HJORTSHOLM STUDIO [ ← MIGRA ]
[ PRIVACY POLICY ]

Migra — Privacy policy

Last updated: 4 May 2026 Effective immediately

1. Summary

Migra is an iOS application published by Hjortsholm Studio. We do not run a backend that stores your personal data. Every entry, attachment, and HealthKit-derived insight is stored on-device. The app makes no outbound network requests of its own. No analytics, no tracking, no crash reporters. There are no servers.

This policy describes — in plain language — what limited data may leave your device, who it goes to, and the rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws.

2. Data controller

The data controller responsible for any personal data processed in connection with Migra is:

Robert Hjortsholm
Hjortsholm Studio
Côte d'Azur, France
Contact: contact+privacy@studio.hjortsholm.com
App-specific contact: contact+migra@studio.hjortsholm.com

3. What data we process

We — meaning Hjortsholm Studio — do not collect, store, or transmit your personal data on our own servers. The app does not require an account.

Data created by your use of the app (settings, library entries, journal entries, episode logs, generated content, conversation history — depending on the app) is stored locally on your device using the operating system's standard secure storage. If the app offers iCloud sync and you opt in, that data syncs through your private iCloud container, controlled by Apple under your Apple ID.

Where the app integrates with third-party services, only the data you explicitly send (for example, the prompt you type, or the coordinates needed to fetch a forecast) is transmitted to that service. Any API keys you supply are stored on-device using the iOS Keychain and are never sent to Hjortsholm Studio.

4. Third-party services

The following third parties may receive data when you use specific features of Migra. Each provider is an independent data controller for the data they receive, and their own privacy policy governs how they handle it.

  • Apple HealthKit

    Purpose: Reads health metrics you authorise to correlate with episodes.

    Data shared: Nothing leaves the device. HealthKit data stays on-device only.

5. Legal basis for processing

Where Migra causes personal data to be processed (for example, by sending a prompt to a model provider you have configured), the legal basis under Article 6(1) GDPR is your consent, given when you enable the relevant feature and configure your own API keys or authorisations. You can withdraw that consent at any time by removing the configuration or uninstalling the app.

Where the app reads from Apple HealthKit, that processing happens entirely on your device under permission you grant Apple — Hjortsholm Studio never receives that data.

6. Data retention

Hjortsholm Studio retains no personal data on its servers, because there are no servers processing personal data for Migra. Data you generate stays on your device — and your iCloud container, if you enabled sync — for as long as you keep it. You can delete it at any time by removing entries from within the app or uninstalling the app.

7. Your rights under the GDPR

If you are in the EU, EEA, UK, or another GDPR-aligned jurisdiction, you have:

  • The right of access — to know what personal data is being processed.
  • The right to rectification — to have inaccurate data corrected.
  • The right to erasure — to have personal data deleted.
  • The right to restriction — to limit how data is processed.
  • The right to data portability — to receive your data in a structured, machine-readable format.
  • The right to object — to processing based on legitimate interests.
  • The right to withdraw consent — at any time, where processing is based on consent.
  • The right to lodge a complaint — with your local supervisory authority (in France, the CNIL).

Because Hjortsholm Studio holds no central record of you, most of these rights are exercised on-device: deleting an entry, disabling iCloud sync, removing an API key, or uninstalling the app fulfils them. For data held by the third parties listed above, please contact those providers directly using the privacy policies linked in section 4.

If you have a question or want to exercise a right that involves us as the controller, email contact+privacy@studio.hjortsholm.com. We will respond within 30 days.

8. International transfers

Hjortsholm Studio does not transfer your personal data internationally because we do not hold it. The third parties you may opt into using (for example, OpenAI, OpenRouter, or Replicate) may process data in the United States or other jurisdictions. Their own privacy policies, linked above, describe the safeguards (such as Standard Contractual Clauses) they rely on for cross-border transfers.

9. Children

Migra is not directed at children under 16. We do not knowingly collect data from children. Because the app does not collect personal data centrally, there is no central record to remove — but if a parent or guardian believes a child has used the app and wants to ask a question, please contact contact+privacy@studio.hjortsholm.com.

10. Security

On-device data is protected by the standard iOS security model — Data Protection, sandboxing, and (where used) Keychain. Network requests to third-party services use HTTPS/TLS. We rely on Apple's platform security and the security guarantees of the third-party providers you configure.

11. Changes to this policy

If we change how Migra processes data — for example, by adding a new third-party integration — we will update this policy and revise the "last updated" date at the top. Material changes will also be reflected in the app's release notes.

12. Contact

Privacy questions: contact+privacy@studio.hjortsholm.com.
App-specific support: contact+migra@studio.hjortsholm.com.