PRIVACY POLICY

Last updated: 2026, February,01

1. INTRODUCTION
This Privacy Policy explains how Glyne (“Glyne”, “we”, “us”, “our”) collects, uses, processes, stores, shares, and protects personal data when you use the Glyne mobile application, website, and related services (collectively, the “Service”).

This Policy is designed to comply with:
EU General Data Protection Regulation (GDPR)
US privacy laws, including CCPA/CPRA where applicable
Apple App Store Review Guidelines and App Privacy requirements

2. DATA CONTROLLER
Glyne acts as the data controller for personal data processed under this Policy.

Contact:
privacy@glyne.app

3. DATA ARCHITECTURE OVERVIEW
Glyne processes data in three logical layers:
Account Layer (identifiable data)
Pseudonymized Service & Research Layer
Fully Aggregated Statistical Layer

Each layer has different legal treatment and retention rules.

4. CATEGORIES OF DATA WE COLLECT
4.1 Data You Provide Directly
Email address
User account ID
App settings and preferences
Manually entered health-related data (glucose, meals, activities, stress indicators)
Feedback and support messages

This data is processed to provide the Service.

4.2 Health and Wellness Data
With explicit user consent, Glyne processes:
Blood glucose values
Nutrition data
Activity data
Weight and body composition data

Health data is processed under Article 9 GDPR (explicit consent).

4.3 Automatically Collected Data
With appropriate consent (depending on category):
Pseudonymized device identifiers
Screen views and interactions
Diagnostic and crash data

Events are limited to predefined properties (allowlist). Arbitrary data is not collected.

4.4 Location and Environmental Data
If enabled:
Approximate location (city/region level only)
Weather context for recommendations
Precise GPS coordinates are not stored.

5. GLYNE RESEARCH PROGRAM
Participation in the Glyne Research Program is optional and governed by separate consent.

Research data:
Is pseudonymized
Is primarily processed in categorized or range-based format
Does not include direct identifiers

See the Glyne Research Program Policy for details.

6. THIRD-PARTY PROCESSORS
Glyne uses the following processors under Data Processing Agreements:
Google Firebase (authentication, crash reporting, analytics)
Amplitude (behavioral analytics and aggregated health pattern analysis)
OpenAI API (insight generation and pattern recognition)
FatSecret API (food database)
Open Food Facts (food metadata)
WeatherAPI (weather-based recommendations)

We do not sell personal data.
No data is shared for advertising profiling or cross-service tracking.

7. PURPOSES OF PROCESSING
We process data to:
Provide core app functionality
Generate personalized insights
Improve recommendation accuracy
Maintain stability and security
Conduct aggregated research and product improvement
Comply with legal obligations

8. LEGAL BASES (GDPR)
We rely on:
Explicit consent (Article 6(1)(a) + Article 9 for health data)
Performance of contract (Article 6(1)(b))
Legitimate interests (security, fraud prevention, crash diagnostics only)
Legal obligations (Article 6(1)(c))

Health-related analytics and research are processed exclusively under explicit consent.
Users may withdraw consent at any time.

9. DATA RETENTION
Retention depends on data category:
Account Data
Retained while account is active and for up to 12 months after deletion for legal compliance.

Pseudonymized Analytics & Research Data
Retained for up to 36 months unless earlier deletion is requested.

Fully Aggregated Statistical Data
May be retained indefinitely as it no longer identifies individuals.

10. INTERNATIONAL DATA TRANSFERS
Data may be processed outside your country of residence, including the United States.
Safeguards include:
Standard Contractual Clauses (SCCs)
Adequacy decisions where applicable
Contractual data protection obligations with processors

11. USER RIGHTS
GDPR (EU/EEA)
Access
Rectification
Erasure
Restriction
Portability
Objection
Withdrawal of consent

CCPA/CPRA (California)
Right to know
Right to delete
Right to opt-out of sale (not applicable — no sale occurs)
Right to non-discrimination
Requests: privacy@glyne.app

12. AUTOMATED DECISION-MAKING
Glyne provides health-related insights.
These do not constitute medical advice and do not produce legal or similarly significant effects.

13. CHILDREN’S PRIVACY
Glyne is not intended for users under 13 (or 16 in the EU).
We do not knowingly collect children’s data.

14. DATA SECURITY
We implement:
Encryption in transit and at rest
Pseudonymization
Access controls
Regular security review processes

15. CHANGES
Material changes will be communicated in-app.

END OF PRIVACY POLICY