Privacy Policy

Last updated: January 2025

GlucoBell ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how the GlucoBell mobile applications (patient and doctor apps) and associated services (collectively, the "Service") collect, use, store, share, and protect your personal and health information.

By using GlucoBell, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (first and last)
  • Authentication credentials (managed securely via Firebase Authentication)
  • Google account information (if you choose Google Sign-In)

1.2 Health & Medical Data

To provide diabetes management features, we collect the health data you voluntarily enter:

  • Blood glucose readings (values, meal tags, time of day)
  • Blood pressure readings (systolic, diastolic, pulse, body position)
  • Medication records (names, dosages, schedules, adherence data)
  • Insulin dose records (type, units, timing)
  • Food intake logs (meal type, items, nutrition data from AI food scanning)
  • Activity and step count data
  • Mood and stress levels
  • Period/menstrual cycle data (if opted in)
  • Side effect reports
  • Weight and HbA1c records
  • Scanned medical reports (images, extracted OCR text)

1.3 Profile & Onboarding Data

During onboarding, you may provide:

  • Diabetes type and year of diagnosis
  • Family history of diabetes
  • Current medications and allergies
  • Comorbidities (e.g., hypertension, thyroid conditions)
  • Diet preference and activity level
  • Sleep patterns, alcohol, and smoking status
  • Women's health information (menstrual cycle, PCOS/PCOD, pregnancy status) — only if you opt in

1.4 Device & Technical Data

We may automatically collect:

  • Device type, operating system, and app version
  • Firebase installation identifiers
  • Crash reports and performance data (via Firebase Crashlytics)
  • App usage analytics (aggregated, via Firebase Analytics)

1.5 Camera & Image Data

When you use the camera features (glucose OCR, blood pressure OCR, food scanning, report scanning), images are processed as follows:

  • Glucose & BP OCR: Images are processed on-device using Google ML Kit. Images are not uploaded to our servers.
  • AI Food Scanning: Food images are sent to OpenAI's Vision API for analysis. Images are processed in real-time and are not stored by us or OpenAI beyond the processing session.
  • Report Scanning: Scanned report images may be uploaded to secure cloud storage (Cloudinary) for access across devices, under your control.

2. How We Use Your Information

We use your information to:

  • Provide Core Features: Enable blood sugar tracking, medication management, food logging, reports, and health trend analysis.
  • AI-Powered Features: Generate personalized health suggestions, food nutrition analysis, and OCR scanning — all with data de-identification before AI processing.
  • Doctor Collaboration: Share your health data with doctors you have explicitly connected with, enabling remote monitoring, task assignment, and chat communication.
  • Notifications: Send medication reminders, glucose check reminders, doctor messages, and task alerts (only with your consent).
  • Improve the Service: Analyze aggregated, anonymized usage patterns to improve features and user experience.
  • Account Security: Authenticate your identity, prevent unauthorized access, and maintain account security.

3. Data Storage & Security

3.1 Encryption

We employ industry-leading encryption to protect your health data:

  • Field-Level Encryption: Protected Health Information (PHI) — including names, phone numbers, and medical specialties — is encrypted at the field level using AES-256-GCM before storage.
  • Transport Encryption: All data in transit is protected by TLS 1.2+.
  • Secure Token Storage: Authentication tokens are stored using platform-secure storage (flutter_secure_storage) on your device.

3.2 Offline-First Architecture

GlucoBell stores all health data locally on your device first (using encrypted local storage). Data is synced to our cloud servers only when an internet connection is available. This means:

  • Your data is always accessible, even without internet
  • You have a complete local copy of your health records
  • Sync occurs in the background with prioritized queuing

3.3 Cloud Infrastructure

Cloud data is stored on MongoDB Atlas with encryption at rest. Our API server runs on Google Cloud Platform with standard security configurations including firewall rules, Docker containerization, and restricted network access.

4. Data Sharing

4.1 With Your Doctor

When you connect with a healthcare provider through GlucoBell (via QR code scan or secure invitation link):

  • Your doctor can view the health data you choose to share (glucose, BP, medications, reports, etc.)
  • Your doctor can send you messages, tasks, and AI-approved suggestions
  • You can revoke doctor access at any time

4.2 AI Processing Partners

  • OpenAI: For food image analysis and health suggestion generation. All data sent to OpenAI is de-identified (personal identifiers removed) before processing. We use OpenAI's API with data usage policies that prevent training on your data.

4.3 Service Providers

  • Firebase (Google): Authentication, push notifications, analytics, crash reporting
  • Cloudinary: Secure storage of uploaded report images
  • MongoDB Atlas: Cloud database hosting

4.4 We Do NOT

  • Sell your personal data or health information to third parties
  • Share your data with advertisers
  • Use your health data for advertising purposes
  • Share identifiable health data without your explicit consent

5. Your Rights & Choices

You have the following rights regarding your data:

  • Access: View all your stored health data within the app at any time.
  • Export: Export your complete health history as PDF or CSV for any date range.
  • Correction: Edit or correct any health records you have entered.
  • Doctor Access Control: Connect or disconnect from doctors at any time, controlling exactly what data they can see.
  • Notification Control: Configure or disable any notification category through notification settings.
  • Consent Withdrawal: Withdraw consent for optional features (research participation, cycle tracking, etc.) at any time.
  • Account Deletion: Request complete deletion of your account and associated data by contacting us at support@glucobell.com.

6. Data Retention

  • Health data: Retained as long as your account is active, to provide a complete health history.
  • Account data: Retained until you request deletion.
  • Analytics data: Aggregated and anonymized; retained for service improvement.
  • Camera/image data: Food scan images are not retained after processing. Report images are retained as long as you choose to store them.

7. Children's Privacy

GlucoBell is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at support@glucobell.com and we will promptly delete it.

8. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before providing any personal information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the app and updating the "Last Updated" date. Continued use after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your data, please contact us: