Privacy Policy

Last updated: February 2026

🔒 Your health data is yours. We never sell it, we never share it without your explicit consent, and you can delete it all at any time.

Introduction

Glucoscape ("we", "our", "us") is operated by Sett & Stone Ltd. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and website.

Information We Collect

Data you provide

Account credentials (via Sign in with Apple or Google — we never see your password)
Display name (optional)
Nightscout URL and API credentials (if using Nightscout as data source)

Data we access from your CGM

Glucose readings (via Dexcom API or Nightscout)
Insulin delivery data (if available via Nightscout)
Carbohydrate entries (if available via Nightscout)

Automatically collected

Anonymised app usage analytics (via PostHog, EU-hosted)
Crash reports
Device type and iOS version

We do NOT collect: your real name, address, precise location, contacts, or any data unrelated to the app's purpose.

How We Use Your Data

To display and visualise your glucose data
To generate AI-powered educational insights about your patterns
To calculate time-in-range and other statistics
To enable sharing with your care team (only if you choose to)
To improve the app (using anonymised, aggregated data only)

Data Storage & Security

All data is encrypted in transit (TLS 1.3) and at rest
We use Cloudflare infrastructure (EU available)
Authentication tokens are stored securely in your device's Keychain
We retain your data for as long as your account is active
You can delete your account and all associated data at any time

Third-Party Services

Dexcom API — If you connect Dexcom, we access your glucose data via their official developer API. See Dexcom's privacy policy.
PostHog — Anonymised usage analytics, EU-hosted. See PostHog's privacy policy.
Apple App Store — For payments and subscriptions.

Care Team Sharing

If you invite a healthcare provider to view your insights:

They see only AI-generated insights and aggregated statistics
They do NOT see raw CGM data or device settings
You can revoke access at any time
We do not independently verify that invitees are healthcare providers

Your Rights

Under GDPR and UK data protection law, you have the right to:

Access your personal data
Correct inaccurate data
Delete your account and all data
Export your data in a portable format
Withdraw consent for data processing
Lodge a complaint with the ICO (UK) or relevant supervisory authority

Children's Privacy

Glucoscape is intended for users aged 16 and over. For users under 16, a parent or guardian should create and manage the account.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. The "last updated" date at the top of this page will always reflect the current version.

Contact Us

For privacy questions or to exercise your rights:

Email: privacy@glucoscape.app
Website: glucoscape.app