1 Information We Collect
GlucoTrack collects only the data necessary to provide and improve the service. We never collect data in the background or access information beyond what you provide.
Personal Information
| Data | Purpose | Required |
|---|---|---|
| Email address | Account creation, authentication, password recovery | Yes |
| Display name | Personalised app experience | No |
| Profile photo URL | Avatar display in the app | No |
| Phone number | Optional profile field | No |
| Date of birth | Age-appropriate health context | No |
| Diabetes type | Tailoring glucose range defaults | No |
Health & Medical Data
| Data | Purpose |
|---|---|
| Blood glucose readings (value, date/time, meal tag, notes) | Logging, trends, clinical metrics (TIR, GMI, CV%) |
| Medications (name, type, unit, frequency, dosage) | Medication tracking and reminders |
| Medication entries (dosage taken, date/time) | Adherence tracking |
| Glucose settings (target ranges, measurement unit) | Personalised glucose classification |
| Goals (TIR target %, daily readings target) | Goal tracking and streak computation |
Technical Data
| Data | Purpose |
|---|---|
| Device type & OS version | Crash diagnosis and compatibility |
| App version | Bug tracking and update management |
| Timezone | Accurate notification scheduling |
Subscription Data
If you subscribe to GlucoTrack Pro, purchase and subscription status data is processed by our payment partner, RevenueCat. We receive your subscription status and entitlements but never see or store your payment card details.
What we do NOT collect: Location data, contacts, photos, calendar data, browsing history, advertising identifiers, or any data from continuous glucose monitors or medical devices.
2 How We Use Your Information
Your data is used solely to provide and improve the GlucoTrack service:
- Core functionality — Displaying your glucose history, trends, insights, clinical metrics (Time in Range, GMI, Coefficient of Variation), and medication records
- Cross-device sync — Securely synchronising your data across devices when you are signed in
- Notifications — Sending local reminders you configure (glucose check reminders, medication reminders, streak reminders)
- Data export — Generating PDF and CSV reports of your health data at your request
- App improvement — Analysing anonymised crash reports to fix bugs and improve reliability
- Subscription management — Verifying your Pro subscription status to unlock premium features
We do not use your health data for advertising, profiling, or analytics. We will never sell, rent, or share your personal health data with third parties for marketing purposes.
3 Data Storage & Security
Local Storage
Your glucose readings, medications, and settings are stored locally on your device using an SQLite database. This data remains on your device even without an internet connection, ensuring you always have access to your records.
Cloud Storage
When you are signed in, your data is optionally synced to our cloud backend powered by Supabase (hosted on AWS infrastructure). Cloud storage enables cross-device access and data backup.
Security Measures
- Encryption in transit — All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
- Row-Level Security (RLS) — Cloud database enforces row-level security policies, meaning you can only access your own data
- Authentication — Access to your account is protected by industry-standard authentication (email/password or Google OAuth), managed by Supabase Auth
- Isolated storage — Your data is logically isolated from other users' data in our database
Device Permissions
| Permission | Why We Need It |
|---|---|
| Internet | Cloud sync, authentication, subscription verification |
| Notifications | Local glucose reminders, medication reminders, and streak reminders you configure |
| Exact Alarms | Ensuring reminders fire at the precise times you set |
| Boot Completed | Restoring your scheduled reminders after a device restart |
4 Third-Party Services
GlucoTrack integrates with the following third-party services, each operating under their own privacy policies:
| Service | Purpose | Data Shared | Policy |
|---|---|---|---|
| Supabase | Cloud database, authentication, and data sync | Account credentials, profile data, health records (glucose, medications, settings) | Privacy Policy |
| RevenueCat | In-app subscription and purchase management | Anonymous user identifier, subscription status, purchase history | Privacy Policy |
| Google Sign-In | Optional OAuth authentication | Name, email, profile picture (only if you choose to sign in with Google) | Privacy Policy |
We carefully selected these services for their security practices and compliance standards. We encourage you to review their privacy policies independently.
5 Data Sharing
We do not sell, trade, or rent your personal information to third parties. We may share data only in these limited circumstances:
- Service providers — With the third-party services listed above, solely to operate the app (authentication, data storage, subscription management)
- Legal requirements — If required by law, regulation, legal process, or governmental request
- Safety — To protect the rights, property, or safety of GlucoTrack, our users, or the public
- Your consent — With any other party when you explicitly consent (e.g., sharing an exported report with your healthcare provider)
- Business transfer — In connection with a merger, acquisition, or sale of assets, in which case we will notify you before your data is transferred
6 Data Retention & Deletion
We retain your data for as long as your account is active and as needed to provide you the service.
Account Deletion
You can request deletion of your account and all associated data at any time. Upon deletion:
- All personal and health data is permanently removed from our cloud servers within 30 days
- Local data on your device is removed when you uninstall the app
- Anonymised, aggregated data that cannot identify you may be retained for service improvement
Sync Queue Data
Pending sync operations are stored temporarily on your device and automatically cleaned up after successful synchronisation. Failed sync items are retried up to 5 times and then discarded. Successfully synced items are purged after 7 days.
Important: If you uninstall the app without syncing your data to the cloud, locally stored data will be permanently lost. We recommend signing in and syncing regularly to maintain a backup.
7 Your Rights
Under GDPR (European Economic Area)
If you are located in the EEA, you have the following rights under the General Data Protection Regulation:
- Right of access — Request a copy of the personal data we hold about you
- Right to rectification — Request correction of inaccurate personal data
- Right to erasure — Request deletion of your personal data ("right to be forgotten")
- Right to data portability — Receive your data in a structured, machine-readable format (GlucoTrack supports PDF and CSV export)
- Right to restrict processing — Request limitation of how we process your data
- Right to object — Object to processing of your data for certain purposes
- Right to withdraw consent — Withdraw consent at any time where processing is based on consent
Our lawful basis for processing your health data is your explicit consent, which you provide when creating an account and entering health information into the app.
Under CCPA (California)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know — What personal information we collect, use, disclose, and sell
- Right to delete — Request deletion of personal information we collected from you
- Right to opt-out — Opt out of the sale of personal information (we do not sell your data)
- Right to non-discrimination — You will not receive discriminatory treatment for exercising your rights
Exercising Your Rights
To exercise any of these rights, contact us at privacy@glucotrack.app. We will respond to your request within 30 days. You may also export your data directly from the app using the built-in PDF and CSV export features.
8 Children's Privacy
GlucoTrack is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@glucotrack.app.
If we discover we have collected personal information from a child under 13 without parental consent, we will promptly delete that information from our servers.
9 International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our cloud infrastructure provider (Supabase / AWS) operates data centres.
When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Encryption of data in transit and at rest
- Compliance with applicable data protection laws
10 Health Data Disclaimer
GlucoTrack is a personal health tracking tool, NOT a medical device.
GlucoTrack is intended to help you log and visualise your glucose data. It does not provide medical advice, diagnosis, or treatment. The clinical metrics displayed (Time in Range, Glucose Management Indicator, Coefficient of Variation) are informational estimates only.
- Always consult a qualified healthcare professional before making any changes to your diet, medication, or health management plan
- Do not rely on this app as a substitute for professional medical judgement
- GlucoTrack is not a HIPAA-covered entity. While we take data security seriously, the app is not designed to meet HIPAA compliance requirements
- The app does not connect to or replace continuous glucose monitors (CGMs), insulin pumps, or any medical device
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
When we make material changes:
- We will update the "Effective Date" at the top of this page
- We will notify you via an in-app notification or email before the changes take effect
- We will obtain your consent again if required by applicable law
Continued use of GlucoTrack after the updated policy takes effect constitutes acceptance of the revised terms. We encourage you to review this page periodically.
12 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
| Privacy inquiries | privacy@glucotrack.app |
| General / Legal | legal@glucotrack.app |
| Response time | Within 30 days of receipt |
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.