.
.
.
Blood Sugar & Diabetes Tracker Privacy Policy
1. Introduction
Data Controller
Whenever this Privacy Policy refers to “we” or “Blood Sugar & Diabetes Tracker,” it means CrossCode, located at our business email address admin@crosscode.dev CrossCode is the responsible entity and data controller under data protection regulations. In other words, we are the company that decides on the purpose and means of processing your personal data (“User Data”) and are therefore responsible for its security and compliance with applicable laws.
This Privacy Policy applies to User Data processed in connection with our products and services. As the responsible entity, we are subject to various data protection requirements, including those outlined in the General Data Protection Regulation of the European Union (“GDPR,” Regulation (EU) 2016/679). If your country of residence has additional or varying requirements, you can find information on those in section 9 of this Privacy Policy.
2. Necessary Processing of Personal Data
To provide our services, we require certain information from you. Without your consent to this necessary processing, you cannot use the features of Blood Sugar & Diabetes Tracker.
Information We Collect
To create an account and provide services, we collect the following:
Email address
Password (stored cryptographically secure)
Account ID (generated during account creation)
Registration date
Status of consents
Device ID, manufacturer, device type, operating system version
Language, country, time zone
IP address
Your email address and password are required to create and maintain an account securely. Communication regarding account-related support or troubleshooting will also occur via your email.
Additionally, we collect data about your device to troubleshoot issues and ensure compatibility with our app, including crash and bug reports.
Information Collection and Use
For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to Crash Analytics, Device id, Advertising data. The information that we request will be retained by us and used as described in this privacy policy.
The app does use third-party services that may collect information used to identify you.
Link to the privacy policy of third-party service providers used by the app
Google Play Services
AdMob
Facebook
Unity
AppLovin
Vungle
AdColony
Log Data
We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third-party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.
Login Our app offers users the ability to log in using third-party authentication providers, including Apple and Android (Google) services. When you choose to log in with either Apple or Google, we may collect and use certain data necessary for authentication purposes, in accordance with the privacy policies of these third-party providers.
Apple Login: If you log in through Apple, we may collect basic information such as your name, email address, and any other data you allow us to access through the Apple ID authentication process. We do not store your Apple account password or any sensitive data provided by Apple.
Google & Apple Login/Signup: If you log in using your Google account, we may collect basic information such as your name, email address, and profile picture (if available) through the Google authentication process. As with Apple, we do not store your Google account password or any sensitive data.
Both Apple and Google provide users with the ability to control the information they share with third-party apps during the login process. You can review and manage the data shared with our app by accessing your account settings within the respective provider’s platform.
Please be aware that each authentication provider has its own privacy practices and terms of use. We encourage you to review these policies to better understand how they handle your personal information.
3. Optional Processing of Personal Data
Beyond the necessary data, we may collect and process additional data that you voluntarily provide while using certain features of our app:
General Data
Optional data collected to address and contact you includes:
First Name
Last Name
Address
Date of Birth
Sex
Medical Master Data
Optional medical data collected to personalize your experience includes:
Diabetes Type
Diagnosis Year
Insulin Therapy Type (Pen / Pump)
Blood Glucose Target Range
Body Height
Body Weight
Blood Glucose Meter / Therapy Device
Medication Details
Commercial and Usage Data
Optional data collected to improve your app experience includes:
App Store Download Information
Purchases and Payment Methods
Support Queries
Medical Data
Optional data related to health includes:
Blood Glucose Measurements
Food Intake / Meal Details
Physical Activities
Blood Pressure
Body Weight
HbA1c
Notes and Tags
4. Processing for Product Improvement
Blood Sugar & Diabetes Tracker would also like to use the data you provide via the Blood Sugar & Diabetes Tracker products to continuously improve and innovate our portfolio by gathering insights, detecting patterns, generating real-world evidence and developing predictive algorithms from health data. Such innovations will be used for decision support with the objective to further improve medical outcomes and the quality of life of people with diabetes.
We will only use your data and any additional data, as detailed below, if you provide us with your express consent. You can give and revoke your consent for the processing for product improvement at any time, in your account settings within our apps.
Additional Data
In general, we use the same User Data to improve our products as stated in sections 2 and 3. In addition, Blood Sugar & Diabetes Tracker may also record the following User Data:
Usage Data – We record Activity Events, not necessarily related to the delivery of our services, which allow us to understand how you use our products. This enables us to assess how our products are used and to constantly improve our services.
Purpose of Product Improvement
Rapid technological advancements require us to analyze, develop, test, and improve our products constantly. Usage and security tests, along with gathered knowledge, feed into updates that improve user experience. Regular app updates ensure the content remains beneficial and effective. To achieve this, we conduct usage and security tests and the knowledge gained is incorporated into improved new versions of our products. These improvements are also provided to you via frequent app updates.
5. Processing for Marketing Purposes
5.1 Newsletter
We may send information about products, services, and updates, including surveys, promotions, or partner offerings, through newsletters. We only process personal data for this purpose with your active consent, which you can revoke anytime via the newsletter’s unsubscribe link or your account settings.
5.2 Other Marketing Efforts
We may seek your consent for surveys, notifications, or personalized offers during login. For non-customized advertisements, no personal data is processed.
6. General Information
You can manage and revoke your consents via the app’s account settings or by contacting us at admin@crosscode.dev Revoking consent will not affect the lawfulness of processing before the revocation.
6.1 Scientific research and statistics
Blood Sugar & Diabetes Tracker is committed to the science of all aspects of diabetes. Therefore, anonymous User Data may also be used for the purposes of research and statistics (always whilst complying with the recognized ethical scientific standards) and internal analyses. This is used mainly to determine and improve the effectiveness of techniques for controlling and treating diabetes. The legal basis for this is Article 9 (2) j) of the GDPR which provides for processing of Special Categories of Personal Data for scientific research and statistical purposes. We will always make sure that all User Data is properly anonymised before it is used for those purposes.
6.2 Enforcement of rights
The use of personal data may also be necessary to prevent abuse by users or to assert, exercise, or defend legal claims. We may be forced into disclosure due to binding laws, court or official decisions and instructions, criminal investigation, or in the public interest. In such cases, the storage and processing of your data is permitted by law without your consent. The legal basis for this is Article 9 (2) f) GDPR.
6.3 Compliance with medical device legislation
As the manufacturer or distributor of a medical device, we are subject to elevated requirements for monitoring the functionality of our products. This vigilance system required for regulatory purposes may also involve the processing of personal data. The legal basis for this is Article 9 (2) i) GDPR, which provides for processing necessary for reasons of public interest in the area of public health.
Purpose Limitation and Security
CrossCode exclusively processes your personal data for stated purposes, ensuring data security through robust technical and organizational measures. Our website, crosscode.dev, provides further information on how we manage data protection.
Technical and Organizational Measures
We employ:
Administrative Measures: Certified information security systems, regular training, and strict asset management.
Technical Measures: Encryption, access control, network policies, and secure backups.
Physical Measures: Secure facilities with access control.
7. Data Security
We use industry-standard security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.
7.1 Purpose limitation and security
Your personal information will only be used by Blood Sugar & Diabetes Tracker for the reasons specified in this Privacy Notice and any associated agreements. We’ll make sure that every processing is restricted to what is required for that particular purpose. We’ll always make sure your personal information is secure and confidential, which includes implementing the right organizational and technical safeguards to guard against illegal and unauthorized processing, accidental loss, accidental destruction, and damage. We continually keep up with the newest technological advancements and employ stringent internal procedures, safety measures, and encryption techniques.
7.2 Data Processors
Our products are subject to intricate processes that we must oversee and maintain current for our millions of users. Blood Sugar & Diabetes Tracker only gives user data to data processors in accordance with this privacy notice and to achieve the goals specified in it. Data processors are required to follow our guidelines and directives; they are not allowed to use our users’ personal information for their own or other reasons.
We work with data processors that provide enough assurances that appropriate organizational and technical safeguards are put in place to ensure that processing personal data conforms with our Privacy Notice and legal requirements. By entering into legally binding agreements that adhere to the stringent regulations of the GDPR, we guarantee the protection of our users’ rights.
Blood Sugar & Diabetes Tracker’s third-party suppliers are only permitted to work with other processors (subcontractors) with our prior approval. We will forbid the employment of a subcontractor if they fail to adhere to the same data protection requirements and all relevant security measures that we require of our Data Processors.
7.3 Encryption, pseudonymization, and anonymization
Every time personal data is transferred, encryption is used by default and automatically. We make sure that no unwanted third parties can intercept your data by using HTTPS (hypertext transfer protocol secure).
Additionally, we employ additional procedures for the encryption and pseudonymization of User Data in order to minimize data loss and ensure data security. This takes into consideration the most recent technological advancements and is contingent upon the kind, extent, and objective of the pertinent data processing. For instance, we only divulge or send User Data that is necessary for a Data Processor to do their duties.
At the option of Blood Sugar & Diabetes Tracker, a data processor must either return all user data or, in the absence of a contract, destroy it after a connection with the data processor ends.
Data that requires no personal reference for processing (e.g. for research and analysis) is subject to anonymization. This is done in a way that prevents a connection or attribution to a specific Data Subject in all cases.
7.4 EU and Third Countries
We primarily select Data Processors which are based in or whose servers are located in the European Union (EU) or European Economic Area (EEA).
In exceptional cases we may appoint third-party suppliers who are located in or who have servers outside the EU. However, even in these cases your personal data is subject to an equally high protection level in line with the GDPR – either through an EU adequacy decision, which considers data protection in certain third-party countries to be appropriate, or through the Standard Contractual Clauses approved by the European Commission, which the contractual relationships with our contracted Data Processors are based on, or through comparable legal instruments permitted under the GDPR. A copy of such guarantees or information on these can be requested via crosscode.dev.
Furthermore, we ensure that our Data Processors have additional security standards in place, such as individual security measures and data protection provisions or certifications under the GDPR.
7.5 Categories of Data Recipients
Our cooperation partners are bound by the agreements signed with Blood Sugar & Diabetes Tracker as well as by the GDPR and only process data according to our instructions. We provide our users’ data only to fulfill the respective contract:
Manufacturers and suppliers require personal data, such as names and addresses to handle orders for goods. A typical example is the delivery of a blood glucose meter and test strips as part of the Blood Sugar & Diabetes Tracker Bundle.
Insurance companies may exchange data with us if you buy our products as part of your health insurance (statutory or private). If applicable, this enables billing based on the tariff of your insurance company.
Accounting and payment service providers support us in the ongoing billing of our chargeable products.
Customer support services and their tools help our User Support to quickly and efficiently handle our users’ inquiries. Here, for example, queries are recorded from various communication channels and grouped according to topics using ticketing systems.
Analysis service providers and their tools help us to understand how users use our products in order for us to provide customized communication and product improvements in the future. This way we can for example avoid that a pump user with type 1 diabetes receives messages about type 2 diabetes or pens.
Marketing service providers support us in creating, sorting, customizing, and sending newsletters, emails, and other messages about our products to our users.
Hosting and cloud services and their tools are used to store data and to produce anonymized analyses (see section 7.3 above).
Certain functions within our app, such as the report generation or communication options with your healthcare professional or Blood Sugar & Diabetes Tracker coach, allow you directly share certain User Data with a third party from within our products. In this case you are deciding on your discretion which data you share with which party at what point in time. Therefore such data transfers are solely your responsibility.
7.6 Storage and deletion
Your User Data is stored on your device as well as on our servers. The server location where your User Data is being stored is determined during registration based on your Geolocation. This way we decide if your data is either stored on servers in the European Union or the USA. Regardless of the storage location we ensure that the high protection level pursuant to the GDPR is guaranteed at all times; this applies to data at rest, but also to data that is stored temporarily at a different location or is transferred for processing.
Blood Sugar & Diabetes Tracker only stores your personal data for the duration of the contract. In some cases, longer storage may be required in order to fulfil post-contractual obligations or to comply with statutory obligations or disclosure duties, or to assert, exercise, or defend legal claims. Personal data that needs to be retained for this purpose is transferred to a separate archive storage and is not used for any purpose other than the purpose of retention unless it is required by law.
Personal data recorded/stored in paper documents is destroyed by shredding those documents. Personal data stored in the form of an electronic record is deleted using a technical method which does not allow reproducing the record.
7.7 Technical and Organizational Measures
Administrative measures include asset management, a security officer, a data protection officer, an ISO/IEC 27001 certified information security management system, frequent staff training, and development principles.
Technical actions: Infrastructure and network rules and procedures, data encryption in transit and at rest, access control, backup and password policies, disaster recovery procedures, security updates and patch policies, and infrastructure monitoring
Physical actions: Control of physical access
7.8 Minors
To register for our products, you must be at least 18 years old, or the legal minimum age in your country. In compliance with the products’ intended usage, children may use the products. To administer the minor’s account in this situation, the caregiver must register for our products (see section 3.2.4 of our General Terms and Conditions). This also holds true for the processing of such personal data, which is only permitted if and to the degree that the parent or guardian has received and used their consent. Otherwise, it is forbidden to use our items.
7.9 Data protection officer
Any inquiries you may have about how your user data is processed and data security at Blood Sugar & Diabetes Tracker can be directed to our Data Protection Officer. Our Data Protection Officer can be reached at crosscode.dev. Our Data Protection Officer oversees adherence to all data protection laws and is bound by the legal requirements for confidentiality and secrecy.
Our data protection officer is heavily involved in every aspect of safeguarding our users’ personal information. To guarantee the greatest possible protection of your user data, our Data Protection Officer, a qualified specialist, keeps a close eye on our processing and frequently updates and counsels the entire Blood Sugar & Diabetes Tracker team.
7.10 Changes
Our services’ technology and procedures, along with data privacy laws, are always evolving. As a result, we will occasionally need to make adjustments to our offerings. Any modifications to this Privacy Notice will be communicated to you in a timely manner and through the proper channels. If required, we will obtain your consent again before processing your personal information.
8. Your Rights
Blood Sugar & Diabetes Tracker wants to make sure you understand all of your rights regarding data privacy. Please get in touch with us at crosscode.dev if you would like to exercise any of your rights.
Generally speaking, if you submit a request to Blood Sugar & Diabetes Tracker, we will respond as soon as we can, ideally within a month, or sooner if your country’s local data protection laws demand it. Section 9 of this Privacy Notice contains more details on certain local provisions.
Each user has the following rights:
8.1 The Right to Access
You are entitled to a copy of your personal data and all information on how your personal data is processed. This contains details on your personal data’s origin, data and recipient categories, processing purposes, storage duration, and your rights under data protection laws. All of this information is available in our Privacy Notice, and you can reach us at crosscode.dev.
8.2 The Right to Restitution
You are entitled to ask Blood Sugar & Diabetes Tracker to update any data you think is incorrect. Additionally, you have the option to ask Blood Sugar & Diabetes Tracker to fill in any information you feel is lacking. You can update or complete the majority of your personal information on our apps.
8.3 The Erasure Right
You can ask Blood Sugar & Diabetes Tracker to remove your personal information. Please be advised, though, that in order to fulfill our legal requirements, we may need to keep some personal information even after you have asked for its deletion.
8.4 The Authority to Limit Processing
In some situations, such as during the course of a requested investigation review, you have the right to ask Blood Sugar & Diabetes Tracker to limit the processing of your personal data.
8.5 The Ability to Challenge Processing
In some situations, you have the right to object to how Blood Sugar & Diabetes Tracker processes your personal information.
You have the right to withdraw your permission at any moment if we treat your personal data with it. Removing your consent, however, won’t change whether the processing was legal prior to the revocation. If our services are not dependent on the revoked consent, we will keep offering them.
8.6 The Right to Transferable Data
If it is technically possible, you have the option to ask Blood Sugar & Diabetes Tracker to send the information we have gathered to another organization or to you directly in an electronically readable format.
8.7 Grievances
Please contact us at any time at admin@crosscode.dev or get in touch with our data protection officer directly at crosscode.dev if you believe we are not sufficiently respecting your data protection rights. We’ll take care of your request right away.
Additionally, you have the option to file a complaint against Blood Sugar & Diabetes Tracker with the appropriate Data Protection Authority. Additionally, you have the right to file a complaint with a supervisory authority in the EU member state where you live, work, or where you believe there has been a suspected violation.
9. COUNTRY SPECIFIC PROVISIONS
9.1 Germany
Some of Blood Sugar & Diabetes Tracker’s services and products might be covered by statutory health programs, such as Germany’s Digital Healthcare Act (“Digital Healthcare Application”). The processing of such user data from digital healthcare applications will adhere to all legal standards, which are detailed in this section.
Digital healthcare applications’ user data won’t be utilized for marketing or product enhancement. Regarding the legal justification for data processing under statute law, section 6.3 states that user data from digital healthcare applications will only be used for patient safety purposes (incident reporting to BfArM).
9.2 USA
Details about the Patient
The relevant service agreement and a Business Associate Agreement signed by you and Blood Sugar & Diabetes Tracker will govern any use or disclosure of protected health information by Blood Sugar & Diabetes Tracker or any subcontractor in compliance with HIPAA.
Your Rights in the Event That California Law Applies to Your Data
The California Supplemental Privacy Notice outlines the rights covered if you are a California resident as defined by the California Consumer Privacy Act (CCPA). Information about how to get in touch with Blood Sugar & Diabetes Tracker to exercise any of your legal rights is included in that privacy notice.
Minors
We are dedicated to safeguarding children’s privacy. As a result, we do not knowingly gather information from users younger than 13 in relation to our general-purpose website(s), application(s), or other services. Please email us at crosscode.dev to request the deletion of any information supplied by a kid under the age of 13 if you are the child’s parent or legal guardian.
Contact Us
If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at: Email: admin@crosscode.dev