Privacy Policy

GDPR Compliant

This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Data Controller

Blood Sugar Tracker is the data controller for your personal information. You can contact us at: privacy@bloodsugartracker.com

2. Legal Basis for Processing

We process your personal data based on:

  • Consent (Article 6(1)(a) GDPR): For health data processing and analytics
  • Contract Performance (Article 6(1)(b) GDPR): To provide our tracking services
  • Legitimate Interest (Article 6(1)(f) GDPR): For security and service improvement

3. Information We Collect

  • Personal Data: Name, email address, age, country, gender
  • Health Data (Special Category): Blood glucose readings, timestamps, meal timing
  • Technical Data: IP address, browser type, session data
  • Usage Data: How you interact with our application

4. How We Use Your Information

  • Provide blood sugar tracking and analytics services
  • Generate personalized health insights and reports
  • Send service-related communications
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

5. Data Sharing and Transfers

We do not sell your personal data. We may share data with:

  • Service Providers: Database hosting, email services (under strict data processing agreements)
  • Legal Requirements: When required by law or to protect our rights
  • Research: Only aggregated, anonymized data for public health research

Data transfers outside the EU are protected by appropriate safeguards under GDPR Article 46.

6. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access (Article 15): Request copies of your personal data
  • Right to Rectification (Article 16): Correct inaccurate personal data
  • Right to Erasure (Article 17): Request deletion of your personal data
  • Right to Restrict Processing (Article 18): Limit how we use your data
  • Right to Data Portability (Article 20): Receive your data in a portable format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Rights Related to Automated Decision-making (Article 22): Protection from automated profiling

To exercise these rights, contact us at privacy@bloodsugartracker.com. We will respond within 30 days.

7. Data Protection & Security

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Data Minimization: We only collect necessary data
  • Pseudonymization: Health data processed with privacy-enhancing techniques

8. Data Retention

  • Active Accounts: Data retained while account is active
  • Inactive Accounts: Data deleted after 3 years of inactivity
  • Account Deletion: All personal data permanently deleted within 30 days
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

9. Cookies and Tracking

We use essential cookies for functionality. No tracking or advertising cookies are used. Session cookies are deleted when you close your browser.

10. Age Restrictions

Our service is only available to individuals 18 years and older. We do not knowingly collect data from children under 18.

11. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR Article 33.

12. International Transfers

If your data is transferred outside the European Economic Area, it will be protected by:

  • Adequacy decisions from the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Other appropriate safeguards under GDPR Chapter V

13. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements.

14. Changes to This Policy

We will notify you of any material changes to this privacy policy at least 30 days before they take effect. Continued use of the service constitutes acceptance of the updated policy.

15. Contact Information

Data Protection Officer: privacy@bloodsugartracker.com

Response Time: We respond to all privacy requests within 30 days

Languages: This policy is available in multiple EU languages upon request

Your Consent

By using our service, you consent to the processing of your health data as described in this policy. You can withdraw consent at any time by deleting your account.

Consent Date: Recorded upon account creation and policy updates

Last updated: July 19, 2025
GDPR Compliance Version: 2.0
Legal Review: Compliant with GDPR, UK GDPR, and CCPA