Privacy Policy

1) Who we are & how to contact us

GlucoPal is a GLP‑1 tracking app by The Manhattan App Studio LLC ("we", "our", "us"), a New York limited liability company.

• Email (privacy & requests): [email protected]
• Data Controller: The Manhattan App Studio LLC (New York, USA)
• Intended users: Age 16+. GlucoPal is not intended for children.

2) Scope of this policy

This policy covers our iOS mobile app and any marketing website we operate. It explains what we collect, how we use and share it, your choices and rights, and how to contact us.

3) What we collect

A. Health & wellness data

If you choose to log them, GlucoPal saves the following data on your device and syncs it to your personal iCloud account via Apple CloudKit:

• Medication: GLP‑1 type, dosage, frequency, injection‑related notes you add
• Symptoms & notes: side effects, well‑being notes
• Weight & goals: current, target, trends/graphs
• Daily nutrition: e.g., calories, protein, water
• Progress Photos: e.g., progress/timeline photos (never sent to analytics)

Your data is stored on your device and synced to your personal iCloud account via Apple CloudKit. We do not operate the sync infrastructure and do not have access to your synced data. During setup, you consent to Cloud Sync as part of using GlucoPal.

B. Apple Health (HealthKit) (optional, opt‑in)

With your permission, GlucoPal can read/import certain data (e.g., weight or activity) from Apple Health to make tracking easier.

• We do not use Apple Health data for advertising or sell it.
• We do not share Apple Health data with advertising platforms.
• You can manage permissions anytime in iOS Settings → Health → Data Access & Devices.

C. Non‑health technical & usage data

To operate and improve GlucoPal, we may collect non‑health technical information and usage telemetry, such as:

• App version, device model, OS version, language, time zone
• App stability data (e.g., Crashlytics) and performance metrics
• Pseudonymous analytics/attribution identifiers (e.g., IDFV or SDK‑scoped IDs)
• Paywall interactions and subscription status (no health content)

D. Health analytics (strictly for product improvement)

With your permission and only to improve app features and reliability, GlucoPal may transmit a limited subset of the health data you enter (e.g., that a dose was logged, dose amount ranges, weight entries, symptom categories) to product analytics and diagnostics tools.

• Never photos. We never transmit your photos to analytics.
• Never for ads. We do not use health data for advertising or share it with ad platforms.
• Minimization. We send only what's necessary for measuring feature adoption, usability, and quality.
• Masking. We configure session/experience tools to mask/redact fields likely to contain free‑text health content whenever possible.

Important for Apple Health data: HealthKit‑sourced data is not used for advertising and is not shared with ad platforms. Where Apple policies require, we do not include HealthKit‑sourced data in analytics beyond what App Store rules permit.

E. Purchase data

We process in‑app purchases and entitlements via:

• RevenueCat (purchase validation, subscription status)
• SuperWall (purchase validation, subscription status)
• Apple App Store (platform billing)

We do not receive your full payment card details.

F. Marketing website (if/when you visit)

We may use basic analytics to understand aggregate traffic (pages visited, referrers). We do not collect your app health entries on our website.

G. Data we do not collect

• No names, emails, postal addresses, phone numbers
• No precise GPS location, contacts, or calendars
• No progress photos are shared with third parties

4) How we collect data

• You enter it (manual logging in the app)
• Apple Health (if you opt in and grant permission)
• Automatic telemetry (crash logs, performance, pseudonymous analytics IDs)
• Purchases (entitlement state via RevenueCat/SuperWall/App Store)
• Attribution (install/conversion signals from AppsFlyer; see §7)
• Cloud Sync (your data is synced to your personal iCloud account via Apple CloudKit)

5) How we use data (purposes)

• Provide core features (logging, reminders, charts, cross‑device sync, estimated medication levels)
• Product improvement (feature adoption, usability, stability, diagnostics)
• Security & integrity (fraud prevention, abuse detection, troubleshooting)
• Purchases & subscriptions (entitlements, receipts, refunds)
• Compliance (legal obligations, audits, responding to lawful requests)

We do not use your health data for cross‑context behavioral advertising and do not sell personal or health data.

6) Legal bases (GDPR/UK GDPR/EEA)

• Consent: collection/processing of consumer health data and any HealthKit data; Cloud Sync to your iCloud account; analytics involving health data; optional notifications.
• Legitimate interests/Contract: app operation, security, crash reporting, purchases, non‑health analytics strictly necessary for functionality.
• Compliance with law: responding to lawful requests, audits, accounting.

You may withdraw consent at any time (see §13). Where required (e.g., Washington/Nevada), we seek affirmative consent before collecting or sharing consumer health data beyond your device.

7) Sharing & processors (who we work with)

We share data only with service providers (processors) that help us run GlucoPal—under contracts that limit use to our instructions. We do not sell data.

Key vendors & what they receive

Progress photos are never shared with third parties. Only photos used for nutritional analysis of meals are shared with our AI image‑analysis provider.

We do not share consumer health data with advertising platforms and we do not use health data for targeted advertising. We may disclose information if required by law, to protect rights/safety, or during a corporate transaction (with notice and appropriate safeguards).

8) Advertising & attribution

We advertise on platforms such as Apple Search Ads, TikTok, and Facebook. We may receive aggregated campaign‑level reports and use AppsFlyer for install attribution.

• We do not send your in‑app health entries or photos to ad platforms.
• We do not use consumer health data for targeted ads.

9) Data location, storage & backups

• Your logs, photos and health entries: stored on your device and synced to your personal iCloud account via Apple CloudKit. Apple encrypts CloudKit data in transit and at rest. We do not operate these servers or have access to your synced data.
• Vendor systems: telemetry, analytics (including limited health analytics), paywall, and attribution data are stored by our processors in their secure cloud environments (commonly US/EU). All data in transit uses TLS/HTTPS; vendors encrypt data at rest per their standards.

10) Retention

• On‑device data: kept until you delete it or uninstall the app.
• Cloud Sync data: stored in your iCloud account for as long as the app is installed. You can delete synced data by uninstalling the app or managing your iCloud storage through Apple.
• Vendor analytics/telemetry: retained per vendor defaults and our settings (commonly 90 days to 26 months).
• Purchases/entitlements: retained as necessary for accounting, fraud prevention, and legal compliance.

When we no longer need data, we instruct vendors to delete or de‑identify it.

11) Security

We apply technical and organizational measures to protect data:

• Encryption in transit (HTTPS/TLS)
• Vendor encryption at rest
• Cloud Sync uses Apple CloudKit with encryption in transit and at rest, managed by Apple's infrastructure
• Access controls and data minimization (e.g., progress photos are never shared with third parties; meal photos are transmitted to our AI image‑analysis provider; masking/redaction where supported)

No method is 100% secure. If a security incident impacts your information, we'll follow applicable notification laws.

12) Children

GlucoPal is intended for individuals 16 years and older. We do not knowingly collect data from children under 16. If you believe a child has used GlucoPal, contact [email protected] so we can assist.

13) Your privacy rights & choices

Depending on your location (e.g., GDPR/UK GDPR, California CPRA, and other U.S. state laws), you may have the right to:

• Access the data we hold about you with our vendors
• Export/Port data in a machine‑readable format
• Correct inaccurate data (where applicable)
• Delete data (including instructing our vendors to delete)
• Withdraw consent (for health analytics and any optional processing)
• Object/Restrict certain processing

Exercising your rights

• Local app data (on device): remove entries, clear app data (if available), or uninstall the app.
• Cloud Sync data: manage or delete synced data through your iCloud account settings or by uninstalling the app.
• Vendor data (analytics/telemetry/purchases): email [email protected].

Because we don't have accounts or emails, we may ask for device details (e.g., app version, device model) and allow you to share SDK identifiers (e.g., an in‑app "Analytics ID" if/when exposed) so we can locate records with processors. We'll verify requests and respond within the timelines required by law (generally 30–45 days, with possible extension where permitted).

Withdrawing consent for health analytics will stop future health analytics events and we'll instruct processors to delete existing records to the extent feasible.

14) U.S. state privacy notices (summary)

California (CPRA)

• We do not sell or share personal information for cross‑context behavioral advertising.
• We process Sensitive Personal Information (health data) only for the purposes described above (providing the service, product improvement with consent, security/compliance).
• You can exercise rights listed in §13.

Colorado / Connecticut / Virginia / Utah (and similar)

We honor applicable state privacy rights as described in §13.

15) Consumer Health Data Addendum (Washington & Nevada)

This Addendum supplements the policy to comply with Washington's My Health My Data Act (MHMDA) and Nevada's Consumer Health Data Privacy Law.

What is "consumer health data"?

Any personal data linked or reasonably linkable to you that identifies your health status—e.g., your medication logs, dosage values, symptoms, weight, and nutrition entries.

Collection & purposes

We collect consumer health data to:

• Provide you with GlucoPal's core functionality, including syncing your data across your Apple devices via Cloud Sync
• Maintain and secure the app (e.g., crash reporting)
• Improve product features and reliability via limited health analytics (never progress photos; never for ads)
• Comply with legal obligations

Consent

We request your affirmative consent during setup before collecting or sharing consumer health data outside your device (e.g., syncing your data to your iCloud account via Cloud Sync, sending limited health analytics to service providers). You may withdraw consent at any time (see §13).

Sharing

We do not sell consumer health data. We share consumer health data only with processors that support the purposes above (see §7) and only under contracts requiring confidentiality and security.

Geofencing

We do not use geofencing to target locations providing health services.

Access, deletion, and appeals

You may request access to or deletion of your consumer health data (§13). If we deny your request, you may appeal by replying to our decision. We will respond with our reasoning and further options, including how to contact your state Attorney General.

16) International transfers

Some processors may store or process data outside your state/country. Where required (e.g., EEA/UK), we rely on Standard Contractual Clauses or comparable safeguards.

17) Changes to this policy

We reserve the right to change and reissue this Privacy Policy at any time by posting an updated version on our website. If we make material changes in the way we collect, use, or disclose your data, we will provide you reasonable advanced notice of the changes before they take effect for you. If we have an existing relationship with you we may provide you notice through our mobile app or directly using the contact information you have provided to us. If we do not have an existing relationship with you (for instance, if you only visit our website), any notice we provide will be posted to our website. If you continue using the services after those changes are in effect, our processing of your data will be subject to the new Privacy Policy. We encourage you to regularly review this Privacy Policy to ensure that you remain aware of what data we collect, how we use and otherwise process it, under what circumstances we will disclose it to third parties, and your privacy rights and choices.

18) Contact us

Questions, requests, or appeals: [email protected]

19) Glossary (helpful definitions)

• Consumer health data: Health‑related personal data covered by laws like WA MHMDA and Nevada's CHD law.
• Health data analytics: Limited health data (never progress photos) used in product analytics/diagnostics to improve features and reliability—not for ads.
• Progress photos: Body/timeline photos you store in the app. These are never shared with third parties.
• Meal photos: Food/food label images you choose to upload for AI calorie estimation. These are sent to our AI image‑analysis vendor solely to return a result; the photos are not sent to analytics or ad platforms.
• Processor/Service provider: A vendor that handles data on our behalf under contractual limits (e.g., RevenueCat, Firebase).
• Sell/Sale: Exchange of personal data for monetary or other valuable consideration (we do not sell).
• Share (CPRA): Disclosure for cross‑context behavioral advertising (we do not share for ads).
• Pseudonymous ID: An identifier that doesn't directly reveal your identity (we don't collect names/emails).
• Cloud Sync: GlucoPal syncs your data to your personal iCloud account via Apple CloudKit, allowing access across your Apple devices. We do not operate the sync infrastructure or have access to your synced data.