1 Who We Are
DiaCodex is a diabetes management application developed and operated by Jorge de Lorenzo Barroso. For any privacy-related questions, you can reach us at:
Jorge de Lorenzo Barroso
Email: contact@diacodex.com
2 Data We Collect
Account data
- Email address, name, and surname (for registered accounts)
- Authentication provider (Google, Apple, or email/password)
Health data (entered by you)
- Meals, foods, carbohydrate and FPU values
- Blood glucose events
- Insulin doses — bolus, long-acting, and pump reservoirs
- Medication intake (pills and schedules)
- Diabetes device changes (sensors, catheters, reservoirs)
- Body part / insertion zone records
- Notes and custom reminders
Technical data
- Device timezone and language preference
- Crash reports and error logs (via Firebase Crashlytics)
- App usage patterns collected anonymously (crash context only)
Advertising data (free users only, subject to your consent)
- Advertising identifier (IDFA on iOS, GAID on Android)
- Ad interaction data collected by Google Mobile Ads (AdMob)
3 How We Use Your Data
| Purpose | Legal basis |
|---|---|
| Provide core app features (meal logging, reminders, reports) | Contract performance |
| Sync your data across devices | Contract performance |
| Detect and fix app crashes | Legitimate interest |
| Show personalised advertisements (free plan) | Consent |
| Show non-personalised advertisements (free plan, no consent) | Legitimate interest |
| Process in-app subscriptions | Contract performance |
| AI-powered food recognition via Google Gemini | Contract performance + Consent |
4 Data Sharing and Third Parties
We share data only with the following third-party services. Each has its own privacy policy, which we link below.
| Service | Purpose | Data shared |
|---|---|---|
| Google Firebase / Firestore | Cloud database and authentication | All user and health data (encrypted in transit and at rest) |
| Firebase Crashlytics | Crash reporting | Device info, error logs |
| Firebase AI (Vertex AI / Gemini) | AI food recognition | Food photos you submit |
| Google Mobile Ads (AdMob) | Advertising — free users only | Advertising ID, device info |
| RevenueCat | Subscription management | User ID, purchase tokens |
| Open Food Facts | Food nutritional database | Food search queries |
We do not sell your personal data to any third party.
5 Food Photos and AI Processing
When you use the AI food recognition feature, photos you take are transmitted to Google's Vertex AI (Gemini) service for analysis. These images are not stored by us beyond the time needed to process the request. Please refer to Google's Privacy Policy for information on how Google handles data submitted to generative AI services.
6 Health Data
This includes: blood glucose readings, insulin doses, medication records, device usage history, and any other health-related information you enter into the app.
7 Data Storage and Security
- Your data is stored on Google Cloud servers (Firebase project
diacodex-global). Data may reside in Google's EU or US data centres depending on your region. - All data is encrypted in transit (TLS/HTTPS) and at rest (AES-256).
- A local encrypted cache is maintained on your device for offline access.
- We implement Firebase App Check to prevent unauthorised access to our backend.
8 Data Retention
We retain your data for as long as your account is active.
- Account deletion: all personal and health data is permanently deleted within 30 days.
- Crash logs: retained for up to 90 days.
- Anonymised, aggregated statistics: may be retained indefinitely.
You can delete your account at any time from Profile → Delete Account inside the app.
9 Your Rights
Depending on your jurisdiction, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (right to be forgotten)
- Restrict or object to processing
- Data portability — export your data in a structured format (use the PDF report generation feature in the app)
- Withdraw consent at any time for advertising, analytics, and AI features
- Lodge a complaint with your local data protection authority
To exercise your rights, delete your account via Profile → Delete Account, or contact us at contact@diacodex.com.
10 Children
DiaCodex is not directed to children under 16. If you are aware that a child has provided us with personal data without parental consent, please contact us and we will delete the information promptly.
11 Medical Disclaimer
12 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or by email. Your continued use of DiaCodex after the update constitutes acceptance of the revised policy.
13 Contact
For any privacy-related questions or to exercise your rights: