Privacy Policy

Last Updated: May 18, 2026

Welcome to Bazu ("we," "our," or "us"). This Privacy Policy explains how Bazu Technologies, LLC collects, uses, shares, and protects your personal information when you use our mobile application and services (collectively, the "Service").

By using Bazu, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use Bazu, you provide us with:

Account Information:

  • Name (first and last name)
  • Email address
  • Username
  • Date of birth
  • Gender
  • OAuth provider information (if you sign in with Google or Apple)

OAuth Sign-In Details:

If you sign in with Google or Apple, we receive your email address and authentication token from your OAuth provider. Important notes:

  • We do NOT access your Gmail, Google Drive, Apple iCloud, or other services
  • If you sign in with OAuth, you cannot change your email within Bazu
  • To change your OAuth email, update it with Google or Apple directly
  • If you revoke OAuth access, you'll need to re-authenticate to continue using Bazu

Health & Wellness Information (User-Entered):

  • Blood glucose readings (manually entered or synced from a connected device via Apple Health)
  • Insulin doses and timing
  • CGM glucose readings (timestamp, glucose value, and data source — collected only if you enable CGM integration via Apple Health)
  • Meal information and nutritional data
  • Weight and height measurements
  • Diabetes type and management preferences
  • Medication usage information
  • Health goals and preferences

Important Note: Most health data is manually entered by you. If you enable CGM integration, Bazu reads glucose data from Apple HealthKit with your explicit consent. We never connect directly to CGM hardware — all CGM data flows through Apple Health.

1.2 Information Collected Automatically

Usage Data:

  • Activity logs (meal entries, glucose logs)
  • App interactions and feature usage
  • Streaks, achievements, and gamification metrics
  • Session duration and frequency

Device Information:

  • Device type and model
  • Operating system version
  • Unique device identifiers (for push notifications)
  • Advertising identifier (IDFA): On iOS, an advertising identifier may be collected and shared with Meta Platforms, Inc. to measure the performance of our app-install advertising campaigns. This is collected ONLY if you grant permission through the iOS App Tracking Transparency prompt. If you decline, no advertising identifier is collected. See Section 3.2 and "App Tracking Transparency" below.
  • App version

Local Device Storage:

We store the following information locally on your device using encrypted storage:

  • Authentication tokens (for automatic sign-in)
  • Cached profile data (for faster app performance)
  • App settings and preferences

This local data is automatically encrypted by your device's operating system and is deleted when you log out or uninstall the app.

We do NOT collect:

  • Precise geolocation data
  • Contact lists
  • Photos or media (except when you voluntarily upload meal photos)
  • Biometric data

About Meal Photos:

When you use the meal scanning feature:

  • Photos are uploaded to secure cloud storage (Supabase)
  • Photos are processed to identify food items and estimate nutrition
  • Photos are stored with time-limited, authenticated URLs that require you to be logged in
  • Photos are permanently deleted when you delete your account
  • Photos are NOT shared with third parties except for AI processing (see Section 3.1)

1.3 CGM Integration & Apple Health

If you choose to enable CGM integration, Bazu reads glucose data from Apple HealthKit. This is entirely optional and requires your explicit permission.

What We Access:

  • Blood glucose samples stored in Apple Health (timestamp, value, unit, source device/app)

What We Do NOT Access:

  • We do not write data to Apple Health
  • We do not access any other HealthKit data types (heart rate, steps, sleep, etc.)
  • We do not connect directly to CGM hardware — all data comes through Apple Health

How It Works:

  • You grant read-only access to blood glucose data via an iOS HealthKit permission prompt
  • Bazu periodically reads new glucose samples and syncs them to your account
  • You can revoke access at any time in iOS Settings → Health → Data Access & Devices → Bazu
  • Revoking access stops future syncing; previously synced data remains in your Bazu account until you delete it

How We Use CGM Data:

  • Display glucose trends and history within the app
  • Generate insights and analytics about your glucose patterns
  • Correlate glucose data with meals and insulin doses you log

Data Sharing:

CGM data is subject to the same strict sharing rules as all other health data in Bazu (see Section 3). We do NOT sell CGM data or share it with advertisers.

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Improve the Service

  • Create and manage your account
  • Track and display your health data
  • Generate insights and analytics about your diabetes management
  • Provide personalized recommendations
  • Award achievements and maintain gamification features

AI-Powered Features:

We use artificial intelligence to:

  • Analyze text descriptions of meals you type (e.g., "chicken and vegetables")
  • Analyze photos of meals you capture with your camera
  • Identify food items from text or visual analysis
  • Estimate portion sizes from descriptions or images
  • Provide nutritional information when database data is unavailable
  • Estimate glycemic index values

Important: AI-generated estimates may not be 100% accurate. Always verify nutritional information with reliable sources and consult your healthcare provider for medical decisions.

2.2 Communication

  • Send you notifications about meal logging reminders
  • Provide streak reminders and achievement notifications
  • Send important service updates and security alerts
  • Respond to your support requests

2.3 Service Improvement

  • Analyze usage patterns to improve features
  • Debug technical issues
  • Develop new features based on user needs
  • Ensure service security and prevent fraud

2.4 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests
  • Enforce our Terms of Service

3. How We Share Your Information

We do NOT sell or share your health data — including glucose readings, insulin doses, meals, or nutrition information — with advertisers or for advertising purposes, ever.

We do share a limited, non-health piece of information with our advertising partner. Specifically, if you grant permission through the iOS App Tracking Transparency prompt, your device's advertising identifier (IDFA) and standard app install/launch events are shared with Meta Platforms, Inc. to measure the performance of our app-install advertising. Under the California Consumer Privacy Act (CCPA/CPRA), this activity may be considered a "sale" or "share" of personal information for cross-context behavioral advertising. You can opt out of this at any time — see Section 3.2, "App Tracking Transparency" below, and Section 7. This sharing involves only the advertising identifier and non-health install/launch events. It never involves your health data.

We may share your information only in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

Supabase: Cloud database and backend infrastructure (data storage)

  • Stores all data you enter in the app
  • Located in the United States
  • Row Level Security ensures you can only access your own data
  • Privacy Policy: https://supabase.com/privacy

OpenAI: AI-powered nutrition analysis

  • Receives meal descriptions (text you type) and meal photos (images you capture) to identify food items
  • Analyzes text descriptions like "grilled chicken with rice" or visual images of your meals
  • Estimates portion sizes and nutritional values from your text or photos
  • Does NOT receive your glucose readings, insulin doses, profile information, or other health data
  • Does NOT use API data to train their models
  • Your meal data is processed and then discarded
  • Privacy Policy: https://openai.com/api-data-privacy

Edamam: Food database and nutrition data

  • Receives food names and barcode scans from your meal searches
  • Does NOT receive your health data or personal information
  • Privacy Policy: https://www.edamam.com/privacy-policy

OneSignal: Push notification delivery service

  • Receives device identifier and notification preferences
  • Does NOT receive your health data or meals
  • Privacy Policy: https://onesignal.com/privacy_policy

Google: OAuth authentication for sign-in (if you use Google Sign-In)

  • Privacy Policy: https://policies.google.com/privacy

Apple: OAuth authentication for sign-in (if you use Sign in with Apple)

  • Privacy Policy: https://www.apple.com/legal/privacy/

Resend: Transactional email delivery service

  • Sends account verification, password reset, and subscription emails
  • Receives your email address to deliver messages
  • Does NOT receive your health data
  • Privacy Policy: https://resend.com/legal/privacy-policy

RevenueCat: Subscription and payment processing

  • Manages subscription purchases through Apple App Store
  • Tracks subscription status (trial, active, cancelled)
  • Receives your user ID and purchase information
  • Does NOT receive your health data or meals
  • Privacy Policy: https://www.revenuecat.com/privacy

Meta Platforms, Inc. (Facebook): App-install advertising attribution

  • Receives your device's advertising identifier (IDFA) and standard app events (such as app installs and app launches) automatically logged by the Meta SDK
  • Used to measure the performance of our app-install advertising campaigns and attribute installs to the ads that drove them
  • Collected and shared ONLY if you grant permission through the iOS App Tracking Transparency prompt; if you decline, no advertising identifier is shared with Meta
  • Does NOT receive your health data, meals, glucose readings, insulin doses, nutrition information, or profile information
  • Bazu sends only Meta's standard, auto-logged install and launch events — we do not send any custom or health-related events to Meta
  • Privacy Policy: https://www.facebook.com/privacy/policy

Apple HealthKit: CGM glucose data source (if you enable CGM integration)

  • Bazu reads blood glucose samples from Apple Health with your permission
  • Data flows one way: from Apple Health into Bazu — we do not write data back
  • Apple does NOT receive any data from Bazu
  • HealthKit data is processed on-device; Apple does not see your glucose readings
  • Privacy Policy: https://www.apple.com/legal/privacy/

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Advertising & Attribution

Bazu uses one third-party advertising service: the Meta (Facebook) SDK, integrated for app-install advertising attribution. We use it to understand how well our app-install advertising campaigns perform — for example, to learn which ads led people to download Bazu.

What Meta receives:

  • Your device's advertising identifier (IDFA), on iOS
  • Standard app events automatically logged by the Meta SDK, such as app installs and app launches

What Meta does NOT receive:

  • Your health data — glucose readings, insulin doses, meals, nutrition information, weight, diabetes type, or any other health information
  • Your profile information (name, email, date of birth, etc.)
  • Any custom or health-related events — Bazu sends only Meta's standard, auto-logged install and launch events

Your control:

  • On iOS, this collection is gated behind the App Tracking Transparency (ATT) prompt. If you choose "Ask App Not to Track," no advertising identifier is collected or shared with Meta.
  • You can change your choice at any time in iOS Settings → Privacy & Security → Tracking.
  • Declining tracking does not affect any feature of the app — Bazu works exactly the same either way.

We never share your health data with Meta or with any advertising or analytics partner. Only the advertising identifier and non-health install/launch events are shared, and only with your permission.

If we add other analytics or advertising services in the future, we will update this policy before implementation and notify you of material changes through the app or via email.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights or property
  • Prevent fraud or security issues
  • Protect the safety of our users

3.4 Business Transfers

If Bazu is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Data Security

We take the security of your health information seriously and implement industry-standard security measures:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest
  • Authentication: Secure login with password protection and OAuth options
  • Access Controls: Strict limitations on who can access user data
  • Database Security: Row Level Security (RLS) in our database ensures you can only access your own data. Even if someone gains unauthorized database access, they cannot view other users' data without proper authentication.
  • Regular Security Audits: We monitor for vulnerabilities and threats

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services.

  • Active Accounts: Data is retained while your account is active
  • Account Deletion: When you delete your account, we delete your personal data immediately. This includes:
    • All profile information
    • All health tracking data (glucose readings, insulin doses, meal logs)
    • All photos and images
    • Achievement and gamification data
    • Notification settings

What We May Retain:

  • Aggregated, anonymized statistics that cannot be linked back to you (for service improvement)
  • Legal compliance records if required by law

CGM Data Retention:

CGM glucose readings synced from Apple Health are retained in your account alongside your other health data. If you revoke HealthKit access, previously synced CGM data remains until you manually delete it or delete your account. When you delete your account, all CGM data is permanently deleted.

We do NOT maintain backups of deleted user data.

6. Your Rights and Choices

6.1 Access and Update

You can access and update your personal information at any time through the app settings.

Data Export:

To request a copy of your data, contact us at legal@withbazu.com with your name and account email. We will provide your data in JSON format within 30 days.

Note: We are developing an in-app "Download My Data" feature for self-service export, which will be available in a future update.

6.2 Delete Your Account

You can request deletion of your account and all associated data by:

  • Using the "Delete Account" feature in app settings
  • Contacting us at legal@withbazu.com

6.3 Opt-Out of Communications

You can opt out of promotional notifications through:

  • App notification settings
  • Device notification settings
  • Email unsubscribe links

Note: You cannot opt out of essential service communications (e.g., security alerts).

6.4 Data Portability

You can request a copy of your data:

  • Email Request: Contact us at legal@withbazu.com for assistance

We will provide your data in a commonly used, machine-readable format within 30 days of your request.

Note: An in-app download feature is in development and will be available in a future update.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Rights:

  • Right to Know: Request details about the personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

"Sale" and "Sharing" of Personal Information:

We do not exchange your personal information for money. However, when you grant permission through the iOS App Tracking Transparency prompt, we share your device's advertising identifier (IDFA) and standard app install/launch events with Meta Platforms, Inc. for app-install advertising attribution. Under the CCPA/CPRA, this activity may be considered a "sale" or a "share" of personal information for cross-context behavioral advertising.

How to opt out: The iOS App Tracking Transparency prompt is your opt-out mechanism. If you choose "Ask App Not to Track" — either at the prompt or at any time afterward in iOS Settings → Privacy & Security → Tracking — no advertising identifier is collected or shared, and no "sale" or "share" occurs.

We do NOT sell or share your health data — glucose readings, insulin doses, meals, or nutrition information — and we never share it for advertising purposes, regardless of your tracking choice.

How to Exercise Your Rights:

Contact us at legal@withbazu.com or use the in-app account deletion feature. To opt out of the sharing of your advertising identifier, use the iOS App Tracking Transparency controls described above.

We will respond to your request within 45 days.

8. International Users & GDPR

While Bazu primarily serves users in the United States, we recognize rights under the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA):

Legal Basis for Processing (EEA Users):

  • Consent: You consent to our processing when you create an account
  • Contractual Necessity: Processing is necessary to provide the Service
  • Legitimate Interests: We process data to improve and secure the Service

Your GDPR Rights:

  • Right to access your data
  • Right to rectification (correction)
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

To exercise these rights, contact us at legal@withbazu.com.

9. Children's Privacy

Bazu is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at legal@withbazu.com, and we will delete it promptly.

Users between 13-18: If you are a minor, please have your parent or guardian review this Privacy Policy with you.

10. Health Information & HIPAA

Bazu is NOT a HIPAA-covered entity. We are a personal health tracking application, and the health information you enter is:

  • Entered voluntarily by you
  • Not received from healthcare providers
  • Not used for medical diagnosis or treatment
  • Not shared with healthcare providers without your explicit action

This means:

  • We are not subject to HIPAA regulations
  • Your data is protected under general privacy laws (CCPA, state privacy laws)
  • We do not have "Business Associate Agreements" with healthcare providers

We strongly recommend:

  • Do not rely solely on Bazu for medical decisions
  • Always consult with your healthcare provider
  • Share your Bazu data with your doctor if you find it helpful

11. Consumer Health Data Privacy (Washington & Nevada)

Some U.S. states have enacted laws specifically governing "consumer health data," including Washington's My Health My Data Act (MHMDA) and Nevada's SB370. Where these laws apply, the health information you enter into Bazu — including blood glucose readings, insulin doses, meals and nutrition information, weight, diabetes type, and related health goals — is treated as consumer health data.

How we handle your consumer health data:

  • We collect consumer health data only because you choose to enter it (or, for CGM glucose, sync it from Apple Health) to use Bazu's tracking and logging features
  • We use it to provide the Service to you — to display your data, generate tracking summaries, and support your personal diabetes management logging
  • We do NOT sell your consumer health data
  • We do NOT share your consumer health data with Meta Platforms, Inc., or with any advertising, attribution, or analytics partner — for any purpose
  • The only data shared with our advertising partner (Meta) is the device advertising identifier and non-health app install/launch events, and only with your App Tracking Transparency permission (see Section 12). This advertising data is not consumer health data and contains no glucose, insulin, meal, or nutrition information

Your rights regarding consumer health data:

  • You may request to access the consumer health data we hold about you
  • You may request deletion of your consumer health data
  • You may withdraw any consent you previously provided

To exercise these rights, contact us at legal@withbazu.com or use the in-app account deletion feature.

12. App Tracking Transparency (iOS)

On Apple iOS devices, Bazu uses Apple's App Tracking Transparency (ATT) framework. The first time it is relevant, iOS will show you a prompt asking whether you allow Bazu to track you across apps and websites owned by other companies.

What the prompt controls:

  • If you allow tracking, Bazu may collect your device's advertising identifier (IDFA) and share it, along with standard app install/launch events, with Meta Platforms, Inc. for app-install advertising attribution (see Section 3.2)
  • If you choose "Ask App Not to Track," no advertising identifier is collected and nothing is shared with Meta for tracking purposes

Important:

  • Granting permission is entirely optional
  • Declining tracking does not affect any feature of Bazu — the app works exactly the same either way
  • You can change your choice at any time in iOS Settings → Privacy & Security → Tracking
  • The ATT prompt never affects your health data, which is never used for tracking or advertising regardless of your choice

13. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., educational resources). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top
  • We will notify you through the app or via email for material changes
  • Continued use of the Service after changes constitutes acceptance

We encourage you to review this policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bazu Technologies, LLC

Email: legal@withbazu.com

Website: https://withbazu.com

For data subject requests (access, deletion, etc.), please include:

  • Your full name
  • Email address associated with your account
  • Specific request details

We will respond within 30-45 days.

16. Data Processing Locations

Your information is processed and stored in the United States. By using Bazu, you consent to the transfer of your information to the U.S., which may have different data protection laws than your country of residence.

17. Your Consent

By using Bazu, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

© 2026 Bazu Technologies, LLC. All rights reserved.