Last Updated: June 20, 2026
This Privacy Policy explains how Bazu Technologies, LLC (“Bazu,” “we,” “us”) collects, uses, shares, and protects your personal information when you use the Bazu mobile application, website, and related services (collectively, the “Service”).
Bazu is a wellness and food-tracking app intended for adults (18+) in the United States. The Service is not designed to diagnose, treat, or manage any medical condition. Please also read our Terms of Service and Medical Disclaimer.
If you are a Washington or Nevada resident, additional disclosures and rights apply to your consumer health data — please read our separate Consumer Health Data Privacy Policy.
Account Information
OAuth Sign-In Details
If you sign in with Google or Apple, we receive your email address and an authentication token. We do NOT access your Gmail, Google Drive, iCloud, or other Google/Apple services. If you sign in with OAuth, you cannot change your email inside Bazu — update it with Google or Apple directly.
Wellness Profile
Meal and Food Data
Optional Health Data (only if you provide it)
Most users do not provide any of the above. They are optional and never required to use the Service.
Based on the data you provide, the Service generates algorithmic outputs. These are derived from your inputs and stored alongside your account:
These outputs are estimates only. See our Medical Disclaimer and the Estimated Glucose Curve disclaimer in our Terms of Service.
Usage Data
Device Information
Local Device Storage
The following are stored encrypted on your device:
Local data is encrypted by your device's operating system and is deleted when you log out or uninstall the app.
We Do NOT Collect
About Meal Photos
If you choose to enable CGM integration, Bazu can read glucose data from Apple HealthKit. This is entirely optional and requires your explicit permission.
What We Access
What We Do NOT Access
How It Works
How We Use CGM Data
To display your glucose trends inside the app and to overlay your real readings on the Estimated Glucose Curve for comparison. We do not use CGM data for advertising. We do not sell CGM data. We do not use CGM data to train any AI model.
We use third-party AI providers (currently OpenAI and Anthropic) to parse your meal descriptions and photos and to estimate nutrition. We send only the meal-related text or image needed to do the task. We do NOT send your name, email, glucose readings, insulin doses, weight, diabetic status, or other profile information to AI providers.
We do not use your data to train AI models for any third party. OpenAI and Anthropic confirm in their API terms that data submitted via API is not used to train their models by default. We rely on those commitments and never opt in to training-data programs.
We may use aggregated, de-identified data — data that cannot reasonably be linked back to you — to evaluate and improve our own models, scoring algorithms, and product features.
We do not sell, rent, or trade your health-related data — including glucose readings, insulin doses, meals, meal photos, nutrition data, weight, or diabetic status — to advertisers, data brokers, insurers, or anyone else, ever.
We have not sold or shared any personal information for cross-context behavioral advertising in the preceding twelve (12) months, with one limited exception: if you grant permission through the iOS App Tracking Transparency prompt, your device's advertising identifier (IDFA) and standard app install/launch events may be shared with Meta Platforms, Inc. for app-install advertising attribution. Under the California Consumer Privacy Act (CCPA/CPRA), this activity may be considered a “sale” or “share” of personal information. It involves only the advertising identifier and non-health events; it never involves your health data. You can opt out at any time (see Section 4.2 and Section 8.5).
We share data with trusted third-party service providers who help us operate the Service. Each is contractually obligated to protect your data and use it only for the purposes we specify.
Supabase — cloud database, storage, and authentication
Railway — backend application hosting
OpenAI and Anthropic — AI nutrition and meal parsing
Edamam and Open Food Facts — food databases
RevenueCat — subscription processing
OneSignal — push notification delivery
PostHog — product analytics
Sentry — crash and error monitoring
Resend — transactional email
Google — OAuth (if you sign in with Google)
Apple — OAuth and HealthKit
Bazu uses one third-party advertising service: the Meta (Facebook) SDK, integrated solely for app-install advertising attribution.
What Meta Receives
What Meta Does NOT Receive
Your Control
Meta receives no health data from Bazu. Only the advertising identifier and non-health install/launch events, and only with your permission.
We may disclose your information if required by law, court order, or lawful government request, or if we reasonably believe disclosure is necessary to:
If Bazu is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
We use industry-standard security measures to protect your information:
No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
We keep your information only as long as needed to provide the Service and meet legal obligations:
When You Delete Your Account
Your account data, meal data, photos, and any optional health data are deleted within 30 days. We do not maintain long-term backups of deleted user data. CGM readings previously synced from Apple Health are deleted along with the rest of your account; they cannot be re-synced after deletion.
You can view and edit most of your profile information directly in the app (Settings and Update Your Profile). For other access or correction requests, email hello@withbazu.com.
You can delete your account using the “Delete Account” option in Settings, or by emailing hello@withbazu.com. Deletion is permanent and removes all your data within 30 days (see Section 6).
To request a copy of your data in a structured, machine-readable format, email hello@withbazu.com with your account email. We will respond within 30 days. An in-app export feature is in development.
The iOS App Tracking Transparency prompt is your opt-out for advertising-identifier sharing with Meta. Choose “Ask App Not to Track,” or change your choice anytime in iOS Settings → Privacy & Security → Tracking. See also our Your Privacy Choices page.
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
Your Rights
“Sale” and “Sharing” Disclosure
We do not exchange your personal information for money. The only activity that may be considered a “sale” or “share” under CCPA/CPRA is the sharing of your IDFA and standard app install/launch events with Meta for app-install advertising attribution, and only when you grant permission via the iOS ATT prompt. See Section 4.2.
How to Exercise Your Rights
Email hello@withbazu.com, use the in-app account deletion feature, or visit our Your Privacy Choices page. We will respond within 45 days.
If you are a Washington or Nevada resident, the health-related information you provide to Bazu is treated as “consumer health data” under Washington's My Health My Data Act (MHMDA) and Nevada's SB 370.
Please read our separate Consumer Health Data Privacy Policy for the full disclosures and rights that apply to that data, including your rights to access, delete, withdraw consent, and appeal.
We provide the Consumer Health Data Privacy Policy as a separate, distinctly linked document as required by Washington law.
Bazu is not a HIPAA-covered entity and is not a business associate of one. The health-related information you enter into Bazu is:
Your information is instead protected by general consumer-privacy laws (such as CCPA/CPRA and, where applicable, Washington MHMDA and Nevada SB 370 — see Section 9) and by this Privacy Policy. We strongly recommend that you do not rely solely on Bazu for any health-related decision and that you consult a qualified healthcare provider when needed.
On iOS, Bazu uses Apple's App Tracking Transparency (ATT) framework. The first time it is relevant, iOS will show you a prompt asking whether you allow Bazu to track you across apps and websites owned by other companies.
What the Prompt Controls
Important
Bazu is intended for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will prohibit and block that account and delete the associated information promptly.
If you believe a person under 18 has provided us personal information, contact us at hello@withbazu.com.
Bazu is designed for, marketed to, and intended for use by individuals in the United States. We do not target the European Economic Area, the United Kingdom, or other jurisdictions outside the U.S. The Service and all data are hosted and processed in the United States.
If you access the Service from outside the United States and believe we hold your personal data, you may contact us at hello@withbazu.com to request access, correction, or deletion. We will respond within 30 days. This contact pathway does not constitute an offering of the Service in your jurisdiction.
All personal data collected by Bazu is processed and stored in the United States. We do not intentionally transfer your data outside the United States. By using the Service, you consent to this processing location.
If we experience a security breach involving your personal information, we will notify you and the relevant authorities as required by applicable law, including the FTC Health Breach Notification Rule (16 CFR Part 318) for breaches involving identifiable health information, and applicable state breach-notification statutes. Notice will be given without unreasonable delay and, in any event, within the timeframes those laws require.
The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. Review their privacy policies before providing any information.
We may update this Privacy Policy from time to time. When we do:
For questions, concerns, or requests about this Privacy Policy or our data practices:
Bazu Technologies, LLC
Email: hello@withbazu.com
Website: https://withbazu.com
For data subject requests (access, deletion, etc.), please include your full name, the email address on your account, and the specific request. We will respond within 30 to 45 days, depending on the applicable law.
By using Bazu, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
© 2026 Bazu Technologies, LLC. All rights reserved.