Back to home

Privacy Policy

1. Data Controller & About the Project

The controller of your personal data is Maciej Nasiadka - the owner and creator of this app. Contact via the contact form at https://guardian.nasiadka.pl/contact. This app is NOT affiliated, authorized, or endorsed by Medtronic, CareLink™, or MiniMed™.

The application is not a medical device. Analyses and charts are for informational and educational purposes only. They cannot be a basis for therapeutic decisions without consulting a doctor. You use the application at your own risk.

2. What data do we process and why?

We operate on the principle of data minimization. At every step, we store and process only the absolute minimum of information necessary for the service to function.

  • Email Address: Serves as account identifier and for technical notifications (e.g., sync session expiration).
  • App Password: Stored as a secure hash, unreadable by the administrator.
  • CareLink Tokens: We store auth tokens (Access/Refresh Token) allowing our server to fetch data on your behalf. We do NOT know or store your CareLink password.
  • Insulin Data: We fetch basal micro-boluses and automatic correction boluses to generate charts and basal profiles. This constitutes health-related data (sensitive data category).

The legal basis for processing your data is your explicit consent (regarding health data) and the necessity to perform the service. Providing data is voluntary but necessary to use the app.

Your data is not subject to profiling that would lead to automated decision-making.

4. Your Rights

You have the right to: access your data, rectify it, erase it, restrict processing, data portability, object to processing, and withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

5. Data Retention Period

Data is stored for as long as you use the app and until your account is deleted or consent is withdrawn. After that, data is irreversibly deleted.

3. Data Security & Hosting

CareLink login happens locally on your computer (using the provided script). The script sends only session tokens to our server. Your CareLink password never leaves your device.

Connection is encrypted (HTTPS). User passwords are secured with bcrypt.

Only the app administrator has access to your data. The database and application are hosted on the administrator's private home server (within the EEA). We use Brevo as a data processor solely for sending email notifications. Otherwise, data is not shared with any third parties.

6. Cookies

The service uses one technical cookie: auth_session. It is used solely to maintain your login session. We do not use tracking, advertising, or analytical cookies from third parties.

7. Data Deletion

We respect your right to be forgotten. A "Delete account". button is available in the user panel. Using it causes immediate and irreversible removal from our database of:

  • Your user account.
  • All access tokens.
  • All fetched database history.