Privacy Policy

This Privacy Policy describes how Blood Sugar Monitor ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our blood glucose monitoring application and services (collectively, the "Service"). We are committed to protecting your privacy and ensuring the security of your health information.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. This policy complies with applicable United States laws, including the Health Insurance Portability and Accountability Act (HIPAA), where applicable.

1. Information We Collect

1.1 Health Information

We collect health-related information that you provide or that is generated through your use of the Service, including:

• Blood glucose readings and measurements
• Time and date stamps of measurements
• Meal information and carbohydrate intake
• Medication and insulin dosage information
• Exercise and activity data
• Weight and body measurements
• Notes and observations you add to your records
• Health trends and patterns derived from your data

1.2 Personal Information

We collect personal information necessary to provide and improve our Service:

• Name and contact information (email address, phone number)
• Date of birth and gender
• Account credentials (username and encrypted password)
• Profile information and preferences
• Healthcare provider information (if you choose to share)

1.3 Device and Usage Information

We automatically collect certain information about your device and how you interact with our Service:

• Device type, operating system, and version
• IP address and general location information
• App usage data and feature interactions
• Log data, including access times and error reports
• Cookies and similar tracking technologies

1.4 Connected Device Data

If you connect compatible blood glucose meters or other health devices to our Service, we may collect data transmitted from those devices, including device identifiers and measurement data.

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 To Provide and Maintain Our Service

• Record, store, and display your blood glucose measurements
• Generate charts, graphs, and trend analyses
• Provide personalized insights and recommendations
• Send reminders and notifications as configured by you
• Sync data across your devices

2.2 To Improve and Develop Our Service

• Analyze usage patterns to enhance user experience
• Develop new features and functionality
• Conduct research and analytics (using aggregated, de-identified data)
• Troubleshoot technical issues and improve performance

2.3 To Communicate With You

• Respond to your inquiries and support requests
• Send important notices about Service changes or updates
• Provide educational content and health tips (with your consent)
• Send marketing communications (only with your explicit opt-in consent)

2.4 To Ensure Safety and Security

• Verify your identity and prevent unauthorized access
• Detect, prevent, and address fraud or security issues
• Comply with legal obligations and enforce our Terms of Service

3. How We Share Your Information

We respect your privacy and do not sell your personal information. We may share your information only in the following circumstances:

3.1 With Your Consent

We may share your health information with healthcare providers, family members, or other third parties when you explicitly authorize us to do so through the Service's sharing features.

3.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Service, such as:

• Cloud storage and hosting providers
• Analytics and performance monitoring services
• Customer support platforms
• Payment processors (if applicable)

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice and obtain consent as required by law before your information becomes subject to a different privacy policy.

3.4 Legal Requirements

We may disclose your information when required by law or in response to valid legal processes, including:

• Compliance with court orders, subpoenas, or legal obligations
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities
• Protection of the vital interests of individuals

3.5 De-identified and Aggregated Data

We may share de-identified or aggregated data that cannot reasonably be used to identify you for research, analytics, or other purposes.

4. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols. Sensitive data is encrypted at rest using AES-256 encryption.
• Access Controls: We implement strict access controls and authentication measures to ensure only authorized personnel can access your information.
• Regular Security Audits: We conduct regular security assessments and vulnerability testing.
• Secure Infrastructure: Our Service is hosted on secure, HIPAA-compliant cloud infrastructure with regular backups.
• Employee Training: Our team members receive regular training on data privacy and security best practices.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

5. Your Rights and Choices

You have the following rights regarding your personal information:

5.1 Access and Portability

You may access, review, and download your health data at any time through the Service. You can export your data in common formats (CSV, PDF) for use with other applications or healthcare providers.

5.2 Correction and Update

You can update or correct your personal information and health records directly within the Service at any time.

5.3 Deletion

You may request deletion of your account and associated data by contacting us. Please note that we may retain certain information as required by law or for legitimate business purposes, such as resolving disputes or enforcing our agreements.

5.4 Opt-Out of Communications

You can opt out of promotional emails by using the unsubscribe link in any marketing email. You cannot opt out of essential Service-related communications.

5.5 Sharing Controls

You have full control over who can access your health information through the Service's sharing features. You can revoke access at any time.

5.6 Location Services

You can control whether the Service accesses your device's location through your device settings.

5.7 State-Specific Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other states with privacy laws, you may have additional rights, including:

• Right to know what personal information we collect
• Right to request deletion of your information
• Right to opt out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided below.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you with our Service. If you request deletion of your account, we will delete or de-identify your information within 30 days, except where we are required to retain it for:

• Compliance with legal obligations
• Resolution of disputes
• Enforcement of our agreements
• Prevention of fraud and abuse

Aggregated and de-identified data may be retained indefinitely for analytics and research purposes.

7. Children's Privacy

Our Service is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

For users between 13 and 18 years of age, we recommend that parents or guardians supervise their use of the Service and assist with account setup and management.

8. Third-Party Services and Links

Our Service may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

If you choose to connect third-party devices or services (such as fitness trackers or health platforms) to our Service, your use of those services is governed by their respective privacy policies.

9. International Data Transfers

Our Service is based in the United States. If you access our Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. HIPAA Compliance

Where applicable, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. If you are a covered healthcare provider using our Service, we may enter into a Business Associate Agreement (BAA) with you as required by HIPAA.

Please note that not all features of our Service may be HIPAA-compliant. If you require HIPAA compliance for your use case, please contact us to discuss your specific needs.

11. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You can opt out of the sale or sharing of your personal information (we do not sell personal information).
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Limit: You can limit the use of sensitive personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please contact us using the information below. We will respond to your request within 45 days.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through the Service or via email
• Obtain your consent if required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after changes to this policy constitutes your acceptance of the updated terms.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to all inquiries within 30 days.

14. Consent

By using our Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described herein. If you do not agree with this Privacy Policy, please do not use our Service.