Privacy Policy — GlucoGuard

GlucoGuard is the first app of its kind to gather all health data relevant to all types of diabetes, store it on your device, and analyse it to produce insights that are specific to you. Your health data is sensitive — this policy explains exactly what we access, where it goes, and what we never do with it.

What Data We Access

GlucoGuard reads the following data from Apple Health on your device. You choose which categories to grant during onboarding and can change permissions at any time in iOS Settings.

Data type	Purpose	Where processed
Blood glucose readings & trends	Core monitoring dashboard	On device
Insulin delivery (basal & bolus)	IOB calculation & insights	On device
Carbohydrate entries	COB tracking & insights	On device
Heart rate & HRV	Wellness metrics & insights	On device
Sleep stages & duration	Sleep score & glucose correlation	On device
Activity, steps & workouts	Activity metrics & insights	On device
SpO2, respiratory rate, VO2 max	Wellness overview	On device
Body weight & BMI	Health trend display	On device

      Read-only: GlucoGuard never writes to, modifies, or deletes your Apple Health records.
    

AI Insights & Third-Party Data Sharing

GlucoGuard offers optional AI-powered insights using Anthropic's Claude AI. This feature is off by default. Before it activates, the app will:

Show you exactly what data will be sent (glucose, insulin, carbs, heart rate, sleep, activity)
Identify Anthropic, Inc. as the recipient of that data
Require your explicit "I Agree" tap — the feature cannot run without consent

When you consent, an anonymised snapshot of your health data is sent to Anthropic's API for pattern analysis. No name, Apple ID, email, or device identifier is ever included. GlucoGuard does not store your health data on any server.

You can withdraw consent at any time in More → About → AI Insights (Anthropic). Revoking consent stops all future data sharing immediately.

      Anthropic's privacy policy governs data received via their API. Review it at anthropic.com/privacy. GlucoGuard has no control over data once it is sent to Anthropic.
    

Push Notifications & Backend Server

GlucoGuard can deliver urgent glucose alerts as push notifications. To enable this, your device push token is registered with the backend server URL you configure in Settings.

Your push token is used only to route alert notifications to your device
It is never linked to your health data or shared with third parties
No health data is transmitted to the notification server — only the push token and an alert type string

You can disable notifications at any time in iOS Settings → GlucoGuard → Notifications.

GlucoGuard Monitor (Companion App)

The optional Monitor app lets a caregiver or family member view your glucose data in real time.

A unique session ID and AES-256 encryption key are generated locally on your device — the key is embedded in the QR code only and is never sent to any server
Data snapshots are encrypted on your device before transmission. The relay server stores ciphertext only — it cannot read the content
Only someone who physically scans your QR code can decrypt and view data
Snapshots are automatically deleted from the relay after one hour
You can end any session instantly from More → Monitor App → End Session

What We Never Do

Sell, rent, or share your health data with advertisers or data brokers
Store your Apple Health data on any server
Collect your name, email, Apple ID, or location
Display any advertising
Access your data in the background beyond the 15-minute scheduled refresh required for timely glucose alerts
Connect to or control any insulin pump, CGM hardware, or other medical device — all data is read from Apple Health only

HealthKit Permission Request

During onboarding, GlucoGuard explains which Health categories it needs and why, before the iOS system permission prompt appears. Tapping "Continue" proceeds to the standard iOS HealthKit sheet where you individually allow or deny each category. You are never required to grant access — the app functions in a limited capacity without it.

If you previously denied access, re-enable it in iOS Settings → Privacy & Security → Health → GlucoGuard.

Medical Disclaimer

      GlucoGuard is a personal health monitoring tool, not a medical device. It reads data from Apple Health and does not connect to or control any medical hardware. It does not diagnose, treat, prevent, or cure any medical condition. All data, calculations, and AI-generated insights are informational only and are not a substitute for professional medical advice. Always consult your diabetes care team before making any changes to your treatment.
    

Children's Privacy

GlucoGuard is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has used the app and personal data may have been collected, please contact us immediately.

Data Retention & Deletion

All health data processed by GlucoGuard is stored locally on your device. Deleting the app removes all locally stored data. GlucoGuard does not maintain a user account or server-side health database, so no additional deletion request is needed.

If you consented to AI insights, Anthropic may retain API request data per their own retention policy. GlucoGuard has no control over that data once sent.

Changes to This Policy

We may update this policy from time to time. When we do, we will update the effective date at the top of this page and notify you within the app where appropriate. Continued use of GlucoGuard after changes are posted constitutes acceptance of the updated policy.

Contact

Questions about this policy or requests related to your data?

privacy@glucoguard.app