GluClue Privacy Policy
Last Updated: October 20, 2025
1. Introduction
This Privacy Policy explains how GluClue (“GluClue,” “we,” “us,” or “our”) collects, uses, protects, and discloses information from our users (“you,” “your”). We are committed to protecting your privacy and the confidentiality of your health information.
By using the GluClue mobile application and our website, you agree to the terms of this Privacy Policy.
2. Types of Information We Collect
We collect information necessary to provide and improve GluClue’s services. The data we collect can be broadly categorized as:
Information You Provide Directly: This includes information you enter when you create an account, such as your email address and password. It also includes all the data you manually log into the app, such as your food intake, medications, and any other notes you choose to add.
Health Information from Third-Party Services: GluClue integrates with Dexcom to securely access your Continuous Glucose Monitor (CGM) data. This includes your blood glucose readings and associated timestamps. We do not receive any other information from Dexcom beyond what is necessary to display your data in the app.
Device and Usage Data: We may automatically collect information about how you access and use the app. This may include your device type, operating system version, and unique device identifiers. This data helps us improve app performance and troubleshoot issues.
Machine Learning Model Data: To enable the most advanced Pattern Detection features, the app includes machine learning models. We collect and process the following on-device data:
- Aggregated Data for ML: Your historical glucose data, food logs, and bolus entries are used as input for our local machine learning algorithms to generate predictive insights. This processing occurs entirely on your device, and the models are never shared or sent to our servers.
- Model Version: We track the version of the local ML model running on your device to ensure accuracy and troubleshoot performance.
Technical Error Reporting Data (User-Initiated): In the event of a critical technical failure, the app will generate a structured error report. This report only collects the following technical data if you choose to review and send the email:
- The app version and operating system version.
- A non-identifiable timestamp of the error.
- The technical stack trace and code failure details (
DomainError.technicalDetails) required for our developers to diagnose the bug. - We do not collect or send any Protected Health Information (PHI) when you report an error.
3. How and Why We Use Your Information
We use your information for the following purposes:
To Provide Core App Functionality: We use your food logs and glucose data to power the Food Impact and Pattern Detection features. This data is processed by our proprietary algorithm on-device to provide you with personalized insights into how your diet affects your blood glucose levels.
To Improve and Maintain the App: We use aggregated, de-identified usage data to understand how our app is being used. This helps us to improve features, fix bugs, and optimize the user experience.
For Communication: We use your contact information to send you essential updates about the app, such as service announcements and privacy policy changes.
4. On-Device Machine Learning and Local Processing
GluClue uses a small, proprietary Machine Learning (ML) model (approximately 60KB in size) to provide enhanced pattern detection and predictive insights.
- No Cloud Processing: All data analysis and ML inference are performed locally on your device. Your glucose readings and personal data never leave your device for this analysis.
- Size Optimization: The core application and the ML model are designed to be compact (approximately 20MB in total size), ensuring fast downloads and minimal storage requirements.
- No Model Updates: The ML model is static and is not updated remotely; it is part of the application update cycle.
5. How We Store and Protect Your Information
We are committed to the security of your data. We use industry-standard security measures to protect your information, including:
Data Encryption: All data transmitted between your device and our servers (for Dexcom sync) is encrypted using a secure protocol (e.g., SSL/TLS). Your sensitive health information is also encrypted at rest when it is stored on our servers.
Secure Storage: We store your data in a secure, encrypted database on your device. The user has the option to OPT-IN to use Google Drive to backup their own personal exported data for their own use — strictly not required.
User Authentication: We require strong password protection and other security measures to ensure that only you can access your account.
6. User-Controlled Error Email Reporting
We have implemented a feature to allow users to easily report critical technical errors directly to our development team.
- User Consent Required: This report is never sent automatically or silently. The app prepares a draft email containing only the non-PHI technical information specified in Section 2.
- Review and Send: The app then launches your device’s default email client, allowing you to review the contents of the draft email before you must explicitly press “Send” to transmit the information.
- Purpose: The sole purpose of collecting this technical stack trace is to allow us to debug and fix code errors to improve the app’s stability and reliability.
7. Disclosure of Your Information
We will not share, sell, or rent your personal health information to any third parties without your explicit consent, except in the following limited circumstances:
Third-Party Service Providers: We may share your data with third-party services that help us operate our app, such as cloud hosting providers or analytics services. These providers are bound by strict confidentiality agreements and are only given access to the information necessary to perform their services.
Legal Requirements: We may disclose your information if required to do so by law, such as in response to a court order or subpoena.
8. Your Rights and Choices
You have full control over your data within the GluClue app:
Data Access and Portability: You can view your data within the app at any time. If you wish to receive a copy of your data, you can simply export it from the app setting at any time.
Data Deletion: You have the right to delete your data at any time. If you delete your account, all of your personal and health information will be permanently removed. We do not store anything on our servers.
Account Termination: You can terminate your account at any time by uninstalling the app from your device.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last Updated” date at the top. We encourage you to review this policy periodically.
10. Contact Us
If you have any questions or concerns about this Privacy Policy, or need to report a technical issue, you can contact us at:
support@getgluclue.com