Privacy Policy
The Glytrio medical diary is stored locally on your device. Glucose, insulin, food, medication, activity, notes, reminders, PDF/CSV reports and backup files are not sent to Glytrio servers.
1. Data controller
Glytrio is published by Nikolai Iakubovskii, Calle Emilio Tuya 37, Gijon, Asturias, 33202, Spain. For privacy questions and data-subject requests contact support@glytrio.app.
2. Data stored locally on your device
The following data may be stored on your device only:
- Glucose, insulin, food, medication, activity and wellbeing entries.
- Profile settings: diabetes type, units of measure, target range, grams of carbs per 1 XE.
- Reminders and reminder schedule.
- Saved foods, barcodes and nutrition values that you added manually or confirmed after a search.
- Clinical facts you enter yourself (HbA1c, blood pressure, lipids, kidney labs, annual exams).
- A technical
device_idin secure storage. In the free-market release this identifier stays local; in future paid non-free builds it may be used as a payment profile reference. It is never linked to medical values.
3. When data may leave your device
Glytrio does not transmit medical records by default. Data leaves the device only in the following narrowly scoped cases:
- Barcode lookup: when you explicitly tap online product search, Glytrio sends the barcode and a technical User-Agent to Open Food Facts, and, if a key is configured, may send a fallback request to USDA FoodData Central. Glucose, insulin, notes and profile data are not included.
- Bootstrap / version config: the app may request a read-only version and feature config from
glytrio.app. The request includes platform, app version and build number; no medical data is included. Like any website, Cloudflare may keep technical server logs. - Backup and reports: PDF, CSV and backup files are generated locally and are sent only when you choose to share them (Files, Drive, Mail, AirDrop, the system share sheet, or another channel of your choice).
- Support email: if you write to us, we process the email address, message body and any attachments you send.
4. Payments and paywall
Core Glytrio features are free in Russia, Ukraine, Armenia, Georgia, and Belarus. A paid model for other countries may be enabled later. When billing is active, Apple App Store, Google Play and Adapty may process purchase status, transaction identifiers, store country, technical device data and app version. Medical records, glucose values, insulin doses, food entries, notes, PDF/CSV exports and backup files are not sent to any payment provider.
5. Diagnostics, analytics and advertising
Version 1 does not include Firebase Analytics, PostHog, ad SDKs or remote logging of medical values. Sentry crash reporting may receive technical crash diagnostics such as stack traces, app version/build, platform, OS and device context; it is configured without screenshots, view hierarchy, user interaction breadcrumbs/tracing or default PII. Apple and Google may process system diagnostics and crash reports under their own policies. The Advertising Identifier (IDFA) is not used in the free-market release; the Adapty bootstrap disables advertising-identifier collection.
The glytrio.app website may use Google Analytics 4 for
technical web analytics: page views and clicks on app-store links. These
events do not include medical diary entries, glucose values, insulin
doses, food records, notes, reports or backup files. Advertising
personalization and Google Signals are disabled in the web tag.
6. Backup files
Backup files are produced locally. They can optionally be encrypted with AES-256-GCM using a key derived from your passphrase (PBKDF2-SHA256, 100,000 iterations). The passphrase is never stored or transmitted. Once exported, the security of the file depends on the destination you choose.
7. Children
Glytrio is suitable for parents who keep a diabetes diary for their child. The app is not directed at children under 13 (or under the equivalent local age of digital consent, e.g. 16 in parts of the EU). Glytrio does not knowingly collect personal data from children. There are no separate child accounts: data lives in a single local profile on the device, managed by an adult.
8. Data deletion
Uninstalling the app removes your data. Inside the app: Profile → Data → Delete all data. No server-side action is required because there is no server-side copy. See also Delete account.
9. Your rights
If you are located in the EEA, the United Kingdom or Switzerland, you have the right to request access, rectification, erasure, restriction, portability or to object to the processing of your personal data (GDPR / UK GDPR). California residents have rights under the CCPA / CPRA, including the right to know, delete and opt out of "sales" or "sharing" — Glytrio does not sell or share personal data for cross-context behavioral advertising. For local medical entries the fastest way to exercise these rights is to export or delete the data directly inside the app. For email and technical requests write to support@glytrio.app.
10. International transfers
The data controller is based in Spain (EU). Third-party processors that may receive limited technical data — Open Food Facts (France), USDA FoodData Central (United States), Cloudflare (global edge), Apple (United States and Ireland), Google (United States and Ireland) and Adapty (United States) — may process that data outside your country of residence under the safeguards each provider publishes (Standard Contractual Clauses, adequacy decisions or equivalent).
11. Data retention
Diary records remain on your device until you delete them or uninstall the app. Support emails are kept while the support conversation is open and for a reasonable period afterwards. Server logs created by Cloudflare follow Cloudflare's standard retention policy.
12. Changes to this policy
The version number and last-updated date are shown at the top of this page. Material changes will be announced inside the app.
13. Contact
Questions and requests: support@glytrio.app.
Nikolai Iakubovskii
Calle Emilio Tuya 37
Gijon, Asturias, 33202
Spain