Privacy Policy

PancreasAI ("the app," "we," "our") is a personal Android application that connects to your Dexcom Continuous Glucose Monitor to display glucose readings, log insulin doses and meals, and analyze patterns in your data. The app is developed and operated as a personal project by an individual developer.

This Privacy Policy applies to the PancreasAI Android application and the website at pancreas-ai.com. By using the app, you agree to the practices described in this policy.

We take the sensitivity of health data seriously. The app is designed from the ground up to minimize data collection, keep your health information on your device, and use strong encryption for everything that is stored.

PancreasAI collects only what is necessary to function. All data listed below is stored locally on your device only, unless otherwise specified.

The app does not collect your name, email address, phone number, location, device identifiers, browsing history, or any analytics data. No crash reporting services, advertising SDKs, or analytics frameworks are included in the app.

All health data and credentials stored by PancreasAI are encrypted at rest using AES-256-GCM via the Android Keystore system. This is Authenticated Encryption with Associated Data (AEAD) — meaning the data is both encrypted for confidentiality and authenticated to detect any tampering.

Health data files (glucose log, insulin log, food log) use AES256_GCM_HKDF_4KB via AndroidX EncryptedFile.

Credentials and settings use AndroidX EncryptedSharedPreferences with AES-256-SIV key encryption and AES-256-GCM value encryption.

All network communication with Dexcom's APIs and Anthropic's API uses HTTPS/TLS. The app does not permit cleartext HTTP traffic.

Data is retained locally until you delete the app or clear its storage in Android Settings. Glucose readings older than 13 months are automatically trimmed from the local log. You can delete all logged data at any time by going to Android Settings → Apps → PancreasAI → Storage → Clear Data.

Exported reports: When you generate an HTML report and share it, that file is temporarily written to device storage in an unencrypted state so it can be read by the receiving app (email client, cloud storage, etc.). We recommend deleting exported reports from shared locations once you no longer need them.

We do not sell, rent, trade, or share your personal or health data with any third parties for commercial purposes — ever.

The only circumstances in which data leaves your device are:

1. Dexcom API calls (required for core function)
To retrieve your glucose readings, the app sends your Dexcom credentials to Dexcom's servers (share2.dexcom.com or the Developer API). This is the same connection the official Dexcom app makes. Your credentials and data are governed by Dexcom's Privacy Policy during this transmission.

2. Anthropic Claude API (optional, opt-in only)
If you choose to enable AI Insights by entering an Anthropic API key, the app sends an anonymized statistical summary to Anthropic's API. This summary contains only aggregate numbers — averages, percentages, and relative time patterns. It does not include your name, email, raw glucose timestamps, Dexcom credentials, or any information that could identify you. This feature is entirely optional and can be disabled at any time by removing your API key in Settings. Data sent is governed by Anthropic's Privacy Policy.

We do not share data with any other parties under any circumstances, including law enforcement requests, unless required by a valid legal order with proper jurisdiction.

PancreasAI integrates with the following external services. None of these receive your health data unless explicitly described:

Dexcom Share API / Developer API — used to fetch your glucose readings. Governed by Dexcom's Privacy Policy.

Anthropic Claude API — used only if you enable AI Insights. Governed by Anthropic's Privacy Policy. This feature is opt-in and requires you to supply your own API key.

Google Fonts — the pancreas-ai.com website loads fonts from Google's CDN. This is a standard web practice; Google may log your IP address when serving the font files. The Android app does not use Google Fonts.

The app contains no advertising SDKs, analytics SDKs (such as Firebase, Mixpanel, or Amplitude), crash reporting services (such as Crashlytics), or any other third-party tracking libraries.

Because all data is stored locally on your device, you have complete control over it at all times:

Access — your data is on your device. You can view all logged entries within the app at any time.

Export — use the export feature to generate a full HTML report of your glucose, insulin, and food data for any time period.

Delete individual entries — swipe or tap the delete button on any insulin or food entry to remove it permanently.

Delete all data — go to Android Settings → Apps → PancreasAI → Storage → Clear Data. This permanently and irreversibly deletes all stored health data, credentials, and settings.

Uninstall — uninstalling the app removes all locally stored data from your device.

If you have enabled AI Insights and wish to know how Anthropic handles the anonymized data sent during that session, refer to Anthropic's Privacy Policy. To request deletion of any data processed by Anthropic, contact them directly at privacy@anthropic.com.

PancreasAI is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. The app is intended for adults and adolescents who use a Dexcom CGM device under the guidance of a healthcare provider.

Parents or guardians who manage a child's Dexcom account and wish to use the app to monitor their child's glucose should be aware that they are responsible for the data entered and should supervise use accordingly.

If you believe a child under 13 has used the app to submit personal data, please contact us at the address below and we will take appropriate steps.

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes — such as new types of data collection or new third-party integrations — we will provide notice within the app on the next launch.

Your continued use of PancreasAI after changes are posted constitutes your acceptance of the updated policy. If you do not agree with any changes, you may discontinue use and delete the app and its data at any time.

Prior versions of this policy are available upon request by contacting us at the address below.

If you have questions, concerns, or requests regarding this Privacy Policy or the way PancreasAI handles your data, please reach out:

We aim to respond to all privacy-related inquiries within 5 business days.