Privacy Policy

1. Introduction

GlucoGuide Ltd ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered diabetes management platform.

We are registered in England and Wales (Company Number: [To be added]) with our registered office at [Address to be added]. We are registered with the Information Commissioner's Office (ICO) under registration number [To be added].

For the purposes of UK data protection law, we are the data controller responsible for your personal data.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, date of birth
• Health profile: diabetes type, diagnosis date, treatment regimen
• Preferences and settings you configure in the app
• Communications you send to us (support requests, feedback)

2.2 Health Data from Connected Devices

With your explicit consent, we collect health data from devices and services you connect, including:

• Continuous glucose monitor (CGM) readings from Dexcom, Freestyle Libre
• Activity and exercise data from Apple Health, Fitbit, Garmin, Strava
• Sleep data from Oura, Whoop, and other sleep trackers
• Nutrition and meal data from MyFitnessPal, Cronometer, FatSecret

2.3 Automatically Collected Information

• Device information: device type, operating system, app version
• Usage data: features used, interaction patterns, timestamps
• Location data: general location (with consent) for weather-based insights
• Technical logs: error reports, performance data

3. How We Use Your Information

We process your data based on the following legal bases under UK GDPR:

3.1 With Your Explicit Consent (Article 9(2)(a))

• Processing health data to provide personalised glucose insights
• AI-powered analysis of your health patterns
• Sending you marketing communications

3.2 To Perform Our Contract With You (Article 6(1)(b))

• Creating and managing your account
• Providing the GlucoGuide service and features
• Processing payments and managing subscriptions
• Sending service-related communications

3.3 For Our Legitimate Interests (Article 6(1)(f))

• Improving and developing our services
• Ensuring security and preventing fraud
• Analysing aggregated, anonymised usage patterns

3.4 To Comply With Legal Obligations (Article 6(1)(c))

• Responding to lawful requests from authorities
• Meeting regulatory requirements
• Maintaining records as required by law

4. Special Category Data

Health data is classified as "special category data" under UK GDPR and receives enhanced protection. We only process your health data with your explicit consent, which you provide when you:

• Create an account and accept our terms
• Connect a glucose monitor or health device
• Enable specific features that require health data analysis

You may withdraw your consent at any time through the app settings or by contacting us, though this may affect our ability to provide certain services.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share data with:

5.1 Service Providers

• Cloud hosting providers (data stored in UK/EU data centres)
• Analytics providers (anonymised data only)
• Payment processors (PCI-DSS compliant)
• Health data aggregators (Terra API) under strict data processing agreements

5.2 Legal Requirements

We may disclose data when required by law, court order, or to protect our legal rights.

6. International Data Transfers

We primarily store and process data within the United Kingdom and European Economic Area. Where data is transferred outside these regions, we ensure adequate protection through:

• Standard Contractual Clauses approved by the UK ICO
• Adequacy decisions by the UK government
• Binding Corporate Rules where applicable

7. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

• Account data: retained while your account is active, deleted within 30 days of account closure
• Health data: retained for 7 years from collection (in line with medical record guidelines)
• Usage analytics: anonymised after 24 months
• Marketing preferences: retained until you unsubscribe

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time
• Rights related to automated decision-making: Request human review of automated decisions

To exercise these rights, contact us at privacy@glucoguide.co.uk. We will respond within one month.

9. Data Security

We implement robust security measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Employee training on data protection
• Incident response procedures

10. Children's Privacy

GlucoGuide is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the app. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices: