Privacy Policy
Effective Date: January 24, 2026 Last Updated: January 24, 2026
1. Introduction
Sugarlytics (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (“the App”).
Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.
1.1 Geographic and Platform Scope
Sugarlytics is currently available only on iOS devices in the United States. The App requires a Dexcom continuous glucose monitor (CGM) for core functionality. This Privacy Policy applies to users located in the United States. We do not offer or support the App on Android or outside of the United States at this time.
2. Information We Collect
2.1 Health Data
We collect sensitive health-related data that you provide or that is synchronized from connected devices:
| Data Type | Source | Purpose |
|---|---|---|
| Glucose readings | Dexcom CGM (with your authorization) | Display historical trends, pattern analysis |
| Meal logs | Your manual entries | Correlate food with glucose response |
| Insulin doses | Your manual entries | Track medication timing |
| Exercise events | Your manual entries | Analyze activity impact on glucose |
| Weight | Your manual entries | Health profile tracking |
| Health profile | Your manual entries during onboarding | Personalization (A1C, diabetes type, target range) |
2.2 Account Information
- Authentication data via Clerk (Apple ID, email address)
- Profile information you provide (name, diabetes type, health metrics)
- Acceptance timestamps for Terms of Service and Privacy Policy
2.3 Usage Data
- App interaction patterns
- Feature usage statistics
- Crash reports and error logs
2.4 Device Information
- Device type and operating system
- App version
- Time zone
3. How We Use Your Information
We use your information to:
- Provide core functionality: Display glucose data, log events, generate insights
- Personalize your experience: Customize based on diabetes type and preferences
- Improve the App: Analyze usage patterns, fix bugs, develop new features
- Comply with legal obligations: Respond to legal requests, enforce our terms
- Communicate with you: Send important updates about the App or your account
3.1 AI-Powered Features
We use Google Gemini AI to analyze meal descriptions and estimate nutritional content. When you log a meal:
- Your meal description is sent to Google’s API
- Google processes the text to estimate carbohydrates, protein, fat, and calories
- The response is stored with your meal log
- Google’s use of this data is governed by their privacy policy
4. Third-Party Data Sharing
We share your data with the following third parties:
4.1 Dexcom
Purpose: CGM data synchronization Data shared: OAuth tokens for API access Their policy: dexcom.com/privacy
When you connect your Dexcom account:
- We receive your glucose readings in real-time via the Dexcom Share API
- We store glucose data in our database for historical analysis
- We do not share your Dexcom data with other users or third parties
4.2 Google Gemini AI
Purpose: Meal analysis and nutritional estimation Data shared: Meal descriptions (text only, no photos stored by Google) Their policy: policies.google.com/privacy
4.3 Clerk
Purpose: User authentication Data shared: Authentication tokens, email address Their policy: clerk.com/legal/privacy
4.4 RevenueCat
Purpose: Subscription management Data shared: Purchase receipts, subscription status Their policy: revenuecat.com/privacy
4.5 Convex
Purpose: Database and backend services Data shared: All app data is stored in Convex Their policy: convex.dev/legal/privacy
5. Data Storage and Security
5.1 Data Storage
Your data is stored in:
- Convex cloud database (primary data storage)
- Secure device storage (authentication tokens, local cache)
5.2 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest (database encryption)
- Access controls and authentication
- Regular security assessments
5.3 Data Retention
We retain your data:
- While your account is active: All data retained for app functionality
- After account deletion: All data permanently deleted within 30 days
- Backup copies: Purged within 90 days of deletion request
6. Your Rights
6.1 Access and Portability
You can view all your data within the App. Contact us to request a copy of your data in a portable format.
6.2 Correction
You can edit your profile information and logged events directly in the App.
6.3 Deletion
You can delete your account and all associated data from Settings > Delete Account. This action:
- Removes all your data from our systems
- Disconnects third-party integrations
- Cannot be undone
6.4 GDPR Rights (European Users)
If you are in the European Economic Area, you have additional rights under GDPR:
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
To exercise these rights, contact us at privacy@sugarlytics.com.
6.5 CCPA Rights (California Residents)
If you are a California resident, you have rights under CCPA:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to say no to the sale of personal information
- Right to access your personal information
- Right to equal service and price
We do not sell your personal information.
To exercise these rights, contact us at privacy@sugarlytics.com.
7. Children’s Privacy
Sugarlytics is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country. We ensure appropriate safeguards are in place for such transfers.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy in the App
- Updating the “Last Updated” date
- Sending an email notification for material changes
Your continued use of the App after changes constitutes acceptance of the updated policy.
10. Contact Us
For questions or concerns about this Privacy Policy or our data practices:
Email: privacy@sugarlytics.com
For data deletion requests or GDPR/CCPA inquiries:
Email: privacy@sugarlytics.com Subject line: Data Request - [Your Request Type]
This Privacy Policy was last updated on January 24, 2026.