Privacy Policy

Last updated: 7 April 2026

Shugs (“we”, “us”, “our”) is a Type 1 Diabetes companion app operated from the United Kingdom. This policy explains what data we collect, why, and how we protect it. We believe in plain language — no legalese.

What we collect

  • Email address— for your account, login links, and notifications.
  • Glucose data— readings synced from your Dexcom CGM via the Dexcom API.
  • HealthKit data — steps, heart rate, sleep, active energy, and workouts, synced from Apple Health on iOS with your permission.
  • Journal entries — events you log yourself, such as meals, exercise, and stress.
  • Push notification tokens — device tokens for delivering web and iOS push notifications.
  • Subscription and billing data — managed by Stripe (web) and Apple In-App Purchase (iOS). We store subscription status but never see or store your full payment card details.

How we use your data

We use your data to:

  • Show you your glucose trends, health metrics, and journal history.
  • Generate personalised nudges and insights based on your patterns.
  • Send you notifications and emails you have opted into.
  • Process your subscription and manage your account.
  • Improve the app (we use aggregated, anonymised usage data).

We do not sell your data. We do not share your data with third parties for marketing or advertising. We do not use your data for ad targeting.

AI processing

We use Anthropic's Claude AI to analyse glucose patterns and generate nudges. When we send data to the AI, we send glucose readings and health metrics only — no personally identifiable information such as your name or email address. Anthropic does not use this data to train their models.

Data storage and security

Your data is stored in a Supabase-hosted PostgreSQL database with encryption at rest and in transit. We use row-level security so you can only access your own data. Access to production systems is restricted and logged.

Third-party services

We rely on a small number of trusted services to run Shugs. Each processes only the minimum data needed for its function:

  • Supabase— database hosting and authentication.
  • Anthropic (Claude) — AI-generated nudges and insights (no PII sent).
  • Dexcom— glucose data sync via their API, authorised by you.
  • Stripe— web payment processing and subscription management.
  • Apple— iOS In-App Purchase billing and HealthKit data access.
  • Resend— email delivery.
  • Inngest— background job processing.

Your rights

We are based in the UK and comply with UK GDPR. You have the right to:

  • Access— request a copy of all data we hold about you.
  • Rectification— ask us to correct inaccurate data.
  • Erasure— ask us to delete your account and all associated data.
  • Portability— receive your data in a machine-readable format.
  • Restriction— ask us to limit how we process your data.
  • Objection— object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at the address below. We will respond within 30 days.

Data export & deletion

  • Export— you can download all your data (glucose readings, journal entries, patterns, scores, and correlations) in JSON or CSV format from Settings > Data. Exports are available instantly.
  • Account deletion — you can permanently delete your account and all associated data from Settings > Data. Deletion is immediate and irreversible. Backups are purged within 30 days.

Data retention

We keep your data for as long as your account is active. If you delete your account, we delete all your personal data within 30 days. Anonymised, aggregated data that cannot identify you may be retained for product improvement.

Children's privacy

Shugs is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify you by email or within the app. The date at the top of this page always shows the latest revision.

Contact

If you have questions about this policy or your data, email us at privacy@shugs.app.