glucodroid.cloud
← Back

Privacy Policy

Last updated: 4 July 2026

glucodroid.cloud is an infrastructure relay service for continuous glucose monitor (CGM) data. Your glucose readings are special category health data under UK GDPR / EU GDPR (Article 9). We process this data only on the basis of your explicit consent, which you provide when you create an account.

1. Who we are

glucodroid.cloud is operated as a personal infrastructure project, maintained by robster7674 (the same maintainer as the public GitHub repository). For data enquiries, contact us at privacy@glucodroid.cloud. We are the data controller for the personal data described in this policy. No Data Protection Officer has been designated; please direct all data requests to privacy@glucodroid.cloud.

2. What data we collect

We do not collect insulin doses, carbohydrate entries, or other treatment data.

3. Legal basis for processing

4. How we use your data

We do not use your data for marketing, profiling, or automated decision-making.

5. Who we share your data with

We do not sell or share your personal data with third parties for their own purposes. Your glucose data is accessible to:

6. Data retention

Your glucose data and account details are retained for as long as your account is active. If you request account deletion, your data will be permanently removed within 30 days. Access logs are deleted after 30 days.

7. Your rights

Under UK GDPR / EU GDPR you have the right to:

To exercise any of these rights, email privacy@glucodroid.cloud.

8. Security

All data is transmitted over TLS (HTTPS). Uploads use the Nightscout API authenticated with your API secret; reads require the same secret. Glucose data is stored in a per-user database on EU-based servers with restricted access. No security measure is perfect; we encourage you to use a strong, unique password.

9. Children

This service may be used to relay CGM data for children under parental or guardian supervision. The account must be created and managed by an adult acting as the data controller for the child's data.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email if you have provided one. The current version is always available at glucodroid.cloud/privacy.html.

11. Data breaches

In the event of a personal data breach affecting your data, we will notify affected users without undue delay. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify the relevant supervisory authority within 72 hours of becoming aware of it, in line with GDPR Articles 33–34.

12. Cookies and tracking

The glucodroid.cloud service does not set cookies. Specifically:

Because nothing is stored or accessed on your device, no consent banner or cookie preference UI is required for normal use of the service.

If we ever change the service to set cookies, embed a WebView, or run third-party trackers, we will update this notice and, where the law requires it, collect your prior consent before those technologies are enabled.