Privacy Policy

At DiagnoX, we are committed to protecting your privacy and maintaining the confidentiality of your personal health information. This Privacy Policy describes our practices concerning the collection, use, and disclosure of information through our DiagnoX glucose monitoring device, mobile application, and related services.

Key Points:

• We only collect data necessary for device functionality and your health insights
• Your glucose readings and health data are encrypted and stored securely
• We never sell your personal health information to third parties
• You have full control over your data and can export or delete it at any time
• We comply with HIPAA, GDPR, and other applicable privacy regulations

Scope of This Policy

This Privacy Policy applies to all DiagnoX products and services, including:

• DiagnoX glucose monitoring device
• DiagnoX mobile application (iOS and Android)
• DiagnoX web portal and dashboard
• Customer support services
• DiagnoX websites and online services

We collect several types of information to provide you with our glucose monitoring services and to continuously improve your experience.

Detailed Data Collection

Health and Medical Information:

• Blood glucose measurements and timestamps
• Glucose trends and patterns
• Medication information (if provided)
• Meal timing and carbohydrate intake (if logged)
• Exercise and activity data (if connected to fitness apps)
• Notes and annotations you add to readings
• Healthcare provider information (if shared)

Account and Profile Information:

• Full name and email address
• Date of birth and gender
• Diabetes type and diagnosis date
• Target glucose ranges and preferences
• Emergency contact information
• Time zone and location (for accurate readings)

Technical Information:

• Device identifiers and serial numbers
• Software and firmware versions
• Network connectivity information
• Error logs and diagnostic data
• Performance metrics and battery status

We use your information solely to provide, improve, and personalize our glucose monitoring services. Here's how:

Primary Service Functions:

• Glucose Monitoring: Processing and displaying your glucose readings in real-time
• Trend Analysis: Identifying patterns and providing insights about your glucose levels
• Alerts and Notifications: Sending timely alerts for high/low glucose levels
• Health Reports: Generating comprehensive reports for you and your healthcare providers
• Device Synchronization: Syncing data between your device and mobile app

Product Improvement:

• Enhancing device accuracy and performance
• Developing new features and capabilities
• Improving user interface and experience
• Conducting quality assurance and testing
• Training machine learning algorithms for better insights

Customer Support:

• Providing technical assistance and troubleshooting
• Processing warranty claims and replacements
• Responding to inquiries and feedback
• Facilitating healthcare provider communication

Legal and Safety Requirements:

• Complying with medical device regulations
• Reporting adverse events to regulatory authorities
• Maintaining records for clinical studies
• Protecting against fraud and misuse

We maintain strict controls over your personal health information and only share it in specific, limited circumstances with your consent or as required by law.

With Your Explicit Consent:

• Healthcare Providers: When you choose to share reports with your doctor or diabetes care team
• Family Members: If you designate emergency contacts or caregivers
• Third-Party Apps: When you connect to compatible health platforms (Apple Health, Google Fit)
• Research Studies: If you voluntarily participate in clinical research (always anonymized)

Service Providers (Data Processors):

We work with trusted third-party service providers who help us deliver our services. These providers:

• Are bound by strict confidentiality agreements
• Only access data necessary for their specific function
• Meet our security and privacy standards
• Include cloud storage providers, data analytics services, and customer support platforms

Legal Requirements:

• When required by law or court order
• To comply with medical device regulations
• To report serious adverse events to regulatory authorities
• To protect the safety and rights of users or the public

Business Transfers:

In the unlikely event of a merger, acquisition, or sale of assets, your information would be transferred only to entities that agree to protect it under the same standards as this Privacy Policy.

We implement comprehensive security measures to protect your personal health information from unauthorized access, use, disclosure, or destruction.

Technical Safeguards:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication and role-based access restrictions
• Network Security: Firewalls, intrusion detection, and regular security monitoring
• Data Backup: Automated, encrypted backups with geographic redundancy
• Secure Development: Regular security audits and penetration testing

Administrative Safeguards:

• Comprehensive employee training on privacy and security
• Background checks for all personnel with data access
• Regular security policy updates and compliance reviews
• Incident response procedures and breach notification protocols
• Data retention and disposal policies

Physical Safeguards:

• Secure data centers with biometric access controls
• 24/7 monitoring and surveillance
• Environmental controls and disaster recovery systems
• Secure device manufacturing and shipping processes

Your Role in Security:

• Use strong, unique passwords for your DiagnoX account
• Keep your mobile app updated to the latest version
• Report any suspicious activity or security concerns immediately
• Log out of shared devices and secure your DiagnoX device

You have significant control over your personal health information. We provide tools and mechanisms to exercise your privacy rights easily and effectively.

Access and Portability:

• View Your Data: Access all your health information through the DiagnoX app
• Export Data: Download your complete health records in standard formats (PDF, CSV, JSON)
• Share with Providers: Generate comprehensive reports for healthcare consultations
• Data History: View complete audit logs of data access and modifications

Correction and Updates:

• Update your profile information at any time
• Correct inaccurate health data or add context notes
• Modify privacy settings and sharing preferences
• Request assistance with data corrections from our support team

Deletion and Retention:

• Delete Individual Records: Remove specific glucose readings or notes
• Account Deletion: Permanently delete your entire account and all associated data
• Retention Periods: We retain data only as long as necessary for service provision
• Backup Deletion: Data is removed from all backups within 90 days of deletion

Communication Preferences:

• Customize alert types and notification preferences
• Opt out of marketing communications (service messages still apply)
• Control emergency contact notifications
• Choose preferred communication channels

Geographic Rights:

GDPR (European Union): Right to access, rectification, erasure, portability, and restriction of processing

CCPA (California): Right to know, delete, and opt-out of sale (we don't sell personal information)

HIPAA (United States): Right to access, amend, and accounting of disclosures

DiagnoX is designed to help people of all ages manage diabetes, including children and teenagers with Type 1 diabetes.

Children Under 13:

• Parental consent is required before creating an account
• Parents have full access to their child's account and data
• Additional security measures protect children's information
• We comply with COPPA (Children's Online Privacy Protection Act)

Teenagers (13-17):

• May create accounts with parental knowledge and consent
• Parents can be granted access based on family preferences
• Transition to full control at 18 (or legal age in their jurisdiction)
• Enhanced privacy education and controls

Parental Rights:

• Review and approve all data collection for children under 13
• Access and export their child's health information
• Request deletion of their child's account
• Receive notifications about privacy policy changes

DiagnoX operates globally, and we may transfer your personal information across international borders to provide our services.

Transfer Safeguards:

• All transfers use appropriate safeguards as required by applicable laws
• EU-US data transfers are governed by Standard Contractual Clauses
• Data localization preferences are honored where legally required
• Encryption protects data during all international transfers

Data Storage Locations:

• Primary data centers in the United States and European Union
• Regional backup facilities for disaster recovery
• Data residency options for enterprise customers
• Compliance with local data protection regulations

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements.

Notification Process:

• Material changes will be communicated via email and in-app notifications
• Minor updates will be posted on our website with updated dates
• Users will have 30 days to review changes before they take effect
• Continued use of services indicates acceptance of updated terms

Version Control:

• All policy versions are archived and available upon request
• Clear change logs document what has been modified
• Previous versions remain accessible for reference