Privacy Policy

Last updated: January 2025

The Short Version

Your health data stays on your device or your iCloud. We don't see it, we don't sell it, we don't want it. The only data that leaves your device goes to services you explicitly connect (like Dexcom) or AI providers for generating insights (and that data is not stored by them).

1. Introduction

Pancrass ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our diabetes management application ("App").

We understand that health data is deeply personal. That's why we've designed Pancrass with a privacy-first architecture where your health data never touches our servers.

2. Data We Collect

2.1 Health Data (Stored Locally)

The following data is collected and stored only on your device or your personal iCloud account:

Glucose readings — Real-time and historical blood glucose data from your CGM
Meal logs — Food entries, photos, carbohydrate estimates, and meal times
Sleep data — Sleep duration, stages, and quality metrics
Activity data — Workouts, steps, and exercise information
Notes and annotations — Personal notes you add to your logs
App settings and preferences — Your personalized configuration

This health data never leaves your device except when:

Synced to your personal iCloud account (if you enable iCloud sync)
Sent to AI providers for generating insights (see Section 4)
Retrieved from services you connect (Dexcom, Oura, HealthKit)

2.2 Account Information

If you create an account, we may collect:

Email address (for account recovery and critical notifications)
Authentication tokens for connected services

2.3 Analytics Data (Optional)

With your consent, we may collect anonymous usage analytics:

App feature usage (which screens you visit, not what data you enter)
Crash reports and performance data
Device type and iOS version

This data is anonymized and cannot be linked back to your health information.

3. How We Use Your Data

3.1 Local Processing

Your health data is used locally on your device to:

Display your glucose trends and statistics
Generate charts and visualizations
Correlate meals, sleep, and activity with glucose patterns
Provide personalized insights and observations

3.2 AI-Powered Insights

When you use AI features, relevant health data may be sent to AI providers (OpenAI or Anthropic) to generate insights. This data is:

Sent only when you explicitly request AI analysis
Transmitted securely via encrypted connections
Not stored by AI providers beyond the immediate request
Not used to train AI models

4. Third-Party Services

Pancrass integrates with the following third-party services at your discretion:

4.1 Dexcom

If you connect your Dexcom account, we retrieve your CGM glucose data via Dexcom's official API. This connection is governed by Dexcom's Privacy Policy.

4.2 Oura

If you connect your Oura account, we retrieve sleep and activity data via Oura's API. This connection is governed by Oura's Privacy Policy.

4.3 Apple HealthKit

With your permission, we read and write data to Apple HealthKit. HealthKit data is governed by Apple's Privacy Policy. We never use HealthKit data for advertising or share it with third parties.

4.4 AI Providers (OpenAI / Anthropic)

For AI-powered insights, we use:

OpenAI — Privacy Policy
Anthropic — Privacy Policy

Data sent to these providers is used solely to generate your requested insights and is not retained or used for model training.

5. Data Storage and Security

5.1 Local Storage

All health data is stored locally on your device using iOS secure storage mechanisms, including encryption at rest.

5.2 iCloud Sync

If you enable iCloud sync, your data is stored in your personal iCloud account, protected by your Apple ID and Apple's security measures. We do not have access to your iCloud data.

5.3 Data Transmission

All network communications use TLS 1.3 encryption. API keys and tokens are stored securely in the iOS Keychain.

6. Data Retention and Deletion

6.1 Your Control

You can delete your data at any time:

In-app: Settings → Delete All Data
Uninstall: Deleting the app removes all local data
iCloud: You can delete iCloud data through iOS Settings

6.2 Account Deletion

To delete your account and any associated data, email us at support@pancrass.app. We will process your request within 30 days.

7. Your Rights

7.1 GDPR Rights (European Users)

If you are in the European Economic Area, you have the right to:

Access — Request a copy of your personal data
Rectification — Correct inaccurate personal data
Erasure — Request deletion of your personal data
Portability — Export your data in a machine-readable format
Restriction — Limit how we process your data
Object — Object to certain types of processing
Withdraw Consent — Withdraw consent at any time

7.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

Know — What personal information we collect and how it's used
Delete — Request deletion of your personal information
Opt-Out — Opt out of the sale of personal information
Non-Discrimination — Not be discriminated against for exercising your rights

We do not sell your personal information. Ever.

8. Children's Privacy

Pancrass is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app and updating the "Last updated" date. Your continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact Us

Questions about your privacy?

Email: support@pancrass.app

We aim to respond to all privacy inquiries within 72 hours.