Join waitlist

Join waitlist

Join waitlist

Privacy Policy

Last Updated: June 17, 2025

Thank you for using Subseven. Protecting your privacy is important to us. This Privacy Policy explains what information Subseven collects about you, why we collect it, how we use and share it, and the choices you have regarding your information. This Policy applies to all users of the Subseven mobile application and any related services provided by us. By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use Subseven.

In summary, Subseven collects personal information (such as your name and email) and health-related information (such as events you log and blood glucose data from Apple HealthKit) in order to provide our service. We use this data to give you insights about your diabetes management and to improve our product. We do not sell your personal information or share it with third parties for their own marketing. We take measures to secure your data and to use it responsibly, including complying with health data privacy standards like HIPAA and Apple’s App Store Guidelines for health information. Below, we provide full details.

1. Information we collect

We collect several types of information from and about users of the Subseven App:

1.1 Personal Identifiers: When you create an account, we ask for your name and email address. We use your email to create your login credentials, for account verification, and to communicate with you (such as sending receipts or important announcements). Optionally, we may also collect other profile information if you choose to provide it (for example, if in the future the app allows adding a profile picture or basic demographic info, though currently the main required fields are name and email).

1.2 Health and Wellness Data: The core of Subseven’s service is to log events and analyze blood glucose patterns. To that end, we collect:

  • Event Log Data: Any events you manually log in the App. This includes categories like meals (e.g. carbs and insulin doses), workouts (exercise details), stress levels, sleep quality or disturbances, menstrual cycle information (if you log a period), travel/vacation indicators, and other notes that might affect blood glucose. We structure these inputs via the App’s interface (for example, you may enter grams of carbohydrates eaten, duration of exercise, stress level on a scale, etc.). This data is stored so that the App can correlate it with your blood sugar data and generate insights.

  • Blood Glucose Data (HealthKit): Subseven integrates with Apple’s HealthKit to retrieve your blood glucose readings from your continuous glucose monitor (CGM) device (such as Dexcom) or any data you have stored in the Apple Health app. When you first use Subseven, the App will request your permission to read blood glucose data from the Health app. We cannot access this data unless you explicitly grant permission. If you do grant permission, the App will periodically read your glucose values (for example, the readings that Dexcom logs, typically every 5 minutes) and use them in conjunction with your event logs to analyze patterns. This blood glucose data is sensitive health information, and we treat it with a high level of security and privacy protection (see Section 4 below for more on HealthKit data usage).

  • Other Health Data: In future versions, we might integrate additional HealthKit data types (for example, exercise data, heart rate, or insulin delivery data if available) to enhance our analysis. We will always ask for your consent before accessing any new categories of health data.

1.3 Usage Data and Device Information: When you use the App, we may collect certain information automatically about your device and how the App is used, such as:

  • Device Information: Your device model, operating system version (e.g., iOS version), and unique device identifiers. This helps us ensure compatibility and optimize performance.

  • Log Data: Information about your use of the App, such as the date/time you log in, features you use, and any errors or crashes. This data is typically collected in an anonymized or aggregated form and helps us troubleshoot issues and improve the App’s functionality.

  • Analytics: We may use internal analytics tools to understand user engagement (for example, which features are most used). This information is generally statistical and does not focus on individual behavior, but rather overall usage patterns. If we use a third-party analytics service, we will ensure no sensitive health data is shared with them, or we will obtain user consent if required.

1.4 Payment Information: All subscription purchases are handled through Apple’s in-app purchase system. We do not collect or store your full credit card information or billing address for subscriptions. We receive from Apple a confirmation that the purchase was completed, the type of subscription, and maybe an anonymized transaction or subscriber ID. We keep a record of your subscription status (active/expired) to manage your account access. Any financial information you provide to Apple (such as credit card or PayPal info) is governed by Apple’s privacy policy. We do not have access to your payment credentials. We also do not directly process refunds – those are handled by Apple as well.

1.5 Communications: If you contact us via email, phone, or through any support feature in the App, we may collect the information you provide in that correspondence. For example, if you email support with a question, we will collect your email address and the content of your message. This information will be used solely to assist you and resolve your inquiry.

We do not collect any sensitive personal information that is not necessary for the functioning of the App. For instance, we do not collect Social Security numbers, addresses, or government ID numbers, as they are not needed for Subseven’s services. We also do not collect any information about your contacts, your precise GPS location, or your device’s photos or other files. The focus of our data collection is on providing the diabetes management service.

2. How we use this information

Subseven uses the information we collect for the following purposes:

2.1 To Provide and Improve the Service: We process your personal and health data to deliver the App’s core functionality – that is, to present you with analytics, charts, and insights regarding your blood glucose control and factors affecting it. For example, we use your logged events and HealthKit blood glucose data to identify patterns (such as “exercise in the evening is correlating with overnight hypoglycemia” or “high stress days see a 10% increase in average BG”). All these features require analyzing the data you input. We also use data to personalize the App for you – for instance, remembering your typical meal entries or providing summary statistics of your past week. Additionally, usage data and any feedback you provide help us debug and improve the App’s interface and features.

2.2 Analytics and Pattern Recognition: One of Subseven’s key offerings is to use AI and algorithms to find hidden patterns in your data. We may run automated algorithms on your dataset to detect trends over time. The results are shown back to you in the App. Internally, we might also analyze aggregated user data (with personal identifiers removed) to improve our pattern-detection methods. This falls under improving the service for all users.

2.3 Communication: We use your email to send important account or transaction-related communications. Examples include:

  • Account Verification: When you sign up, we may send a verification email to confirm your email address.

  • Receipts and Billing Notices: Each time Apple processes your subscription payment, we may email you a receipt or confirmation. (Apple may also send its own receipt). If your subscription is about to expire or renew, we might send a reminder.

  • Important Updates: If there are significant changes to the App, Terms of Use, or Privacy Policy, or if we encounter a security incident, we may email you to inform you. We strive not to spam; such emails are limited to important information.

  • Support Responses: If you contact us with a support question, we will use your contact information to respond.

We will not use your email to send you marketing newsletters or advertisements unrelated to the Subseven service unless you explicitly opt-in to such communications. Since the App is a paid subscription, we currently do not have third-party ads, so we won’t be sending promotional emails about other products.

2.4 Research and Development: As mentioned, Subseven may use data for research purposes in an anonymized form. Specifically, we are interested in deriving general insights that can benefit the diabetes community and improve the product’s algorithms. For example, we might analyze data from many users to see if a certain pattern is common (e.g., how much does lack of sleep typically increase blood glucose variability). Any research findings would not include personally identifiable information. We may share aggregated findings (for example, in a blog post or a scientific publication) but only after removing names, emails, or any direct identifiers. In terms of HIPAA (Health Insurance Portability and Accountability Act) standards, we de-identify the data by removing or anonymizing personal identifiers so that the information is no longer considered Protected Health Information (PHI) . Once data is anonymized (e.g., stripped of name, contact info, exact birthdates, etc.), it can be used for research or publication without further user consent under HIPAA guidelines . Our goal is to contribute to medical and scientific understanding of Type 1 Diabetes in a responsible way, while strictly protecting individual privacy.

2.5 Compliance and Enforcement: We may use your information to enforce our Terms of Use and to comply with applicable laws and regulations. For instance, we keep records of user accounts and payments to maintain proper financial and tax records. We might also use data to investigate and prevent fraudulent transactions or unauthorized use of the App. If necessary (hopefully never), we could use data to comply with a legal obligation, such as responding to a lawful subpoena or court order.

In summary, we use data to operate and enhance Subseven, communicate with you, research ways to make it better, and ensure legal compliance. We do not use your data for any purpose that is not related to the service we provide or the reasons we state. Notably, we do not use your health or personal data for advertising purposes. In fact, Apple’s policies prohibit using HealthKit data for advertising or data mining unrelated to health , and we fully comply. You will not see third-party ads in the App based on your data.

3. Health Data and Apple Healthkit

Because Subseven deals with sensitive health information and integrates with Apple’s HealthKit, we want to give special attention to how that data is handled:

3.1 HealthKit Data Usage: HealthKit is the interface that allows Subseven to read your health data (like blood glucose readings) from your iPhone’s Health app, where data from devices like Dexcom CGM are stored. We access HealthKit data only with your explicit permission. When you install the App, it will prompt you to grant read access to specific data types (e.g., Blood Glucose). You can choose to allow or deny. If you deny access, the App will still function for event logging, but some features that rely on BG data will be limited or unavailable.

If you allow access, we will use that data strictly to provide you with health and wellness services through the App. According to Apple’s rules, data obtained through HealthKit cannot be used for anything other than providing health or fitness services (with limited exceptions for medical research) . Subseven adheres to these rules. We do not use your HealthKit data for advertising, marketing, or selling to data brokers . We do not even use it for cross-device tracking or unrelated analytics. The data is used to compute things like: graphs of your glucose over time, correlations between events and glucose changes, summary statistics like time-in-range, etc., for your personal use. If we incorporate data into anonymized aggregate research, that falls under the umbrella of improving health services and medical research (which Apple allows so long as the user has consented) . By using the App and agreeing to this Privacy Policy, you provide that consent for us to use your data in these ways.

3.2 No Sharing of HealthKit Data: We do not disclose data obtained from HealthKit to any third party except: (a) to our service providers as necessary to operate the App (and only for that purpose, under strict contractual controls – see Section 5 below), or (b) when required by law. We do not share your HealthKit-derived personal data with advertisers, or platforms like Facebook or Google, or anyone else. The only possible “sharing” that might occur is if you choose to export your data or share a report with someone (for example, if in the future we have a feature to export a PDF summary that you then email to your doctor – that sharing is initiated by you, not by us automatically).

3.3 Storage of Health Data: Apple has specific guidelines around storing HealthKit data. Notably, Apple’s App Store guidelines state that apps using HealthKit that store users’ health information in iCloud will be rejected . We comply with this requirement by not storing your raw health data in Apple’s iCloud. Subseven handles data in the following way:

  • On your device, HealthKit data stays in the Health app database which is managed by iOS. We read it as needed for display in our App.

  • If the App performs analysis that requires back-end computation (for example, heavy AI pattern analysis), we may send necessary data to our secure servers for processing. In doing so, we ensure the data is encrypted in transit (via HTTPS) and encrypted at rest on our servers.

  • Any health data stored on our servers (if any) is stored securely with protections comparable to those required for medical data. We do not use Apple’s iCloud for backing up this data . Instead, we use secure cloud infrastructure that we control (with appropriate safeguards like encryption and access control). Apple’s restriction is meant to prevent inadvertently sharing health data with Apple’s cloud. We abide by this by keeping data within our system or on your device only.

  • If you backup your iPhone via iCloud, it’s possible that your Subseven app data (including health data cached in the app) could be included in your device’s encrypted backup. That is under Apple’s backup mechanism and is outside our control, but those backups are encrypted and Apple cannot access them without your key.

3.4 User Control: You remain in control of your health data. You can revoke Subseven’s access to HealthKit data at any time by going into the Health app on your iPhone, selecting Sources or the Subseven app, and toggling off the permissions. If you do so, Subseven will no longer be able to read new health data. (Note: revoking access does not automatically delete data we previously collected; if you want data deleted, see Section 7 on Your Rights). You can also delete data from the Health app itself (though that might also remove it from our app since we pull from HealthKit dynamically).

3.5 HIPAA Compliance: The information we collect, particularly health-related information, may be considered Protected Health Information (PHI) if Subseven were classified as a covered entity or a business associate under HIPAA. It’s important to clarify that Subseven is not a healthcare provider or insurance company, and typically personal health tracking apps are not strictly “covered entities” under HIPAA. However, we understand the sensitive nature of health data and we voluntarily follow industry best practices for health data privacy and security, in line with HIPAA principles. When we say “HIPAA-compliant research,” we mean that any use of data for research is done after removing personal identifiers (like name, email, phone, etc.) so that the data is de-identified . According to HIPAA, once data is properly de-identified (anonymized), it is no longer considered PHI and can be used more freely . We ensure that any research analysis we do does not include direct identifiers or anything that could reasonably identify an individual user.

In addition, any employees or contractors who might have access to user data (for example, a database administrator or a data scientist working on algorithm improvement) are trained on privacy and are bound by confidentiality agreements. Access to PHI is limited on a need-to-know basis.

In summary: Your health data is used only to help you and (anonymously) to help improve Subseven and knowledge about T1D. We take extra care with this data, complying with Apple’s HealthKit rules and HIPAA’s de-identification standards to protect your privacy .

4. How we share or disclose information

Your privacy is paramount. This section describes who, if anyone, we share your information with and under what circumstances. The short answer is that we do not sell or rent your data to third parties, and we avoid sharing your personal data unless necessary to provide our services or as required by law.

4.1 Sharing with Service Providers: We may employ third-party companies and individuals to facilitate our App and related services (these are often called “service providers” or “processors”). Examples include:

  • Cloud hosting providers (for data storage or server hosting).

  • Email service providers (to send verification or notification emails).

  • Analytics or crash reporting services (to help us fix issues).

These service providers may have access to certain personal information, but only to perform tasks on our behalf and under obligations of confidentiality. We require that our service providers handle data in compliance with this Privacy Policy and applicable privacy laws. They are not permitted to use your information for any purpose other than the purpose for which we share it. For instance, if we use a cloud database hosted by a third party, that third party does not have the right to access your data except to keep it stored/processed as instructed by us. We do not allow our service providers to mine user data for their own use or to share it onward.

4.2 No Third-Party Marketing Use: We do not share your personal information (including email or health data) with advertisers or marketing companies. You will not suddenly receive marketing emails or calls from third parties because you signed up for Subseven. We have no advertising inside the app, and we do not monetize your data by giving it to others. As referenced earlier, Apple’s policies forbid using HealthKit data for marketing or selling it , and we fully comply with that.

4.3 Aggregated or De-Identified Data: We may share aggregated, anonymized information publicly or with partners. For example, we might publish an article that says, “In an analysis of Subseven’s user base, we found that morning exercise was associated with a 15% improvement in average blood glucose levels.” Such statistics would not reveal any personal details about any specific user. Aggregated data means it’s combined from many users, and anonymized means all personal identifiers have been stripped out. We might share such insights with the diabetes research community, at conferences, or on our website’s blog. This is not considered sharing personal data, as it cannot be traced back to you. In technical terms, once data is de-identified properly, it’s no longer subject to certain privacy laws and we may use it freely , but we still commit to using it ethically.

4.4 Business Transactions: If Subseven (the company) is involved in a merger, acquisition, investment transaction, or asset sale, your information might be transferred to the new owner or partner as part of that deal. If such a transfer happens, we will ensure that the successor entity is bound by terms similar to this Privacy Policy with respect to your personal information. We would also strive to notify you (for example, via email or a prominent notice in the App) if your data becomes subject to a new privacy policy due to a business change.

4.5 Legal Requirements: We may disclose your personal information if required to do so by law or in response to a valid legal request. For instance:

  • To comply with a subpoena, court order, or other legal process.

  • To enforce our Terms of Use or other agreements, or to investigate potential violations.

  • To protect the rights, property, or safety of Subseven, our customers, or others. This could include exchanging information with other companies and organizations for fraud protection or security mitigation.

We will only disclose the minimum amount of information necessary to meet our legal obligations or protect our rights. If we receive a government or law enforcement request for your data, our policy is to review it carefully and push back if it is overbroad. We also would, to the extent allowed by law, inform you of such requests (for example, unless we are legally prohibited from doing so) so that you have an opportunity to object.

4.6 With Your Consent: Other than the cases above, we will share your personal information with third parties only if you have given us your explicit consent to do so. For example, if in the future we enable an integration where you ask us to share data with a specific app or service (like sending your logs to a clinician’s system), we will do so only with your authorization and as directed by you.

4.7 No Unauthorized Access: It’s worth reiterating that we do not allow any unauthorized persons or employees to access your identifiable data. Internally, access to personal data is strictly controlled. Our team members only access user data when necessary to perform their job (for example, providing customer support or debugging an issue you reported, and even then, preferably with your cooperation). All team members are trained on confidentiality and data protection.

In conclusion, our default stance is not to share personal data unless it’s absolutely necessary for providing the service or we are compelled by law. We want you to feel confident that your information is staying with Subseven (and its essential service partners) and not floating around to unrelated parties.

5. Data Security

We take security measures to protect your personal information from unauthorized access and disclosure. However, no system can be 100% secure, so we want to be transparent about how we safeguard your data and the residual risks.

5.1 Security Measures Implemented:

  • Encryption: All communications between the Subseven app and our servers are encrypted using industry-standard protocols (such as HTTPS/TLS). This means that when data (like your logged events or BG readings) is transmitted, it is encoded so that third parties cannot eavesdrop on it easily. Similarly, we encrypt sensitive data at rest on our servers or databases. For example, personal details and health data in our database are stored in encrypted form or in secure datastores with encryption enabled. We also leverage encryption features provided by Apple’s iOS for data stored on the device. Apple’s HealthKit data on your phone is stored by Apple in a secure manner (HealthKit data is typically encrypted on device and in backups).

  • Secure Servers: We use servers and cloud services that implement robust security practices, including firewalls, intrusion detection systems, and regular security patching. Personal information we collect is stored on secure servers behind firewalls . We limit and control access to these servers; only authorized personnel with a valid business need can access them.

  • Access Controls: Internally, we restrict access to personal data. Only employees or contractors who need to process your data (for example, a support engineer helping troubleshoot an issue with your account) are granted access, and even then it’s limited to what they need. We use authentication and access logs to manage and record when data is accessed.

  • Password Protection: Your Subseven account is protected by the password you choose. We strongly encourage you to choose a strong, unique password and to keep it confidential. We never store your password in plaintext; it is stored in a hashed form (a one-way cryptographic representation). If you forget your password, we have a process to reset it (likely via email verification).

  • Development Practices: We follow secure coding guidelines to minimize vulnerabilities in the app itself. We also regularly update our software dependencies to patch security issues and may undergo security audits or assessments of our application.

  • Monitoring: We monitor our systems for suspicious activity and have measures in place to detect and respond to potential security incidents.

5.2 No Guarantee: While we employ these and other safeguards, no method of transmitting or storing data is completely secure. The internet by its nature has risks, and despite our best efforts, we cannot guarantee absolute security of your information . For example, there’s always a minor risk of zero-day vulnerabilities, cyber-attacks, or unforeseen bugs that could lead to a breach. We want to be honest that there is no such thing as perfect security. You transmit data to us at your own risk .

5.3 User Responsibilities: Security is also a shared responsibility. It is important for you, as a user, to take steps to protect your own information:

  • Keep Your Password Safe: Do not share your Subseven account password with anyone. We will never ask you for your password via email or phone. If you suspect someone else has obtained your password, change it immediately and contact us.

  • Secure Your Devices: Since the App may be logged in on your phone, ensure your phone itself is protected (with a PIN, fingerprint, or Face ID). If your phone is lost or stolen, someone could potentially access your App data if your phone is unlocked. Enable remote wipe or Find My iPhone features as applicable.

  • Phishing Awareness: Be cautious of phishing attempts. Subseven will not send you unsolicited emails asking for personal information. Always double-check that communications are actually from us (for example, emails from @subseven.ai). If in doubt, contact us directly via our official contact info.

5.4 Data Breach Procedures: In the unlikely event of a data breach that affects your personal information, we will act promptly to contain and investigate the breach. We will also notify affected users and any relevant regulatory bodies as required by law. We have a breach response plan that involves identifying the scope of the breach, preventing further unauthorized access, and communicating transparently with users about what happened and what steps should be taken.

By using Subseven, you acknowledge that you understand the security measures we have in place and the residual risks that can exist. We are committed to continuously improving our security practices as new technologies and threats evolve. If you have any questions about security or suspect a vulnerability in our system, please contact us using the information in the Contact section. We appreciate feedback and take security inquiries seriously.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Here is how we approach retention for different types of data:

  • Account Information: We will keep your account information (like name, email, and your logged health data) as long as your account is active. This is so we can provide you the service continuously. If you have an active subscription, we presume you want us to retain your data for historical analysis (for example, so you can see patterns over months or years). If you decide to cancel your subscription but continue using a basic version of the App (if available), we would still keep your data unless you request deletion.

  • Event and Health Data: The event logs and imported health data are stored to provide longitudinal analysis. We do not routinely purge health data unless you delete it or delete your account. This means if you have been using the app for two years, we may have two years of logs, which helps provide better insights. All data will be retained until you take action to remove it or until the account is deleted.

  • Backup and Archives: We perform database backups for disaster recovery purposes. These backups might incidentally contain your data and could be retained for a certain period (e.g., backups might be kept for 30 days securely before being overwritten). If you delete data or your account, that deletion will eventually propagate to backups, but not immediately. We ensure backups are stored securely and are only accessed if needed for system restoration.

  • Legal Retention Requirements: We may retain some information to comply with legal obligations or for legitimate business interests. For instance, we might keep transaction records (subscription payments, etc.) for accounting and tax purposes for a certain number of years as required by law. If we had any correspondence related to support or disputes, we might retain those communications as evidence or record.

  • Research Data: Any de-identified data that has been extracted for research or analytical purposes may be kept indefinitely, since it no longer is linked to personal identifiers. (For example, aggregated statistics or anonymized datasets might be stored to track long-term trends). This data would not be tied to you personally after de-identification.

If you choose to delete your account (or if you request us to delete your data), we will delete or anonymize your personal information on our active systems. There may be residual copies in our backups or cache for a short time, but those will be deleted in the normal course of our backup retention schedule. We will also ensure that any third-party service providers are instructed to delete the data they hold on our behalf, if applicable.

Please note: if you simply delete the app from your phone but do not request account deletion or cancel your subscription, your data may still remain on our servers. If you intend to stop using Subseven and want your data removed, please follow the steps in the next section regarding your rights and contacting us to delete data.

7. Your Rights and Choices

You have certain rights and choices regarding your personal information. We want you to be in control of your data. Depending on your jurisdiction (for example, users in the European Union under GDPR, or in California under CCPA), you may have specific legal rights. We aim to honor basic rights for all users, even if local laws do not provide them explicitly. These include:

  • Access and Portability: You have the right to request a copy of the personal data we hold about you. For example, you might want an export of all your logged events and BG data that Subseven has stored. We can provide this in a commonly used format (like a CSV file or JSON). Some functionality might be built into the app to view or export your data; if not, you can contact us and we will assist you.

  • Correction: If any of your information is incorrect or has changed (for instance, you want to update your email address), you can do so through the app’s account settings or by contacting us. It’s important that we have accurate information for you. Note that if you entered incorrect data in logs and wish to correct it, you can edit or delete entries via the App interface.

  • Deletion (Right to Erasure): You can request deletion of your account and personal data. This is sometimes called “right to be forgotten.” If you request this, we will delete your account data from our systems (with the noted exception of data we may need to keep for legal reasons, and with the understanding that complete removal from backups will happen after a short delay). To do this, you might use a feature in-app (if available) or contact support. Keep in mind, deletion is irreversible – if you later return to Subseven, you would have to start fresh as we won’t have your old data.

  • Withdrawal of Consent: If you have consented to any optional data collection or usage (for example, HealthKit integration), you can revoke that consent. As discussed in Section 3.4, you can disconnect HealthKit access at any time. If you had opted into receiving an optional newsletter (not currently in practice), you could opt out. Essentially, for any processing of data that is based on your consent, you have the right to withdraw that consent for future processing.

  • Object or Restrict: You may have the right to object to or ask us to restrict certain processing. For example, if you are in the EU and believe our legal basis for processing your data isn’t sufficient, you can object and we will review. Or you might not want your data used in research – you can let us know and we can ensure your data is excluded from any aggregate research analyses going forward (though data already aggregated cannot be traced back to remove, since it’s anonymized).

  • Non-Discrimination: If you exercise any privacy rights (such as deleting data), we will not discriminate against you. For instance, if you are a California resident exercising CCPA rights, we will not deny you services or charge you a different price just because you exercised your rights. However, note that deletion of data or restriction might affect our ability to provide the service (if you delete all your data, the app may not function usefully).

How to Exercise Your Rights: To exercise any of the above rights, please contact us at chris@subseven.ai. Please provide enough information for us to verify your identity (we want to ensure we’re dealing with the actual account owner) and to understand your request. We may ask for certain information to verify identity, especially for sensitive requests like data access or deletion, to prevent fraud.

We will make efforts to respond to your request within a reasonable timeframe. For data access or deletion requests, we aim to respond within 30 days (which is a standard in many jurisdictions). If we need more time, we will let you know. Some requests may be subject to certain exceptions – for example, if fulfilling a request would compromise another user’s privacy or if we must retain certain data by law, we will explain that in our response.

Account Settings: Some of your rights can be exercised by yourself through the App:

  • You can update some profile information in the App’s settings.

  • You can remove or edit logged events via the App interface.

  • You can disconnect HealthKit access via your phone settings.

  • You can cancel your subscription via the App Store settings.

    Future updates of the App might include a “delete account” option that automates the process of erasing your data. If and when that exists, we will update this Policy to reflect it.

California “Do Not Sell”: We do not sell personal data. If you are a California resident, the CCPA grants you the right to opt-out of the sale of personal information. Since we do not sell data, there is no separate “Do Not Sell My Info” mechanism needed. If that ever changes (it won’t without updating this Policy), we would provide an opt-out.

European Union Users: If you are in the EU or a country with similar GDPR laws, our lawful basis for processing your personal data typically is: (a) Consent – for the health data which is considered a special category, we rely on your consent to process it (you give consent by agreeing to this Policy and by entering the data or allowing HealthKit access); (b) Contract – when you subscribe and use our App, we process data as necessary to perform our contract (the service you signed up for); (c) Legitimate Interests – for certain analytics or improvement or support communications, we might rely on our legitimate interest in running an effective service, but not overriding your rights; and (d) Legal Obligation – for any legal compliance (like tax records, etc.). You also have the right to lodge a complaint with a Data Protection Authority if you believe we are mishandling your data under GDPR.

We encourage you to reach out to us first with any concerns about how we handle your data, and we will do our best to resolve any issues.

8. Children's Privacy

As noted in the Terms of Use and earlier in this Policy, Subseven is not intended for children under 13 years of age. We do not knowingly collect personal information from anyone under the age of 13 . If you are under 13, do not use or provide any information on this App or on or through any of its features, and do not create an account. We understand that Type 1 Diabetes can affect young children, but the App should be used by a parent or guardian in such cases (with the adult as the account holder), rather than the child directly.

If we learn that we have inadvertently collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly . If you are a parent or guardian and you discover that your child under 13 has provided personal information to Subseven, please contact us immediately at chris@subseven.ai so we can remove the child’s information.

For teens between 13 and 17: We recommend that such users involve a parent or guardian in their use of the App. Some portions of the App involve understanding medical information, which is usually best done with adult guidance for minors. In any case, our policy is that no one under 18 should use the App without parental consent. By using the App, you affirm that you meet the age requirements.

We do not use any personal information from users under 18 for marketing or profiling. And of course, since we do not allow users under 13 at all, we strictly avoid collecting any data from that age group knowingly.

9. International Users and Data Transfers

Subseven is based in the United States, and our services are primarily directed to users in the U.S. If you are using the App from outside the United States, please be aware:

  • Data Location: Your information (including personal data and health data) will likely be transferred to and stored on servers in the United States. This means your data will be subject to U.S. laws and possibly accessible to U.S. authorities under lawful orders.

  • Cross-Border Transfers: We may utilize cloud providers or services that are also based in the U.S. or other countries. By using the App, you consent to the transfer of your information to the U.S. and possibly other jurisdictions. We will take steps to ensure appropriate safeguards are in place for international data transfers. For example, if you are in the EU/EEA and we transfer data out of the EEA, we would rely on mechanisms like Standard Contractual Clauses or other approved legal frameworks to ensure adequate data protection.

  • Differences in Law: Privacy laws vary by country. The data protection laws of the United States may differ from those in your country of residence. The U.S. does not currently have a single comprehensive health data protection law like the EU’s GDPR, but we handle data as described in this Policy which aims to be universally privacy-focused. If local laws require different standards, we will endeavor to meet those for users in that locale (for instance, honoring deletion requests even if not mandated by U.S. law).

  • Language: The App and this Privacy Policy are in English. If you need assistance understanding it in your language, please contact us. Using the App indicates acceptance of the English version of this Policy.

If you are accessing Subseven from a region with laws governing data collection and use, please note that we may not be able to accommodate all region-specific requirements unless explicitly stated. We will continue to monitor international regulations and will update our practices as needed if we expand to more international markets.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the Policy, we will:

  • Change the “Last Updated” date at the top of this Policy.

  • In the case of significant changes, provide a notice to users (for example, by an in-app notification or via email). Significant changes might include any change in how we use personal data, or new categories of data we start collecting, etc.

  • Give you the opportunity to review the revised Policy. In some cases, we may request your consent to the changes, especially if required by law or if the changes are material and involve new uses of previously collected data.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of Subseven after any changes to this Policy constitutes your acceptance of the updated terms . If you do not agree with any updates, you should stop using the App and may request deletion of your data.

By using Subseven, you entrust us with your sensitive information, and we are committed to honoring that trust through robust privacy and security practices. We appreciate you taking the time to read our Privacy Policy.

Thank you for being a part of Subseven, and we hope our app genuinely helps you in managing your health better. Your privacy and satisfaction are our priorities.