) are included in the system prompt. Your chat history is stored in the Prevena database.

b) Prediction engine — When an attack is completed, your recent attack records, recent daily check-ins, (if provided) menstrual cycle data and recent weather trends are sent to Claude for analysis. Claude produces a risk score, probable date, contributing factors and recommendations.

This data is sent to Anthropic solely for the purpose of fulfilling your request, and Anthropic does not use this data to train its models. Nevertheless, AI outputs are not medical advice and are intended for informational purposes only.

To deliver our service we work with the following data processors. Appropriate data processing agreements are in place with each of them:

• Supabase (on Amazon Web Services infrastructure) — Database, authentication and file storage
• Anthropic PBC — AI chat and prediction processing (Claude model)
• Open-Meteo — Weather data (transient coordinate lookup only)
• Apple App Store / Google Play — Subscription purchases and billing
• Expo (push notifications service) — Push notification delivery
• Vercel Inc. — Hosting for our website and API servers

Our service inherently requires transfers of data to infrastructure located abroad (primarily the United States and the European Union). These transfers are based on your explicit consent (KVKK Art. 9/1) and, where applicable, safeguarded under GDPR by Standard Contractual Clauses (SCCs).

By continuing to use Prevena, you explicitly consent to the transfer of your data to these countries.

We retain your health data for as long as your account is active. Your attack history is kept until deletion so that we can measure the accuracy of the prediction engine and offer you long-term trend analysis.

When you delete your account, all data belonging to you is permanently removed from the Supabase database within 30 days. Data we are legally required to retain (such as billing records) is kept for the period required by applicable law.

We take industry-standard technical and organisational measures to protect your data:

• Sensitive credentials on your device are stored encrypted in iOS Keychain / Android KeyStore via expo-secure-store
• All network communication is encrypted with TLS (HTTPS)
• Supabase Row Level Security (RLS) policies ensure users can only access their own data
• The database is protected with at-rest encryption
• Access and misuse are mitigated through regular auditing and logging

Despite all measures, no system is 100% secure. If you notice a security issue, please report it immediately to info@prevena.app.

Under KVKK Art. 11 and GDPR Art. 15-22 you have the following rights:

• Learn whether your personal data is being processed
• Request information about the processing of your data
• Learn the purpose of the processing and whether the data is used in line with that purpose
• Know the third parties to whom your data has been transferred, domestically or abroad
• Request the rectification of incomplete or inaccurately processed data
• Request the erasure or destruction of your data
• Object to outcomes produced by automated analysis of your data
• Claim compensation in case of damages arising from unlawful processing
• Request the portability of your data to another data controller (GDPR)
• Withdraw any explicit consent previously given

To exercise these rights, contact us at info@prevena.app. We respond to requests within 30 days free of charge.

You can delete your account directly from the Settings screen inside the Prevena app. Alternatively, you can send a deletion request to info@prevena.app.

When you delete your account, your attack records, journal entries, chat history, predictions and profile information are permanently erased. This action cannot be undone.

Prevena does not knowingly collect data from children under the age of 13. For users aged 13-18, consent from a parent or legal guardian is required. If you become aware that a child under the age of 13 has provided us with personal data, please contact info@prevena.app and we will delete the relevant data promptly.

Prevena is not a medical device and is not a substitute for a healthcare professional. The predictions, recommendations and AI responses shown in the app are provided for informational purposes only; they do not constitute diagnosis, treatment or medical advice. Always consult a healthcare professional for decisions about your health.

In case of emergency, call your local emergency number or visit the nearest medical facility.

We may update this policy from time to time. When significant changes are made, we will notify you inside the app and update the "Last updated" date at the top of this page. Continuing to use the service after such changes means you accept the updated policy.

For any questions, requests or complaints regarding this policy, you can reach us at:

• Company: Lynex Studio LLC
• Email: info@prevena.app