Privacy Policy

Last Updated: June 17, 2026

GlucoSpike AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights over it. It applies to our mobile application and website (the "Services").


1. Who We Are

GlucoSpike AI is a wellness app that helps users understand the blood glucose impact of their meals. Users photograph food, and the app uses AI to estimate how that meal may affect blood sugar, expressed as a GlucoScore (1–10 scale). The app also includes a barcode product scanner for evaluating packaged foods.

The app is not a medical device. It does not diagnose, treat, or monitor any medical condition. GlucoScores are wellness estimates, not clinical measurements.


2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication and communications
  • Display name (optional)
  • Firebase UID — an anonymous internal identifier generated by Firebase Authentication

You may sign in using Email/Password, Google Sign-In, or Apple Sign-In. When using Google or Apple, we receive the email address and name associated with that account (Apple may provide a masked email).

2.2 Onboarding Quiz (Behavioral & Lifestyle Data)

During setup, we optionally collect lifestyle and behavioral information through a short quiz. All fields are optional. We do not collect any diagnosed medical conditions, clinical measurements, medications, or biometric data.

  • When you typically experience energy crashes
  • How often you experience food cravings
  • Self-reported foods that trigger cravings
  • Self-reported energy/focus symptoms (e.g., afternoon slump, brain fog)
  • Typical eating schedule (e.g., 3 meals, intermittent fasting)
  • General activity level (sedentary, moderate, active)
  • Daily carb target (user-set, in grams)

2.3 Meal Log Data

Each time you log a meal, we collect and store:

  • AI-generated meal name, GlucoScore, nutritional estimates (calories, carbs, protein, fat, fiber), and ingredient list. For unpackaged meals, nutrition figures are AI estimates; for packaged products scanned by barcode, nutrition data is sourced from the Open Food Facts database.
  • AI-generated insights, suggested post-meal walk duration, and Q&A content
  • Whether you completed the suggested post-meal walk
  • Timestamp of the meal log
  • The meal photo (stored in Firebase Storage)

2.4 App Preferences

  • Push notification preferences (on/off)
  • Theme preference (light/dark/system)
  • Trial start date

These are stored on your device and in Firebase Firestore.

2.5 Coach Personalization Data

Optionally, you can personalize your AI coach by providing:

  • Personal context — a free-text field where you may type anything to tailor coaching, such as dietary preferences, lifestyle notes, or health conditions you choose to share (e.g., "vegetarian, budget-conscious" or "type 2 diabetes, high blood pressure"). An in-app notice beside this field explains that anything you enter will be sent to the AI and that you should share only what you are comfortable with — this notice establishes your explicit consent for any health information you voluntarily enter.
  • Goals — a multi-select list of predefined wellness goals (e.g., "Lower blood sugar", "Increase protein")

Both are optional, editable, and deletable at any time in Settings. They are sent to Google Gemini for meal analysis, swap suggestions, daily coaching, and coach Q&A. They are stored in Firebase Firestore under your UID.

2.6 AI Coach Chat

The in-app AI coach lets you ask questions about your meals and health habits. When you use the coach:

  • A summary of your meals logged that day (meal names and GlucoScores) is sent to Google Gemini to generate a coaching response
  • Free-text questions you type into the coach are sent to Google Gemini

Coaching responses are generated on demand and are not stored as a persistent chat transcript.

2.7 Barcode / Product Scan Data

When you scan a product barcode, we look up product information from the Open Food Facts database. Barcode scan results are processed ephemerally and are not saved to your account. No personal data is sent to Open Food Facts — only the barcode number.

2.8 Analytics & Crash Data

We use Firebase Analytics to understand how the app is used (e.g., which features are tapped, screen views) and Firebase Crashlytics to detect and fix crashes. These tools collect anonymized usage events linked to your Firebase UID, along with device information and crash stack traces.


3. Information We Do Not Collect via Structured Fields

GlucoSpike AI does not require, request via structured fields, or systematically collect:

  • Diagnosed medical conditions (e.g., diabetes, PCOS, thyroid conditions)
  • Medications or prescription drug use
  • Clinical health metrics (e.g., HbA1c, CGM readings, blood glucose measurements)
  • Biometric data (weight, BMI, body measurements)

Exception — Coach Personal Context field (§2.5): Because this optional free-text field accepts arbitrary input, you may voluntarily enter information that falls into the above categories, including data that could qualify as GDPR Article 9 special category data. This is entirely optional, user-controlled, and deletable at any time. It is processed only on the basis of your explicit consent, established by the in-app disclosure notice shown beside the field. The app never derives, infers, or requires such data — it only stores what you choose to type.


4. How We Use Your Data

  • To provide the Services: generating GlucoScores, meal insights, and product scan results
  • To personalize your experience: using your behavioral quiz answers to provide context-aware AI analysis
  • To send notifications: daily reminders, weekly reports, and trial expiration alerts (if enabled)
  • To manage subscriptions: syncing entitlement status across devices via RevenueCat
  • To improve the app: anonymized analytics to understand feature usage and fix bugs
  • To communicate with you: the optional "Beat the Spike" newsletter (only if you opt in)

5. AI Processing — How Your Data Is Used by AI

GlucoSpike AI uses Google's Gemini API for the following features:

  • Meal analysis: Your meal photo (compressed image) and behavioral quiz answers (crash timing, cravings, symptoms, meal timing, activity level, carb target) are sent to Gemini. If you have set coach personalization inputs (§2.5), your personal context and goals are also included to tailor the analysis.
  • AI Coach: Your daily meal summary (meal names and GlucoScores) and questions you type into the coach are sent to Gemini. Coach personalization inputs (§2.5), if set, are included in these requests as well.
  • Product barcode scans: Product name, brand, nutrition facts per 100g, and ingredients text (all sourced from Open Food Facts) are sent to Gemini. No personal data is included.

What is NOT sent to the AI: Your name, email address, or any directly identifying information. Medical conditions, diagnoses, medications, or clinical data are not collected by the app through structured fields, and therefore never reach the AI — except for anything you voluntarily type into the optional personal context field (see §2.5).

Data retention by Google: As of the date of this policy, Google's Gemini API does not use API inputs to train its models by default under enterprise API terms. This is subject to change per Google's policies. We recommend reviewing Google's Gemini API terms for the most current information.

You are interacting with an AI system each time you receive a GlucoScore, product scan result, or coaching response. For more details, see our AI & Ethical Use Policy.


6. Third-Party Services & Data Sharing

We share data only with the following service providers, solely to operate the app:

Service Provider Purpose Data Shared
Firebase Authentication Google LLC User sign-in Email, display name, Firebase UID
Firebase Firestore Google LLC Meal history, preferences Meal data, quiz answers, preferences
Firebase Storage Google LLC Meal photo storage Meal photos
Firebase Analytics Google LLC Usage analytics (anonymous) App events, Firebase UID
Firebase Crashlytics Google LLC Crash reporting Crash traces, device info, Firebase UID
Firebase Cloud Messaging Google LLC Push notifications Device push token
Gemini API Google LLC AI meal & product analysis Meal photos, behavioral quiz answers, product nutrition text
RevenueCat RevenueCat Inc. Subscription management Firebase UID, purchase receipts
Open Food Facts Open Food Facts (nonprofit) Barcode product lookup Barcode number only (no user data)
Buttondown Buttondown LLC Newsletter (optional opt-in) Email address (only if you opt in)
Google Sign-In Google LLC OAuth authentication Google account email, name, profile photo
Apple Sign-In Apple Inc. OAuth authentication Apple ID email (may be masked), name

We do not sell your personal data to any third party.


7. Data Storage & Security

Your data is stored in Firebase Firestore and Firebase Storage (Google LLC), encrypted at rest. Meal photos are linked to your account and stored until you delete your account. App preferences are also stored locally on your device using secure local storage.


8. Notifications

We send the following types of notifications:

  • Local (on-device): Daily meal reminder at 8:00 PM (skipped if you've already logged today), weekly report reminder every Sunday at 10:00 AM, and trial expiration alerts on days 3 and 6 of your trial
  • Remote push (via Firebase Cloud Messaging): May be used for server-initiated messages

Notification permission is requested at app launch and can be disabled at any time in your device's Settings.


9. Subscriptions & Payments

Payments are processed by Apple (App Store) or Google (Play Store). GlucoSpike AI never receives or stores payment card data. Subscription entitlement is synced across your devices via RevenueCat using your Firebase UID.


10. Data Deletion & Your Rights

10.1 Account Deletion

You can delete your account at any time via Settings → Account → Delete Account within the app. Deleting your account removes your Firebase Authentication record, all Firestore documents associated with your UID, all meal photos in Firebase Storage, and clears local device storage. This action is permanent and cannot be undone.

10.2 Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to correction: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data (account deletion within the app fulfills this for most data)
  • Right to object: Object to processing based on legitimate interests
  • Right to data portability (GDPR Art. 20): Not currently available as a self-serve feature — contact us at support@glucospike.ai

To exercise any of these rights, contact us at support@glucospike.ai.


11. Regulatory Compliance

GDPR (EU Users)

Legal basis: Processing is necessary for performance of the contract (providing app functionality) and our legitimate interests (analytics, crash reporting). The app does not collect medical conditions, biometrics, or clinical health data through structured fields. Where a user voluntarily enters health information into the optional personal context field (§2.5), that processing is based on the user's explicit consent (GDPR Article 6(1)(a) and, where applicable, Article 9(2)(a)), established via the in-app disclosure notice beside the field.

International transfers: Your data is processed by Google (US-based) and RevenueCat (US-based), covered under their Standard Contractual Clauses. Data Processing Agreements (DPAs) are in place with Google, RevenueCat, and Buttondown.

CCPA / US State Privacy Laws

We do not collect sensitive personal information as defined under CCPA (no medical conditions, no biometrics). We do not sell personal data. California residents may contact us at support@glucospike.ai to exercise rights under CCPA.

COPPA

GlucoSpike AI is intended for adults 18 and older. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us immediately at support@glucospike.ai.

EU AI Act

GlucoSpike AI's use of AI for food wellness estimates is classified as minimal to limited risk under the EU AI Act. We are committed to transparency about AI interactions — users are informed when AI-generated results are provided. See our AI & Ethical Use Policy for full details.


12. Changes to This Policy

We may update this Privacy Policy as our practices change. We will notify users of material changes. Continued use of the app after changes constitutes acceptance of the updated policy. The "Last Updated" date at the top reflects the most recent revision.


13. Contact Us

For any privacy-related questions, requests, or concerns:

Email: support@glucospike.ai