Privacy Policy

Last Updated: [INSERT DATE]

Welcome to Bazu ("we," "our," or "us"). This Privacy Policy explains how Bazu Technologies, LLC collects, uses, shares, and protects your personal information when you use our mobile application and services (collectively, the "Service").

By using Bazu, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use Bazu, you provide us with:

Account Information:

  • Name (first and last name)
  • Email address
  • Username
  • Date of birth
  • Gender
  • OAuth provider information (if you sign in with Google or Apple)

OAuth Sign-In Details:

If you sign in with Google or Apple, we receive your email address and authentication token from your OAuth provider. Important notes:

  • We do NOT access your Gmail, Google Drive, Apple iCloud, or other services
  • If you sign in with OAuth, you cannot change your email within Bazu
  • To change your OAuth email, update it with Google or Apple directly
  • If you revoke OAuth access, you'll need to re-authenticate to continue using Bazu

Health & Wellness Information (User-Entered):

  • Blood glucose readings (manually entered)
  • Insulin doses and timing
  • Meal information and nutritional data
  • Weight and height measurements
  • Diabetes type and management preferences
  • Medication usage information
  • Health goals and preferences

Important Note: All health data you provide is manually entered by you. We do not collect data directly from medical devices, continuous glucose monitors (CGMs), or other health monitoring equipment.

1.2 Information Collected Automatically

Usage Data:

  • Activity logs (meal entries, glucose logs)
  • App interactions and feature usage
  • Streaks, achievements, and gamification metrics
  • Session duration and frequency

Device Information:

  • Device type and model
  • Operating system version
  • Unique device identifiers (for push notifications)
  • App version

Local Device Storage:

We store the following information locally on your device using encrypted storage:

  • Authentication tokens (for automatic sign-in)
  • Cached profile data (for faster app performance)
  • App settings and preferences

This local data is automatically encrypted by your device's operating system and is deleted when you log out or uninstall the app.

We do NOT collect:

  • Precise geolocation data
  • Contact lists
  • Photos or media (except when you voluntarily upload meal photos)
  • Biometric data

About Meal Photos:

When you use the meal scanning feature:

  • Photos are uploaded to secure cloud storage (Supabase)
  • Photos are processed to identify food items and estimate nutrition
  • Photos are stored with time-limited, authenticated URLs that require you to be logged in
  • Photos are permanently deleted when you delete your account
  • Photos are NOT shared with third parties except for AI processing (see Section 3.1)

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Improve the Service

  • Create and manage your account
  • Track and display your health data
  • Generate insights and analytics about your diabetes management
  • Provide personalized recommendations
  • Award achievements and maintain gamification features

AI-Powered Features:

We use artificial intelligence to:

  • Analyze text descriptions of meals you type (e.g., "chicken and vegetables")
  • Analyze photos of meals you capture with your camera
  • Identify food items from text or visual analysis
  • Estimate portion sizes from descriptions or images
  • Provide nutritional information when database data is unavailable
  • Estimate glycemic index values

Important: AI-generated estimates may not be 100% accurate. Always verify nutritional information with reliable sources and consult your healthcare provider for medical decisions.

2.2 Communication

  • Send you notifications about meal logging reminders
  • Provide streak reminders and achievement notifications
  • Send important service updates and security alerts
  • Respond to your support requests

2.3 Service Improvement

  • Analyze usage patterns to improve features
  • Debug technical issues
  • Develop new features based on user needs
  • Ensure service security and prevent fraud

2.4 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests
  • Enforce our Terms of Service

3. How We Share Your Information

We do NOT sell your personal information or health data.

We may share your information only in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

Supabase: Cloud database and backend infrastructure (data storage)

  • Stores all data you enter in the app
  • Located in the United States
  • Row Level Security ensures you can only access your own data
  • Privacy Policy: https://supabase.com/privacy

OpenAI: AI-powered nutrition analysis

  • Receives meal descriptions (text you type) and meal photos (images you capture) to identify food items
  • Analyzes text descriptions like "grilled chicken with rice" or visual images of your meals
  • Estimates portion sizes and nutritional values from your text or photos
  • Does NOT receive your glucose readings, insulin doses, profile information, or other health data
  • Does NOT use API data to train their models
  • Your meal data is processed and then discarded
  • Privacy Policy: https://openai.com/api-data-privacy

Edamam: Food database and nutrition data

  • Receives food names and barcode scans from your meal searches
  • Does NOT receive your health data or personal information
  • Privacy Policy: https://www.edamam.com/privacy-policy

OneSignal: Push notification delivery service

  • Receives device identifier and notification preferences
  • Does NOT receive your health data or meals
  • Privacy Policy: https://onesignal.com/privacy_policy

Google: OAuth authentication for sign-in (if you use Google Sign-In)

  • Privacy Policy: https://policies.google.com/privacy

Apple: OAuth authentication for sign-in (if you use Sign in with Apple)

  • Privacy Policy: https://www.apple.com/legal/privacy/

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Analytics (Future)

We do NOT currently use any third-party analytics, tracking, or advertising services.

If we implement analytics services in the future, we will:

  • Update this policy BEFORE implementation
  • Notify you via email and in-app notification at least 30 days in advance
  • Use aggregated, de-identified data where possible
  • Provide opt-out options
  • Never share identifiable health data with analytics providers

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights or property
  • Prevent fraud or security issues
  • Protect the safety of our users

3.4 Business Transfers

If Bazu is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Data Security

We take the security of your health information seriously and implement industry-standard security measures:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest
  • Authentication: Secure login with password protection and OAuth options
  • Access Controls: Strict limitations on who can access user data
  • Database Security: Row Level Security (RLS) in our database ensures you can only access your own data. Even if someone gains unauthorized database access, they cannot view other users' data without proper authentication.
  • Regular Security Audits: We monitor for vulnerabilities and threats

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services.

  • Active Accounts: Data is retained while your account is active
  • Account Deletion: When you delete your account, we delete your personal data immediately. This includes:
    • All profile information
    • All health tracking data (glucose readings, insulin doses, meal logs)
    • All photos and images
    • Achievement and gamification data
    • Notification settings

What We May Retain:

  • Aggregated, anonymized statistics that cannot be linked back to you (for service improvement)
  • Legal compliance records if required by law

We do NOT maintain backups of deleted user data.

6. Your Rights and Choices

6.1 Access and Update

You can access and update your personal information at any time through the app settings.

Data Export:

To request a copy of your data, contact us at privacy@withbazu.com with your name and account email. We will provide your data in JSON format within 30 days.

Note: We are developing an in-app "Download My Data" feature for self-service export, which will be available in a future update.

6.2 Delete Your Account

You can request deletion of your account and all associated data by:

  • Using the "Delete Account" feature in app settings
  • Contacting us at privacy@withbazu.com

6.3 Opt-Out of Communications

You can opt out of promotional notifications through:

  • App notification settings
  • Device notification settings
  • Email unsubscribe links

Note: You cannot opt out of essential service communications (e.g., security alerts).

6.4 Data Portability

You can request a copy of your data:

  • Email Request: Contact us at privacy@withbazu.com for assistance

We will provide your data in a commonly used, machine-readable format within 30 days of your request.

Note: An in-app download feature is in development and will be available in a future update.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Rights:

  • Right to Know: Request details about the personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

How to Exercise Your Rights:

Contact us at privacy@withbazu.com or use the in-app account deletion feature.

We will respond to your request within 45 days.

8. International Users & GDPR

While Bazu primarily serves users in the United States, we recognize rights under the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA):

Legal Basis for Processing (EEA Users):

  • Consent: You consent to our processing when you create an account
  • Contractual Necessity: Processing is necessary to provide the Service
  • Legitimate Interests: We process data to improve and secure the Service

Your GDPR Rights:

  • Right to access your data
  • Right to rectification (correction)
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

To exercise these rights, contact us at privacy@withbazu.com.

9. Children's Privacy

Bazu is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@withbazu.com, and we will delete it promptly.

Users between 13-18: If you are a minor, please have your parent or guardian review this Privacy Policy with you.

10. Health Information & HIPAA

Bazu is NOT a HIPAA-covered entity. We are a personal health tracking application, and the health information you enter is:

  • Entered voluntarily by you
  • Not received from healthcare providers
  • Not used for medical diagnosis or treatment
  • Not shared with healthcare providers without your explicit action

This means:

  • We are not subject to HIPAA regulations
  • Your data is protected under general privacy laws (CCPA, state privacy laws)
  • We do not have "Business Associate Agreements" with healthcare providers

We strongly recommend:

  • Do not rely solely on Bazu for medical decisions
  • Always consult with your healthcare provider
  • Share your Bazu data with your doctor if you find it helpful

11. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., educational resources). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top
  • We will notify you through the app or via email for material changes
  • Continued use of the Service after changes constitutes acceptance

We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bazu Technologies, LLC

Email: privacy@withbazu.com

Website: https://withbazu.com

For data subject requests (access, deletion, etc.), please include:

  • Your full name
  • Email address associated with your account
  • Specific request details

We will respond within 30-45 days.

14. Data Processing Locations

Your information is processed and stored in the United States. By using Bazu, you consent to the transfer of your information to the U.S., which may have different data protection laws than your country of residence.

15. Your Consent

By using Bazu, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

© 2025 Bazu Technologies, LLC. All rights reserved.