← Back to Home

Privacy Policy

1. Introduction

Welcome to GlucoFlow, a privacy-first diabetes tracking application. This Privacy Policy explains how we handle your information when you use our mobile application ("App"). Our core principle is simple: your health data belongs to you, and only you.

2. Information We DON'T Collect

GlucoFlow is designed with privacy by default. We do NOT collect:

• Personal health data - Your glucose readings, notes, and health information never leave your device
• Personal identification - No names, emails, phone numbers, or account registration required
• Location data - We don't track where you are or where you log readings
• Usage analytics - We don't monitor how you use the app or which features you access
• Device information - No device IDs, advertising IDs, or hardware specifications
• Contacts or photos - We never access your contacts, photo library, or other apps

3. How Your Data is Stored

Local Storage (Primary)

• All glucose readings, notes, and app data are stored locally on your device
• Data is encrypted using industry-standard AES-256 encryption
• Encryption keys are stored securely in your device's Keychain (iOS)
• Only you can access your data, even if someone gains physical access to your device

Optional Cloud Sync

• Completely optional - The app works 100% without cloud sync
• If enabled, data is synced to your personal iCloud using Apple's CloudKit
• We never have access to your iCloud data - it's encrypted and managed by Apple
• You can enable or disable cloud sync at any time
• Cloud sync uses your existing Apple ID - no additional account needed

4. Data Processing

GlucoFlow processes your health data locally on your device to provide features like:

• Calculating averages, trends, and time-in-range statistics
• Generating charts and insights from your glucose readings
• Creating PDF reports for your healthcare provider
• Sending reminders and notifications (locally scheduled)

All processing happens on your device. We never see or analyze your health data.

5. Third-Party Services

Services We Use:

• Apple App Store - For app distribution (Apple's privacy policy applies)
• RevenueCat - For subscription management (see "Premium Features" section below)

Services We DON'T Use:

• No Google Analytics, Facebook Analytics, or usage tracking
• No advertising networks or ad tracking
• No crash reporting that includes personal data
• No social media integration

6. Premium Features & Subscription

GlucoFlow offers optional premium features through in-app purchase:

• RevenueCat processes subscription payments and provides anonymous usage analytics
• RevenueCat may collect anonymous identifiers to prevent subscription fraud
• No health data is shared with RevenueCat - only subscription status
• You can review RevenueCat's privacy policy at: revenuecat.com/privacy

7. Widgets & App Extensions

GlucoFlow's home screen widgets:

• Display your recent glucose readings on your home screen
• Data is shared between the main app and widgets using secure App Groups
• Widget data is encrypted and stored locally on your device
• No widget data is transmitted to external servers

8. Data Export & Sharing

You have complete control over your data:

• Export your data anytime as PDF reports or CSV files
• Share with healthcare providers - only when you choose to
• Delete all data by uninstalling the app or using the reset feature
• Exported data is only shared when you explicitly choose to (email, print, etc.)

9. Children's Privacy (COPPA Compliance)

GlucoFlow may be used by families managing diabetes:

• We do not knowingly collect personal information from children under 13
• No account registration means no personal information is collected from users of any age
• Parents have full control over their child's health data since it's stored locally
• If you believe a child has provided information to us, please contact us immediately

10. International Users

GlucoFlow is designed to comply with international privacy laws:

• GDPR (European Union) - No personal data collection means no GDPR compliance issues
• CCPA (California) - We don't sell personal information because we don't collect it
• PIPEDA (Canada) - Local storage ensures data sovereignty
• All jurisdictions - Local-first approach ensures compliance everywhere

11. Security Measures

We protect your data through:

• Encryption at rest - All local data encrypted with AES-256
• Secure key storage - Encryption keys stored in iOS Keychain
• App Transport Security - All network connections use HTTPS
• Code signing - App integrity verified by Apple
• Regular security updates - We promptly address security vulnerabilities

12. Data Retention

• Your glucose data - Stored locally until you delete it
• App settings - Stored locally until you reset or uninstall
• Cloud sync data - Managed by your iCloud storage settings
• Subscription data - Managed by RevenueCat according to their retention policy

13. Your Rights

Since we don't collect your personal data, you automatically have:

• Right to privacy - Your data never leaves your control
• Right to access - You have complete access to all your data in the app
• Right to portability - Export your data anytime
• Right to deletion - Uninstall the app or use reset feature
• Right to object - No data collection means nothing to object to

14. Changes to This Policy

If we update this Privacy Policy:

• We will post the new policy on this page with an updated date
• Material changes will be announced in the app
• Your continued use constitutes acceptance of the updated policy
• We will never change our core principle: your data stays private

15. Contact Information

16. Legal Basis for Processing (GDPR)

For EU users, our legal basis for any data processing is:

• Legitimate Interest - Providing app functionality and support
• Consent - For optional features like cloud sync
• Contract - For premium subscription services

This policy is effective as of October 23, 2025, and applies to GlucoFlow version 1.0 and later.