GlucoseSync

Privacy Policy

Last updated: June 9, 2026

Introduction

GlucoseSync ("the App") is developed by NimbleFlux B.V. ("we", "us", "our"), located in the Netherlands. This privacy policy explains how the App handles data when you use it. We take your privacy seriously, especially because the App deals with health-related information.

By using GlucoseSync, you agree to the data practices described in this policy.

Developer Information

  • Developer: NimbleFlux B.V.
  • Registration: NL869194732B01 (KVK 99934558)
  • Contact for privacy inquiries: hi@nimbleflux.nl

What We Do Not Do

GlucoseSync is designed with a privacy-first approach. We want to be clear about what we do not do:

  • We do not operate any backend servers or cloud services of our own.
  • We do not collect, transmit, or store any personal data on our servers — because we don't have any.
  • We do not use any analytics services (no Firebase, no Google Analytics, no third-party analytics of any kind).
  • We do not use any crash reporting services (no Sentry, no Bugsnag, etc.).
  • We do not display advertisements or use any advertising SDKs.
  • We do not collect any device identifiers (no Android Advertising ID, no IMEI, no serial numbers, no MAC addresses).
  • We do not collect location data.
  • We do not sell, share, or transfer any personal data to any third party for any purpose.
  • We do not use any social media SDKs or social features.

Data the App Handles

GlucoseSync is a read-only viewer for Continuous Glucose Monitor (CGM) data. To function, the App requires you to log in to your existing CGM provider account. The App supports the following providers:

  • Medtrum EasyView — connects to easyview.medtrum.eu or easyview.medtrum.fr
  • Abbott LibreLinkUp — connects to one of Abbott's regional libreview.io API endpoints

Data You Provide

When you configure a CGM provider, you provide:

  • Your CGM provider account credentials (email/username and password)

These credentials are stored locally on your device using Android's EncryptedSharedPreferences, which employs AES-256-GCM encryption via the Google Tink library. Your credentials are nevertransmitted to any server operated by NimbleFlux.

Data Received from CGM Providers

After you authenticate, the App retrieves the following data from your CGM provider's cloud service and displays it on your device:

  • Current blood glucose reading and trend direction
  • Historical glucose readings (up to several hours)
  • Sensor status information (active/inactive, battery level, serial number)
  • Patient name (LibreLinkUp only)

This data is transmitted from the CGM provider's servers to your device over HTTPS (TLS-encrypted connections). It is stored locally on your device and is never sent to any NimbleFlux server, because we don't operate one.

Wear OS Data Sync

If you use a paired Wear OS smartwatch, the App syncs glucose data to the watch via the Google Play Services Wearable API. This communication happens over a direct local connection between your phone and watch. Glucose data stored on the watch is kept in local SharedPreferences. No data passes through any cloud service during this sync.

Local Storage Summary

DataStorage LocationEncryption
CGM account credentialsPhone (EncryptedSharedPreferences)AES-256-GCM
App settings (units, alert thresholds)Phone (EncryptedSharedPreferences)AES-256-GCM
Glucose data for displayIn-memory / not persistedN/A
Glucose data on Wear OS watchWatch (SharedPreferences)Not encrypted (local only)

Data Sharing

GlucoseSync shares data only with the CGM provider you explicitly choose to authenticate with:

  • Your login credentials are sent solely to the selected CGM provider's API to authenticate your session.
  • Glucose data flows only from the CGM provider's cloud to your device.
  • Glucose data synced to a Wear OS watch travels only over a direct local connection between your devices.

No data is shared with NimbleFlux, advertisers, data brokers, or any other third party.

Third-Party Services

The App uses the following third-party components:

  • Google Play Services Wearable API — for syncing data to a paired Wear OS watch over a local connection. Google's standard privacy policy applies to Google Play Services.
  • Google Tink (via AndroidX Security Crypto) — for encrypting credentials and settings locally on the device. This library operates entirely on-device and does not transmit any data.

The App does not include any analytics SDKs, advertising SDKs, social media SDKs, crash reporting tools, or any other third-party data collection mechanisms.

Data Retention and Deletion

  • On your device: All data is stored locally on your phone and watch. You can clear all app data at any time through your device's Settings > Apps > GlucoseSync > Clear Data. Uninstalling the app removes all locally stored data.
  • Backup: The App is configured to exclude encrypted preference files (credentials and settings) from Google Cloud backup. Your credentials are never backed up to Google's cloud.
  • On CGM provider servers: Any data stored by your CGM provider (Medtrum or Abbott) is governed by their respective privacy policies, not this one. NimbleFlux has no access to, control over, or visibility into data stored on CGM provider servers.

Children's Privacy

GlucoseSync may be used by children, including those under the age of 13, as Type 1 diabetes is a common condition in children and adolescents. We are committed to protecting children's privacy:

  • We do not collect any personal information from children or any users.
  • We do not use any analytics, tracking, or advertising targeted at children or any users.
  • We do not collect, transmit, or share any device identifiers.
  • We do not display any advertisements.
  • We do not include any social features or user-generated content mechanisms.
  • We do not use any SDKs that are not approved for use in child-directed services.

The only data the App handles is the user's own CGM credentials and their own glucose data from their CGM provider — which is necessary for the App's core functionality. Parental guidance is recommended when children set up the App, as they will need access to their CGM provider account.

This App complies with the U.S. Children's Online Privacy Protection Act (COPPA) and the EU General Data Protection Regulation (GDPR), including the provisions specific to children's data.

Security

We take the following measures to protect your data:

  • All credentials and sensitive settings are encrypted at rest using AES-256-GCM encryption.
  • All network communication with CGM providers uses HTTPS (TLS encryption).
  • No data is transmitted to any NimbleFlux-operated server.
  • Credentials are excluded from device cloud backups.

While we strive to protect your data, no method of electronic storage is 100% secure. If you have concerns about security, please contact us at hi@nimbleflux.nl.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access: You can view all data the App stores by examining the App's local data on your device.
  • Right to deletion: You can delete all locally stored data at any time by clearing the App's data in your device settings or uninstalling the App.
  • Right to data portability: All data is stored locally on your device and is under your control.
  • Right to withdraw consent: You can revoke the App's access to your CGM account at any time by changing your CGM provider account password or removing the App.

For questions about data held by your CGM provider, please refer to their respective privacy policies.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this privacy policy or how GlucoseSync handles data, please contact us:

  • Email: hi@nimbleflux.nl
  • Developer: NimbleFlux B.V.
  • Registration: NL869194732B01 (KVK 99934558)