PRIVACY POLICY

Effective date: 2025-09-04

Contact: hello@sweetspot.hu

WHO WE ARE

The "sweet.spot" mobile application ("Application") is provided by Milán Vanczák ("Service Provider").

SCOPE

This policy explains what data the Application accesses, stores locally, transmits or otherwise processes, including health data (glucose, insulin, carbohydrate intake). It applies to all users and is available in‑app and on the store listing page.

DATA CATEGORIES

Account & Identification

•  Firebase user UID

• Email address (Google / Apple sign‑in) if you choose to authenticate

• Authentication provider metadata (e.g. provider type)

Health

Stored locally in encrypted / sandboxed app storage (Hive boxes):

• Glucose readings (timestamp, value, trend, source)

• Carbohydrate intake entries (timestamp, grams)

• Insulin doses (timestamp, units)

• Derived calculated values (BOB – bolus on board, COB – carbs on board, internal absorption estimates) computed on‑device only

• Device/source status metadata

Not transmitted to our servers except minimal metadata described below.

External Sync Integrations (User‑Optional)

If you enable them:

• Nightscout: Selected glucose, carb and insulin entries may be sent to (and glucose may be read from) your configured Nightscout instance (your URL + API key). We do not operate Nightscout servers; you control its hosting.

• HealthKit (iOS) / Health Connect (Android): Glucose readings, carb entries, and insulin doses may be written to (and glucose may be read from) the respective health platform after explicit permission. Removal of permission stops future writes/reads; existing platform data is governed by that platform’s policy.

Subscription & Purchase

• RevenueCat user identifier / anonymous ID

• Entitlement & product identifiers

• Transaction receipts (processed by the app store / RevenueCat – we never receive raw payment instrument data)

Analytics & Diagnostics

• Aggregated usage events (screen views, feature usage) – no health data included

• Crash reports & stack traces (Crashlytics) – no health data included

Device & Technical

• Device model, OS version, app version/build number, locale, timezone, approximate region (IP derived by service providers), install/update timestamps, background fetch scheduling metadata, in‑app preference flags, subscription status markers

Support & Communications

•  Emails or logs you voluntarily send to support

Minimal Cloud Metadata (Firestore)

We store only minimal non‑measurement metadata: email/UID, consent toggles, and timestamps needed for entitlement or account logic. Health data are not stored in Firestore.

PURPOSES

• Provide core features (logging, visualization, trend & stats computation)

• Calculate metrics (BOB/COB) locally

• Sync to user‑authorized external services (Nightscout, HealthKit/Health Connect)

• Manage authentication & subscriptions

• Improve stability & reliability (crash diagnostics, minimal aggregated analytics)

• Security, fraud prevention, and abuse monitoring

• Comply with legal obligations and enforce Terms

LEGAL BASES (EEA/UK GDPR)

• Contract: to deliver app functionality & paid subscription features

• Legitimate Interests: security, crash diagnostics, minimal analytics (balanced with your rights)

• Consent: processing/write of health data (glucose, carbs, insulin) to HealthKit/Health Connect; Nightscout syncing; manual data entry. You can withdraw by disabling the integration, deleting entries, or uninstalling.

PERMISSIONS & EXTERNAL PLATFORMS

• HealthKit / Health Connect permissions requested only when you enable syncing; revoking permissions stops further data exchange

• Nightscout requires your URL & API key entered manually

SHARING & DISCLOSURE

We do not sell your data. We share strictly as processors / controllers listed:

• Firebase (Auth, Firestore, Analytics, Crashlytics)

• RevenueCat (subscription)

• Google / Apple sign‑in identity providers

• Nightscout (only if you configure it; data sent directly to your instance)

• HealthKit / Health Connect (if authorized)

• Legal authorities (when required)

• Professional advisors under confidentiality

RETENTION

• Local health data (glucose, carbs, insulin, derived metrics): persist only on your device until you delete entries, clear app data, or uninstall

• Minimal cloud metadata (entitlements / flags): retained while account active; removed or anonymized within ~90 days of verified deletion request absent legal need

• Crash & analytics: vendor defaults (normally up to 24 months) in aggregated form

USER RIGHTS

Where applicable: access, rectification, deletion, portability, restriction, objection, withdraw consent, lodge complaint with supervisory authority. Email hello@sweetspot.hu. We may need proof of control over the account (e.g., access to sign‑in email).

MANAGING / DELETING DATA

• Revoke HealthKit / Health Connect permissions in system settings to stop further sync

• Disable Nightscout or clear its URL/API to stop Nightscout uploads

• Delete individual entries in-app (removes local record; deletes from external platforms if the connection is still alive)

• Request account deletion (removes Firestore metadata & triggers entitlement cleanup; does not auto-delete data already written to Nightscout or HealthKit/Health Connect)

SECURITY

Measures include least‑privilege access, HTTPS transport, separation of raw health data (local only) from cloud metadata, and exclusion of raw readings from crash/analytics payloads. No method is perfectly secure; maintain OS updates and device security.

CHILDREN

Not directed to children under 13. We do not knowingly collect personal information from children under 13. If discovered, we will delete it. Parents/guardians may contact us.

 THIRD‑PARTY POLICIES

• Firebase

• RevenueCat

CHANGES

This Privacy Policy may be updated from time to time for any reason. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.