Privacy Policy
Last updated: June 2026
1. Introduction
Diablesse is an app for iOS and Android that helps with diabetes management. This Privacy Policy explains, in plain terms, what data the app uses, where it lives, and what choices you have. It applies to the iPhone and Android versions; where the platforms differ, we make that clear.
2. Where your data lives
By default, everything you log — glucose readings, meals, medications, and settings — is stored locally on your device. The app works fully offline, with no login, and sends none of this anywhere. Features that involve servers (cloud sync, integrations, and usage statistics) are described below and, when optional, stay off until you turn them on.
3. What we don't do
Whatever features you use:
- We don't show ads
- We don't use an advertising identifier (advertising ID)
- We don't sell your data or share it with third parties for marketing
- We don't track you across apps
- We don't use your health data for advertising
4. Cloud sync (optional)
Cloud sync is an optional feature, off by default, that keeps your data mirrored across your own devices. You can turn it on and off whenever you want. When enabled, it syncs your diary entries (glucose, meals and carbs, bolus, etc.), favorites, and some settings. How this works depends on the platform:
- iPhone (iCloud): your data lives in your private iCloud account (Apple CloudKit), which only you can access. We have no servers of our own and don't access that content.
- Android (Firebase): your data is stored on Google servers (Firebase Firestore) and is tied to your Google account, used to sign in. This means that on Android, sync is not anonymous: it identifies you by your Google account and stores your data (including glucose readings and meals) on Google's infrastructure.
- What is never synced: menstrual cycle data, your usage-statistics preference, and device-specific settings.
5. Health app integrations (Apple Health and Health Connect)
With your explicit authorization, Diablesse can integrate with Apple Health (iOS) or Health Connect (Android). Permissions are granted per data type and can be turned off at any time, both in the app and in your Apple Health / Health Connect settings. With your authorization, the app can:
- Read: physical activity and exercise (calories, distance, heart rate, steps, power), sleep, glucose, and menstrual cycle (flow and cycle-start dates).
- Write: glucose — the app can send the glucose readings you entered to Apple Health / Health Connect.
This data is used only to display your own indicators inside the app and is stored locally on your device. We don't use it for advertising and we don't sell it. Menstrual cycle (sensitive reproductive-health data): the dates and flow stay only on your device — they are not sent to servers, not included in backups, and not included in cloud sync. Aggregated indicators derived from it (such as the cycle × glucose correlation, averages only) may appear in exports you generate yourself — see Exports and reports you generate. You can revoke access at any time.
6. Accu-Chek meter (Bluetooth)
Optionally, the app can read glucose readings from an Accu-Chek meter over Bluetooth and store them locally on your device. This requires the Bluetooth permission, used only for that connection.
7. Exports and reports you generate
Some features create files or reports from your data, always through an action you take:
- Backup (JSON file): you export and import it on your own, to whatever storage you choose. It may contain your health data (glucose readings, meals, insulin). The file stays under your control — the app doesn't send it anywhere.
- PDF report and Export to AI: these may contain aggregated indicators derived from your health data, including the glucose × menstrual cycle correlation (averages only, never dates or flow).
Sharing is always your action: you choose the destination (for example, your doctor or a third-party AI tool). Those destinations have their own privacy policies, for which we are not responsible.
8. Usage statistics
To understand how the app is used and improve it, we collect anonymous usage statistics through PostHog (servers in the United States, acting as our processor). We record only usage events — screens opened, actions, and counts — tied to a pseudonymous identifier generated on the device. We never send health data, your name, email, or anything that identifies you. Regarding the menstrual cycle, at most we record a boolean flag that the feature is used — never dates, flow, or values. There is no session replay, no advertising identifier, and no cross-app tracking. This feature is on by default but is opt-out: you can turn it off in Settings → "Share usage statistics", after which no events are sent. We retain these events only for as long as needed to understand usage trends.
9. Notifications
The app's reminders and alerts are local, generated on the device itself. No data is sent for them to work.
10. Account and sign-in
Signing in with a Google account is used only for cloud sync. Without signing in, the app works normally with your local data.
11. Subprocessors
When a feature involves servers, we rely on the following partners, each only for the stated purpose:
- Apple — iCloud, for cloud sync on iOS (data in your private account).
- Google — Health Connect (health integration), Firebase Authentication and Firebase Firestore (sign-in and sync on Android), and Google Play Billing (subscriptions).
- PostHog (United States) — anonymous usage statistics.
We don't sell data, we don't serve ads, and we don't use an advertising identifier.
12. System permissions
Any permission your device's system may request is used only for its corresponding function, at the moment you trigger it, and never to collect data.
13. Security
We take reasonable measures to protect your data in transit (encrypted connections) and at rest. The cloud services we use (Apple and Google) apply their own security protections. No system is completely foolproof, but we work to minimize the data that leaves your device.
14. Your rights and controls
You have the right to access, port, and delete your data, as well as to object to its use for statistics. In practice:
- Access and port your data by generating a Backup, a PDF report, or an export to AI.
- Delete your diary entries inside the app, using the clear-all-records feature.
- Revoke health permissions in Apple Health / Health Connect — the app stops accessing that data.
- Object to usage statistics by turning the option off in Settings.
- Turn off cloud sync or uninstall the app, which removes the local data from your device.
On Android, you can delete your sign-in account and all cloud data directly in the app, under Settings → Cloud sync → "Delete account and data". If you can't access the app, write to our support email from the address of the account used, and we'll arrange its removal within 30 days.
15. Age and use by minors
Diablesse is intended for users 13 years of age or older and is not directed at children under 13. Teenagers (ages 13–17) should use the app with the awareness and consent of a parent or legal guardian where the law requires it. The digital age of consent varies by country (for example, between 13 and 16 in the European Union); where local law requires, consent to process a minor's data must be given by a guardian.
16. Legal basis (LGPD and GDPR)
For health data, the legal basis is your consent, given when you enable each integration or feature and revocable at any time. For anonymous usage statistics, we rely on our legitimate interest in improving the app, always with the option to opt out.
17. Changes to this policy
This policy may be updated to reflect improvements to the app or legal requirements. When that happens, we'll revise the "last updated" date at the top of this page.
18. Contact
If you have privacy questions or want to request data deletion, reach us at support@diablesse.app.