GlucoSpike AI Privacy Policy
Last Updated: May 26, 2026
GlucoSpike AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights over it. It applies to our mobile application and website (the "Services").
1. Who We Are
GlucoSpike AI is a wellness app that helps users understand the blood glucose impact of their meals. Users photograph food, and the app uses AI to estimate how that meal may affect blood sugar, expressed as a GlucoScore (1โ10 scale). The app also includes a barcode product scanner for evaluating packaged foods.
The app is not a medical device. It does not diagnose, treat, or monitor any medical condition. GlucoScores are wellness estimates, not clinical measurements.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address โ used for authentication and communications
- Display name (optional)
- Firebase UID โ an anonymous internal identifier generated by Firebase Authentication
You may sign in using Email/Password, Google Sign-In, or Apple Sign-In. When using Google or Apple, we receive the email address and name associated with that account (Apple may provide a masked email).
2.2 Onboarding Quiz (Behavioral & Lifestyle Data)
During setup, we optionally collect lifestyle and behavioral information through a short quiz. All fields are optional. We do not collect any diagnosed medical conditions, clinical measurements, medications, or biometric data.
- When you typically experience energy crashes
- How often you experience food cravings
- Self-reported foods that trigger cravings
- Self-reported energy/focus symptoms (e.g., afternoon slump, brain fog)
- Typical eating schedule (e.g., 3 meals, intermittent fasting)
- General activity level (sedentary, moderate, active)
- Daily carb target (user-set, in grams)
2.3 Meal Log Data
Each time you log a meal, we collect and store:
- AI-generated meal name, GlucoScore, nutritional estimates (calories, carbs, protein, fat, fiber), and ingredient list. For unpackaged meals, nutrition figures are AI estimates; for packaged products scanned by barcode, nutrition data is sourced from the Open Food Facts database.
- AI-generated insights, suggested post-meal walk duration, and Q&A content
- Whether you completed the suggested post-meal walk
- Timestamp of the meal log
- The meal photo (stored in Firebase Storage)
2.4 App Preferences
- Push notification preferences (on/off)
- Theme preference (light/dark/system)
- Trial start date
These are stored on your device and in Firebase Firestore.
2.5 Barcode / Product Scan Data
When you scan a product barcode, we look up product information from the Open Food Facts database. Barcode scan results are processed ephemerally and are not saved to your account. No personal data is sent to Open Food Facts โ only the barcode number.
2.6 Analytics & Crash Data
We use Firebase Analytics to understand how the app is used (e.g., which features are tapped, screen views) and Firebase Crashlytics to detect and fix crashes. These tools collect anonymized usage events linked to your Firebase UID, along with device information and crash stack traces.
3. Information We Do Not Collect
The following categories are explicitly not collected, stored, or processed by GlucoSpike AI:
- Diagnosed medical conditions (e.g., diabetes, PCOS, thyroid conditions)
- Medications or prescription drug use
- Clinical health metrics (e.g., HbA1c, CGM readings, blood glucose measurements)
- Biometric data (weight, BMI, body measurements)
- Special category health data as defined under GDPR Article 9
4. How We Use Your Data
- To provide the Services: generating GlucoScores, meal insights, and product scan results
- To personalize your experience: using your behavioral quiz answers to provide context-aware AI analysis
- To send notifications: daily reminders, weekly reports, and trial expiration alerts (if enabled)
- To manage subscriptions: syncing entitlement status across devices via RevenueCat
- To improve the app: anonymized analytics to understand feature usage and fix bugs
- To communicate with you: the optional "Beat the Spike" newsletter (only if you opt in)
5. AI Processing โ How Your Data Is Used by AI
When you log a meal, the following data is transmitted to Google's Gemini API for AI analysis:
- Your meal photo (compressed image)
- Your behavioral quiz answers (crash timing, cravings, symptoms, meal timing, activity level, carb target)
What is NOT sent to the AI: Any medical conditions, diagnoses, medications, or clinical data.
For product scans, the following is sent to Gemini: product name, brand, nutrition facts, and ingredients (all sourced from Open Food Facts โ no personal data is included).
Data retention by Google: As of the date of this policy, Google's Gemini API does not use API inputs to train its models by default under enterprise API terms. This is subject to change per Google's policies. We recommend reviewing Google's Gemini API terms for the most current information.
You are interacting with an AI system each time you receive a GlucoScore or product scan result. For more details, see our AI & Ethical Use Policy.
6. Third-Party Services & Data Sharing
We share data only with the following service providers, solely to operate the app:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Firebase Authentication | Google LLC | User sign-in | Email, display name, Firebase UID |
| Firebase Firestore | Google LLC | Meal history, preferences | Meal data, quiz answers, preferences |
| Firebase Storage | Google LLC | Meal photo storage | Meal photos |
| Firebase Analytics | Google LLC | Usage analytics (anonymous) | App events, Firebase UID |
| Firebase Crashlytics | Google LLC | Crash reporting | Crash traces, device info, Firebase UID |
| Firebase Cloud Messaging | Google LLC | Push notifications | Device push token |
| Gemini API | Google LLC | AI meal & product analysis | Meal photos, behavioral quiz answers, product nutrition text |
| RevenueCat | RevenueCat Inc. | Subscription management | Firebase UID, purchase receipts |
| Open Food Facts | Open Food Facts (nonprofit) | Barcode product lookup | Barcode number only (no user data) |
| Buttondown | Buttondown LLC | Newsletter (optional opt-in) | Email address (only if you opt in) |
| Google Sign-In | Google LLC | OAuth authentication | Google account email, name, profile photo |
| Apple Sign-In | Apple Inc. | OAuth authentication | Apple ID email (may be masked), name |
We do not sell your personal data to any third party.
7. Data Storage & Security
Your data is stored in Firebase Firestore and Firebase Storage (Google LLC), encrypted at rest. Meal photos are linked to your account and stored until you delete your account. App preferences are also stored locally on your device using secure local storage.
8. Notifications
We send the following types of notifications:
- Local (on-device): Daily meal reminder at 8:00 PM (skipped if you've already logged today), weekly report reminder every Sunday at 10:00 AM, and trial expiration alerts on days 3 and 6 of your trial
- Remote push (via Firebase Cloud Messaging): May be used for server-initiated messages
Notification permission is requested at app launch and can be disabled at any time in your device's Settings.
9. Subscriptions & Payments
Payments are processed by Apple (App Store) or Google (Play Store). GlucoSpike AI never receives or stores payment card data. Subscription entitlement is synced across your devices via RevenueCat using your Firebase UID.
10. Data Deletion & Your Rights
10.1 Account Deletion
You can delete your account at any time via Settings โ Account โ Delete Account within the app. Deleting your account removes your Firebase Authentication record, all Firestore documents associated with your UID, all meal photos in Firebase Storage, and clears local device storage. This action is permanent and cannot be undone.
10.2 Your Rights
Depending on your jurisdiction, you may have the following rights:
- Right to access: Request a copy of the personal data we hold about you
- Right to correction: Request correction of inaccurate data
- Right to erasure: Request deletion of your data (account deletion within the app fulfills this for most data)
- Right to object: Object to processing based on legitimate interests
- Right to data portability (GDPR Art. 20): Not currently available as a self-serve feature โ contact us at support@glucospike.ai
To exercise any of these rights, contact us at support@glucospike.ai.
11. Regulatory Compliance
GDPR (EU Users)
Legal basis: Processing is necessary for performance of the contract (providing app functionality) and our legitimate interests (analytics, crash reporting). We do not process special category data under Article 9 โ no medical conditions, biometrics, or clinical health data are collected.
International transfers: Your data is processed by Google (US-based) and RevenueCat (US-based), covered under their Standard Contractual Clauses. Data Processing Agreements (DPAs) are in place with Google, RevenueCat, and Buttondown.
CCPA / US State Privacy Laws
We do not collect sensitive personal information as defined under CCPA (no medical conditions, no biometrics). We do not sell personal data. California residents may contact us at support@glucospike.ai to exercise rights under CCPA.
COPPA
GlucoSpike AI is intended for adults 18 and older. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us immediately at support@glucospike.ai.
EU AI Act
GlucoSpike AI's use of AI for food wellness estimates is classified as minimal to limited risk under the EU AI Act. We are committed to transparency about AI interactions โ users are informed when AI-generated results are provided. See our AI & Ethical Use Policy for full details.
12. Changes to This Policy
We may update this Privacy Policy as our practices change. We will notify users of material changes. Continued use of the app after changes constitutes acceptance of the updated policy. The "Last Updated" date at the top reflects the most recent revision.
13. Contact Us
For any privacy-related questions, requests, or concerns:
Email: support@glucospike.ai