Privacy Policy

Protecting your health data is our highest priority

Last Updated: December 2023

Quick Navigation

1. Overview

SugarMate ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our diabetes management application and related services.

By using SugarMate, you consent to the practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Health Information

We collect and process the following types of health-related information:

  • Blood Glucose Data: Glucose readings, timestamps, testing conditions, and related notes
  • Medication Information: Insulin doses, medication schedules, and prescription details
  • Dietary Information: Food intake, carbohydrate counts, meal timing, and nutritional data
  • Physical Activity: Exercise duration, intensity, and type of activities
  • Vital Signs: Blood pressure, weight, heart rate, and other health metrics
  • Symptoms and Feelings: Energy levels, mood, and diabetes-related symptoms
  • Medical History: Diabetes type, diagnosis date, complications, and treatment history

2.2 Personal Information

  • Account Information: Name, email address, date of birth, and contact details
  • Profile Data: Username, profile picture, and personal preferences
  • Healthcare Provider Information: Doctor's contact details and clinic information (optional)

2.3 Technical Information

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: App interactions, feature usage patterns, and session duration
  • Location Data: Approximate location for emergency services (with your consent)
  • Connectivity Data: Integration with glucose meters, fitness trackers, and health apps

3. How We Use Your Information

3.1 Primary Purposes

  • Health Management: Provide diabetes tracking, monitoring, and management tools
  • Personalized Insights: Generate customized recommendations and health insights
  • Trend Analysis: Identify patterns in your glucose levels and health metrics
  • Alert Systems: Notify you of concerning glucose levels or medication reminders
  • Report Generation: Create comprehensive health reports for healthcare providers

3.2 Service Improvement

  • Enhance app functionality and user experience
  • Develop new features based on user needs
  • Conduct research to improve diabetes management tools
  • Troubleshoot technical issues and provide customer support

3.3 Communication

  • Send important account and security notifications
  • Provide customer support and respond to inquiries
  • Share educational content about diabetes management (with your consent)
  • Notify you about app updates and new features

4. How We Share Your Information

4.1 No Sale of Personal Data

We do not sell, rent, or trade your personal health information to third parties for marketing purposes.

4.2 Permitted Disclosures

We may share your information only in the following limited circumstances:

4.2.1 Healthcare Providers

  • Share health reports with your designated healthcare team (with your explicit consent)
  • Provide data for medical consultations and treatment planning
  • Enable care coordination between multiple providers

4.2.2 Emergency Situations

  • Contact emergency services if severe hypoglycemia or hyperglycemia is detected
  • Share critical health information with first responders (only when necessary to protect your life)

4.2.3 Service Providers

  • Cloud storage providers (with encryption and strict data processing agreements)
  • Analytics services (using anonymized and aggregated data only)
  • Customer support platforms (limited to necessary information for issue resolution)

4.2.4 Legal Requirements

  • Comply with valid legal processes, court orders, or government requests
  • Protect against fraud, abuse, or harmful activities
  • Enforce our terms of service and protect our legal rights

4.3 Research and Development

We may use anonymized, aggregated data for:

  • Diabetes research and public health studies
  • Algorithm improvement and machine learning
  • Population health trend analysis
  • Collaboration with academic and medical institutions

5. Security Measures

5.1 Technical Safeguards

  • Encryption: End-to-end encryption for data transmission and AES-256 encryption for data storage
  • Access Controls: Multi-factor authentication and role-based access restrictions
  • Network Security: Secure API endpoints, firewall protection, and intrusion detection
  • Data Backup: Automated, encrypted backups with secure recovery procedures

5.2 Administrative Safeguards

  • Regular security training for all employees
  • Background checks for personnel with access to health data
  • Incident response procedures and breach notification protocols
  • Regular security audits and vulnerability assessments

5.3 Physical Safeguards

  • Secure data centers with 24/7 monitoring
  • Restricted physical access to servers and equipment
  • Environmental controls and redundant power systems
  • Secure disposal of hardware and storage media

6. Your Rights and Choices

6.1 Access and Control

  • Access: View all personal and health data we have collected about you
  • Correction: Update or correct inaccurate information in your account
  • Export: Download your data in a portable format
  • Deletion: Request deletion of your account and associated data

6.2 Privacy Controls

  • Adjust data sharing preferences with healthcare providers
  • Control which health metrics are tracked and stored
  • Manage notification and communication preferences
  • Opt out of research participation and data analytics

6.3 Data Portability

  • Export your health data to other diabetes management platforms
  • Share data with new healthcare providers
  • Transfer data between devices and accounts

6.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@sugarmate.com or use the privacy controls in your account settings. We will respond to your request within 30 days.

7. Legal Compliance

7.1 HIPAA Compliance

SugarMate operates as a Personal Health Record (PHR) and implements administrative, physical, and technical safeguards that meet or exceed HIPAA requirements for protecting health information.

7.2 GDPR Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR), including:

  • Lawful basis for processing personal data
  • Data minimization and purpose limitation principles
  • Enhanced user rights and consent mechanisms
  • Data Protection Impact Assessments (DPIAs)

7.3 Other Regulations

  • CCPA: California Consumer Privacy Act compliance for California residents
  • FDA: Adherence to FDA guidelines for digital health applications
  • SOC 2: Type II compliance for security and privacy controls

8. Data Retention

8.1 Retention Periods

  • Active Accounts: Data retained while your account is active and for reasonable backup purposes
  • Inactive Accounts: Data retained for 3 years after last login, then securely deleted
  • Deleted Accounts: Most data deleted within 30 days; some data retained for legal compliance
  • Research Data: Anonymized data may be retained indefinitely for research purposes

8.2 Secure Deletion

When data is deleted, we use secure deletion methods that make recovery impossible, including cryptographic erasure and physical destruction of storage media when necessary.

9. Children's Privacy

SugarMate is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. For users between 13-17 years old, parental consent is required before creating an account.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@sugarmate.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by regulatory authorities
  • Adequacy decisions by relevant data protection authorities
  • Appropriate technical and organizational measures

11. Policy Updates

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will:

  • Notify you of material changes via email or in-app notification
  • Post the updated policy on our website with the effective date
  • Maintain previous versions for your reference
  • Obtain your consent for changes that materially affect your rights

12. Contact Information

12.1 Privacy Officer

For privacy-related questions or concerns, contact our Privacy Officer:

  • Email: privacy@sugarmate.com
  • Phone: 1-800-SUGAR-MATE (1-800-784-2762)
  • Mail: SugarMate Privacy Officer, 123 Health Tech Drive, Suite 100, San Francisco, CA 94105

12.2 Data Protection Representative (EU)

For users in the European Union:

  • Email: dpo@sugarmate.com
  • Address: SugarMate EU Representative, 456 Privacy Street, Dublin 2, Ireland

12.3 Response Time

We commit to responding to privacy inquiries within:

  • General Questions: 5 business days
  • Data Requests: 30 days
  • Security Incidents: 24 hours
  • GDPR Requests: 30 days (with possible 60-day extension for complex requests)

Effective Date: December 1, 2023

Version: 2.1

This Privacy Policy governs your use of SugarMate and supersedes all previous versions. By continuing to use our services after any changes take effect, you agree to the updated policy.