Privacy Policy

Effective date: April 28, 2022

At Curelator, your privacy is important to us. We have developed this Policy to demonstrate our commitment to respecting your privacy and provide you insight into the collection, use, disclosure, transfer, and storage of the personal data we process through our website and mobile application.

The topics our privacy policy will cover include:

  1. What data do we collect?
  2. How will we use the data we collect?
  3. How do we store your data?
  4. Who do we share your data with?
  5. European Economic Area Data Subjects
  6. Special Notice to California Residents
  7. Children’s Privacy
  8. Changes to This Privacy Policy
  9. How to contact us

What data do we collect?

Either whole or in part, we collect personal information from you as part of your use of our services. Some examples of the types of personal information we may collect directly include:

  • Personally identifiable information (Name, email address, phone number, etc.)
  • Location data (with your permission)
  • Any symptoms and health history information you provide in our mobile application
  • Tracking & Cookies Data (read more in our Cookie Policy)

We also automatically collect and store certain types of information when you use our services, such as:

  • Usage Data - Whenever you visit our website or app through a mobile device, we automatically collect information such as an Internet Protocol (IP) address, unique device identifiers and similar diagnostic data.
  • Location Data - We may also collect, use and store Location Data (data that may be used to identify a User’s geographic location) if you permit us to do so. You can enable or disable location services when you use our Service at any time by way of your device settings.
  • Tracking & Cookies Data – We collect and store information automatically from cookies and trackers we have placed on our website. You can read our full Cookies Policy to find out how we use cookies to track the activity on our Service.

How will we use the data we collect?

We may process your personal information for the purposes described in this Privacy Policy. We will only collect and process personal data from individuals accessing the website in the European Union, where we have a lawful basis to do so. We rely on the following lawful bases to process your personal data:

  • With your consent;
  • For the fulfillment of a contract you have entered into with us;
  • For compliance with a legal obligation;
  • When the processing is necessary for the purposes of the legitimate interests pursued by our organization

Some examples of how we may use your personal information include:

  • To notify customers and mailing lists subscribers of new products and service offerings.
  • To help us create, develop, operate, deliver, and improve our products and services.
  • To send important notices, such as communications about changes to our terms, conditions, and policies.
  • For internal purposes such as auditing, data analysis, and research to improve Curelator’s products, services, and customer communications.
  • To respond to your queries.
  • For administrative purposes, such as customer service and billing.
  • To inform subscribers about new research, findings, and publications.
  • To conduct customer research or satisfaction surveys.
  • To keep track of user login and authentication on the Service.
  • To monitor the usage and effectiveness of the Service, such as the number of visitors, pages viewed and content interaction.

In certain circumstances, when you choose not to disclose your personal data where it is required for the purposes of an agreement you have entered into with Curelator, we may be unable to provide you with the products and/or services under our contract with you.

Medical Research: We also remove elements of the personal data you provide so that it is impossible to re-identify it (anonymized data) for medical research purposes. This anonymized data is provided to selected research groups and individual researchers and includes daily diary, profile, medication, and demographic data for purposes of improving the knowledge of the disease, influencing factors, impact, and effectiveness of potential and existing therapies. The results of these research projects may be presented in relevant publications, journals, and meetings.

How do we store your data?

Security Measures

We will take all steps reasonably necessary to ensure that personal data is treated securely and in accordance with this Policy. Once we have received your information, we implement strict security measures to mitigate unauthorized access risk. When possible, encryption is used both in transit and in storage. All third parties that process personal data on our behalf are required to keep that data secure.

Retention of Data

Curelator will retain your personal data only for as long as it is necessary for the purposes set out in this Privacy Policy. We will retain and use your data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Who do we share your data with?

Third Party Service Providers

We employ third-party service providers to help us develop, maintain, host, backup, and perform other services required to operate the Service. Some of these third parties may have access to or process a minimal set of personal data necessary to perform their function. Our contracts with service providers require them to preserve the confidentiality of personal data shared with them.

Healthcare Providers

Curelator may also, at a User’s request or with a User’s express consent, share their personal data, including medical and behavioral information, with the User’s physician, clinician, other healthcare provider or any other individual or entity that the User instructs Curelator to so inform.

Anonymized and/or Aggregated Information

Although Curelator will never share any User personal data, except for the purposes set forth in this Policy, Curelator may, from time to time, disclose Anonymized Information or aggregate information relating to particular diseases or disorders, behaviors or modifications as part of our research and to researchers doing work for or on behalf of Curelator, sponsors, or other business partners. Any such disclosure to such third parties is bound by the privacy protections set forth herein.

Disclosure for Law Enforcement

Curelator will disclose User personal data outside the scope of these provisions only as required to do so by law or compelled by court, government or administrative agency of competent jurisdiction. Personal data from Users may be subject to Federal and local laws that require Curelator to disclose this data in certain circumstances.

Change of Ownership

Curelator reserves the right to transfer our user databases, together with any personal data contained in them, to any third party acquiring our assets after notice and the opportunity for a User to request that personal data not be transferred. Should Curelator or our assets ever be sold, acquired, merged, liquidated, reorganized, or otherwise transferred, we will place a prominent notice on the homepage of the N1‑Headache™ website.

Special Notice to European Economic Area Data Subjects

Your Data Subject Rights:

European Union data subjects have the following rights, subject to certain exemptions, with respect to the personal information we hold:

  1. The right to request access to the personal data we hold;
  2. The right to request rectification of any inaccurate or incomplete personal data;
  3. The right to request the deletion or erasure of the personal data;
  4. The right to request that we restrict our processing of your personal data;
  5. The right to object to the processing of your personal data; and
  6. The right to request that your data be ported to another controller.

You can also modify some of your personal data through the use of our service at any time. If you are unable to perform these actions yourself, please contact us to assist you at .

When processing is based on your explicit consent, you can withdraw this consent at any time by either closing your account or writing an email to . This may affect the features offered by the Service.

You can also opt-out of our commercial communications and email surveys by following the instructions given at the bottom of such communication or writing an email to .

Automated Decision-Making

Curelator does not perform processing activities that qualify as automated decision-making that produces legal or similarly significant effects on data subjects.

Exercising Your Data Subject Rights

If you wish to exercise any of your rights above, please contact us by either

  • Emailing
  • Sending a written request to:
    • Data Protection Officer
      Postal Address:
      The DPO Centre Ltd,
      50 Liverpool street,
      London, EC2M 7PY, UK
      Phone number:
      +44 (0) 203 797 6340

Our privacy team will review your request respond as quickly as possible. Please note that we may ask you to verify your identity before responding to such requests.

Contacting a Supervisory Authority

Should you wish to report a complaint or if you feel that Curelator has not addressed your concern in a satisfactory manner, you have the right to file a complaint with your supervisory authority.

Transfers of Personal Data Outside of the EEA

Whenever we transfer your personal information to countries outside of the European Economic Area that lack an adequacy decision by the European Commission, we will ensure this transfer occurs under the requirements of:

  • Standard Contractual Clauses
  • Third-country adequacy decisions from the European Data Protection Board

Our European Union and UK Representative

We have appointed a representative based in Dublin, who you may address if you are located in the EU and in London if you are located in the UK, to raise any issues or queries you may have relating to our processing of your Personal Data and/or this Privacy & Cookies Policy more generally.

EU Representation contact details:

  • Postal Address: The DPO Centre Europe Ltd, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2
  • Phone number: +353 1 631 9460
  • Email:

UK Representation contact details:

  • Postal Address: The DPO Centre Ltd, 50 Liverpool street, London, EC2M 7PY, UK
  • Phone number: +44 (0) 203 797 6340
  • Email:

Special Notice to California Residents

Your California Privacy Rights

The following applies solely to California “consumers” as defined in Section 17014 of Title 18 of the California Code of Regulations. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). This policy describes our collection, use, disclosure, and “sale” of “personal information” of California consumers as these terms are defined under the CCPA.

Job applicants, current and former employees, and individuals subject to business-to-business communications are not considered “consumers” for the purpose of this policy.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

  • Identifiers, such as name, mailing address, email address, etc.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, postal address, email address, medical information, etc.
  • Protected classification characteristics under California or federal law, such as gender, etc.
  • Internet or other similar network activity, such as IP addresses, information on a consumer’s interaction with a website from first and third-party cookies, etc.
  • Professional or employment-related information, such as employment status.
  • Inferences drawn from other personal information, such as information uploaded to N1‑Headache application, which may reflect a person’s preferences, predispositions, behavior, and attitudes.

We obtain the categories of personal information listed above from the following types of sources:

  • Directly from you. For example, from the onboarding questionnaire forms and/or through the N1‑Headache application related to the services for which you engage us.
  • Indirectly from you. For example, website usage details collected.
  • From third parties that interact with us in connection with the services we perform. For example, from your healthcare provider.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Disclosure of Personal Information

We do not share your personal information with “third parties” as defined under the CCPA for a business purpose. We may use or disclose your personal information to our “service providers” as defined by the CCPA that we collect for one or more of the following purposes:

  • To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order for us to provide you with the N-1 Headache service, we will use that information to provide you with this service.
  • To provide you with information or services that you request from us.
  • To create, maintain, customize, improve, and secure your account with us.
  • To provide you with support and respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
  • To provide you with email alerts and other notices concerning our services or news that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve and secure our website and present its contents to you.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

Sale of Personal Information

Curelator does not sell the personal information of California consumers, including personal information of California consumers under the age of 16.

Your Privacy Rights

The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights with Curelator.

The Right to Know: You have the right to request that we disclose to you the personal information we have collected, used, disclosed or sold about you in the previous twelve (12) months. You may also request a copy of the personal information we have collected on you over the past twelve (12) months. See the “Exercising Your California Privacy Rights” section for instructions on submitting a right-to-know request. 

The Right to Deletion: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete and direct our service providers to delete your personal information from our records, unless an exception applies. See the “Exercising Your California Privacy Rights” section for instructions on submitting a right to deletion request. 

Exercising Access and Deletion Rights

To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either:

  • Emailing .
  • Sending a written request to:
    • Data Protection Officer
      Postal Address:
      The DPO Centre Ltd,
      50 Liverpool street,
      London, EC2M 7PY, UK
      Phone number:
      +44 (0) 203 797 6340

Use of an Authorized Agent 

You may designate, in writing or through a power of attorney, an authorized agent to make these privacy requests on your behalf to exercise these rights. An authorized agent may submit a request on your behalf if you have provided the authorized agent with power of attorney in accordance with California law. If this has not occurred, we will require the agent to provide proof that you have authorized it to act on your behalf and may require you to verify your own identity with us directly before we accept a request. We will do this by requiring the authorized agent to present verifiable written authorization from you that you have provided the agent with permission to submit the request and independently verify the agent’s own identity with Curelator.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including granting discounts or other benefits, or imposing penalties;
  • Provide you with a different level or quality of goods and services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California Do Not Track

Curelator does not track its Users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (“DNT”) signals.

Shine the Light

California residents may request the categories of personal information that we shared with third parties for the third parties’ direct marketing purposes during the previous calendar year, if any. Written requests may be sent to the following address:

Data Protection Officer
Postal Address:
The DPO Centre Ltd,
50 Liverpool street,
London, EC2M 7PY, UK
Phone number:
+44 (0) 203 797 6340

Please note: You must write “Your California Privacy Rights” at the top of your inquiry. We will respond within 30 days to requests regarding the categories of personal information that we shared with third parties for their own direct marketing purposes within the previous calendar year. Requests for this information that come to Curelator by other means may result in a delayed response.

Children’s Privacy

We do not knowingly collect personal data from anyone under the age of 18 without consent from a parent or guardian. If you are a parent or guardian and are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take reasonable steps to remove that personal data from our servers in a timely manner.

Our service is not designed for, or intentionally targeted at, children under 13 years of age. It is not our policy to intentionally collect or maintain personal data about anyone under the age of 13.

Changes to This Privacy Policy

We may modify or amend this Privacy Policy at any time. Any modification or amendment to this Privacy Policy will be applied to personal data immediately. We encourage you to review this Privacy Policy regularly to stay informed about how we are processing and protecting personal data.

How to Contact Us

If you have any questions, comments, concerns or complaints about this Policy, please contact us by email at or by a written request to:

Data Protection Officer
Postal Address:
The DPO Centre Ltd,
50 Liverpool street,
London, EC2M 7PY, UK
Phone number:
+44 (0) 203 797 6340

Loading...