Privacy Policy

Last Updated: March 4, 2026

Welcome to Bazu ("we," "our," or "us"). This Privacy Policy explains how Bazu Technologies, LLC collects, uses, shares, and protects your personal information when you use our mobile application and services (collectively, the "Service").

By using Bazu, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use Bazu, you provide us with:

Account Information:

Name (first and last name)
Email address
Username
Date of birth
Gender
OAuth provider information (if you sign in with Google or Apple)

OAuth Sign-In Details:

If you sign in with Google or Apple, we receive your email address and authentication token from your OAuth provider. Important notes:

We do NOT access your Gmail, Google Drive, Apple iCloud, or other services
If you sign in with OAuth, you cannot change your email within Bazu
To change your OAuth email, update it with Google or Apple directly
If you revoke OAuth access, you'll need to re-authenticate to continue using Bazu

Health & Wellness Information (User-Entered):

Blood glucose readings (manually entered or synced from a connected device via Apple Health)
Insulin doses and timing
CGM glucose readings (timestamp, glucose value, and data source — collected only if you enable CGM integration via Apple Health)
Meal information and nutritional data
Weight and height measurements
Diabetes type and management preferences
Medication usage information
Health goals and preferences

Important Note: Most health data is manually entered by you. If you enable CGM integration, Bazu reads glucose data from Apple HealthKit with your explicit consent. We never connect directly to CGM hardware — all CGM data flows through Apple Health.

1.2 Information Collected Automatically

Usage Data:

Activity logs (meal entries, glucose logs)
App interactions and feature usage
Streaks, achievements, and gamification metrics
Session duration and frequency

Device Information:

Device type and model
Operating system version
Unique device identifiers (for push notifications)
App version

Local Device Storage:

We store the following information locally on your device using encrypted storage:

Authentication tokens (for automatic sign-in)
Cached profile data (for faster app performance)
App settings and preferences

This local data is automatically encrypted by your device's operating system and is deleted when you log out or uninstall the app.

We do NOT collect:

Precise geolocation data
Contact lists
Photos or media (except when you voluntarily upload meal photos)
Biometric data

About Meal Photos:

When you use the meal scanning feature:

Photos are uploaded to secure cloud storage (Supabase)
Photos are processed to identify food items and estimate nutrition
Photos are stored with time-limited, authenticated URLs that require you to be logged in
Photos are permanently deleted when you delete your account
Photos are NOT shared with third parties except for AI processing (see Section 3.1)

1.3 CGM Integration & Apple Health

If you choose to enable CGM integration, Bazu reads glucose data from Apple HealthKit. This is entirely optional and requires your explicit permission.

What We Access:

Blood glucose samples stored in Apple Health (timestamp, value, unit, source device/app)

What We Do NOT Access:

We do not write data to Apple Health
We do not access any other HealthKit data types (heart rate, steps, sleep, etc.)
We do not connect directly to CGM hardware — all data comes through Apple Health

How It Works:

You grant read-only access to blood glucose data via an iOS HealthKit permission prompt
Bazu periodically reads new glucose samples and syncs them to your account
You can revoke access at any time in iOS Settings → Health → Data Access & Devices → Bazu
Revoking access stops future syncing; previously synced data remains in your Bazu account until you delete it

How We Use CGM Data:

Display glucose trends and history within the app
Generate insights and analytics about your glucose patterns
Correlate glucose data with meals and insulin doses you log

Data Sharing:

CGM data is subject to the same strict sharing rules as all other health data in Bazu (see Section 3). We do NOT sell CGM data or share it with advertisers.

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Improve the Service

Create and manage your account
Track and display your health data
Generate insights and analytics about your diabetes management
Provide personalized recommendations
Award achievements and maintain gamification features

AI-Powered Features:

We use artificial intelligence to:

Analyze text descriptions of meals you type (e.g., "chicken and vegetables")
Analyze photos of meals you capture with your camera
Identify food items from text or visual analysis
Estimate portion sizes from descriptions or images
Provide nutritional information when database data is unavailable
Estimate glycemic index values

Important: AI-generated estimates may not be 100% accurate. Always verify nutritional information with reliable sources and consult your healthcare provider for medical decisions.

2.2 Communication

Send you notifications about meal logging reminders
Provide streak reminders and achievement notifications
Send important service updates and security alerts
Respond to your support requests

2.3 Service Improvement

Analyze usage patterns to improve features
Debug technical issues
Develop new features based on user needs
Ensure service security and prevent fraud

2.4 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests
Enforce our Terms of Service

3. How We Share Your Information

We do NOT sell your personal information or health data.

We may share your information only in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

Supabase: Cloud database and backend infrastructure (data storage)

Stores all data you enter in the app
Located in the United States
Row Level Security ensures you can only access your own data
Privacy Policy: https://supabase.com/privacy

OpenAI: AI-powered nutrition analysis

Receives meal descriptions (text you type) and meal photos (images you capture) to identify food items
Analyzes text descriptions like "grilled chicken with rice" or visual images of your meals
Estimates portion sizes and nutritional values from your text or photos
Does NOT receive your glucose readings, insulin doses, profile information, or other health data
Does NOT use API data to train their models
Your meal data is processed and then discarded
Privacy Policy: https://openai.com/api-data-privacy

Edamam: Food database and nutrition data

Receives food names and barcode scans from your meal searches
Does NOT receive your health data or personal information
Privacy Policy: https://www.edamam.com/privacy-policy

OneSignal: Push notification delivery service

Receives device identifier and notification preferences
Does NOT receive your health data or meals
Privacy Policy: https://onesignal.com/privacy_policy

Google: OAuth authentication for sign-in (if you use Google Sign-In)

Apple: OAuth authentication for sign-in (if you use Sign in with Apple)

Resend: Transactional email delivery service

Sends account verification, password reset, and subscription emails
Receives your email address to deliver messages
Does NOT receive your health data
Privacy Policy: https://resend.com/legal/privacy-policy

RevenueCat: Subscription and payment processing

Manages subscription purchases through Apple App Store
Tracks subscription status (trial, active, cancelled)
Receives your user ID and purchase information
Does NOT receive your health data or meals
Privacy Policy: https://www.revenuecat.com/privacy

Apple HealthKit: CGM glucose data source (if you enable CGM integration)

Bazu reads blood glucose samples from Apple Health with your permission
Data flows one way: from Apple Health into Bazu — we do not write data back
Apple does NOT receive any data from Bazu
HealthKit data is processed on-device; Apple does not see your glucose readings
Privacy Policy: https://www.apple.com/legal/privacy/

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Analytics (Future)

We do NOT currently use any third-party analytics, tracking, or advertising services.

If we implement analytics services in the future, we will:

Update this policy BEFORE implementation
Notify you via email and in-app notification at least 30 days in advance
Use aggregated, de-identified data where possible
Provide opt-out options
Never share identifiable health data with analytics providers

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights or property
Prevent fraud or security issues
Protect the safety of our users

3.4 Business Transfers

If Bazu is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Data Security

We take the security of your health information seriously and implement industry-standard security measures:

Encryption: Data is encrypted in transit (TLS/SSL) and at rest
Authentication: Secure login with password protection and OAuth options
Access Controls: Strict limitations on who can access user data
Database Security: Row Level Security (RLS) in our database ensures you can only access your own data. Even if someone gains unauthorized database access, they cannot view other users' data without proper authentication.
Regular Security Audits: We monitor for vulnerabilities and threats

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services.

Active Accounts: Data is retained while your account is active
Account Deletion: When you delete your account, we delete your personal data immediately. This includes:
- All profile information
- All health tracking data (glucose readings, insulin doses, meal logs)
- All photos and images
- Achievement and gamification data
- Notification settings

What We May Retain:

Aggregated, anonymized statistics that cannot be linked back to you (for service improvement)
Legal compliance records if required by law

CGM Data Retention:

CGM glucose readings synced from Apple Health are retained in your account alongside your other health data. If you revoke HealthKit access, previously synced CGM data remains until you manually delete it or delete your account. When you delete your account, all CGM data is permanently deleted.

We do NOT maintain backups of deleted user data.

6. Your Rights and Choices

6.1 Access and Update

You can access and update your personal information at any time through the app settings.

Data Export:

To request a copy of your data, contact us at legal@withbazu.com with your name and account email. We will provide your data in JSON format within 30 days.

Note: We are developing an in-app "Download My Data" feature for self-service export, which will be available in a future update.

6.2 Delete Your Account

You can request deletion of your account and all associated data by:

Using the "Delete Account" feature in app settings
Contacting us at legal@withbazu.com

6.3 Opt-Out of Communications

You can opt out of promotional notifications through:

App notification settings
Device notification settings
Email unsubscribe links

Note: You cannot opt out of essential service communications (e.g., security alerts).

6.4 Data Portability

You can request a copy of your data:

Email Request: Contact us at legal@withbazu.com for assistance

We will provide your data in a commonly used, machine-readable format within 30 days of your request.

Note: An in-app download feature is in development and will be available in a future update.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Rights:

Right to Know: Request details about the personal information we collect and how we use it
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal information)
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

How to Exercise Your Rights:

We will respond to your request within 45 days.

8. International Users & GDPR

While Bazu primarily serves users in the United States, we recognize rights under the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA):

Legal Basis for Processing (EEA Users):

Consent: You consent to our processing when you create an account
Contractual Necessity: Processing is necessary to provide the Service
Legitimate Interests: We process data to improve and secure the Service

Your GDPR Rights:

Right to access your data
Right to rectification (correction)
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent

To exercise these rights, contact us at legal@withbazu.com.

9. Children's Privacy

Bazu is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at legal@withbazu.com, and we will delete it promptly.

Users between 13-18: If you are a minor, please have your parent or guardian review this Privacy Policy with you.

10. Health Information & HIPAA

Bazu is NOT a HIPAA-covered entity. We are a personal health tracking application, and the health information you enter is:

Entered voluntarily by you
Not received from healthcare providers
Not used for medical diagnosis or treatment
Not shared with healthcare providers without your explicit action

This means:

We are not subject to HIPAA regulations
Your data is protected under general privacy laws (CCPA, state privacy laws)
We do not have "Business Associate Agreements" with healthcare providers

We strongly recommend:

Do not rely solely on Bazu for medical decisions
Always consult with your healthcare provider
Share your Bazu data with your doctor if you find it helpful

11. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., educational resources). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last Updated" date at the top
We will notify you through the app or via email for material changes
Continued use of the Service after changes constitutes acceptance

We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bazu Technologies, LLC

Email: legal@withbazu.com

Website: https://withbazu.com

For data subject requests (access, deletion, etc.), please include:

Your full name
Email address associated with your account
Specific request details

We will respond within 30-45 days.

14. Data Processing Locations

Your information is processed and stored in the United States. By using Bazu, you consent to the transfer of your information to the U.S., which may have different data protection laws than your country of residence.

15. Your Consent

By using Bazu, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.