Privacy Policy

Last Updated: 1/29/2026

1. Introduction

CarbSathi ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application and website (the "Service").

By using CarbSathi, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us:

  • Account Information: Email address (optional)
  • Health Data: Glucose readings, insulin doses, meal history, body weight, insulin settings (ICR, CF, target glucose)
  • Usage Data: Food preferences, favorite foods, meal templates

2.2 Automatically Collected Information

  • Device Information: Device type, operating system
  • Usage Information: App features used, time spent
  • Location Data: Not collected (we don't track location)

2.3 Third-Party Services

LibreLinkUp Integration: If you connect FreeStyle Libre, we access glucose readings through LibreLinkUp API (with your explicit consent).

3. How We Use Your Information

We use your information to:

  • Provide Services: Calculate insulin doses, track meals
  • Improve App: Analyze usage to improve features
  • Personalize Experience: Remember your preferences
  • Send Notifications: Alert you about glucose levels (if enabled)
  • Support: Respond to your inquiries

We do NOT:

  • ❌ Sell your data to third parties
  • ❌ Share your data with advertisers
  • ❌ Use your data for marketing (without consent)
  • ❌ Share your data with other users

4. Data Storage & Security

4.1 Where We Store Your Data

  • Primary Storage: Supabase (cloud database) - Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Local Storage: Your device (localStorage) - Data stored on your device, not synced to cloud (unless you enable sync)

4.2 Security Measures

We implement industry-standard security measures:

  • ✅ Encryption: All data encrypted (in transit and at rest)
  • ✅ Access Control: Only you can access your data
  • ✅ Authentication: Secure login system
  • ✅ Regular Audits: Security audits conducted regularly
  • ✅ SOC 2 Certified: Our service providers are SOC 2 certified
  • ✅ ISO 27001 Compliant: Information security management

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. Data Sharing

We do NOT share your personal information with third parties, except:

  1. Service Providers: Supabase (database hosting), Railway (app hosting), SendGrid (email service) - These providers are bound by confidentiality agreements
  2. Legal Requirements: If required by law or court order, to protect our rights or safety, to prevent fraud or abuse
  3. With Your Consent: We will only share data if you explicitly consent

6. Data Retention

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Data deleted within 30 days of account deletion
  • Inactive Accounts: Data retained for 2 years, then deleted
  • Backups: Encrypted backups retained for 90 days

You can request immediate deletion of your data at any time.

7. Your Rights (Under DPDPA)

You have the right to:

  1. Access: Request a copy of your data
  2. Correction: Correct inaccurate data
  3. Deletion: Delete your data ("Right to be Forgotten")
  4. Portability: Export your data in machine-readable format
  5. Withdraw Consent: Withdraw consent at any time
  6. Object: Object to processing of your data

To exercise these rights, contact us at: support@carbsathi.com

8. Children's Privacy

CarbSathi is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. Cookies & Tracking

  • Cookies: We use essential cookies for app functionality
  • Analytics: We use Google Analytics (anonymized data)
  • No Third-Party Tracking: We don't use advertising trackers
  • Opt-Out: You can disable cookies in your browser settings

10. International Data Transfers

  • Data Location: Your data is stored in Mumbai/Singapore region
  • No Cross-Border Transfer: Data stays within chosen region
  • Compliance: We comply with India's DPDPA and GDPR principles

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Sending you an email (if you've provided email)
  • In-app notification

Your continued use of the Service after changes constitutes acceptance of the new Privacy Policy.

12. Medical Disclaimer

IMPORTANT: CarbSathi is an educational tool only. It does not provide medical advice, diagnosis, or treatment. Insulin calculations are estimates only and should not replace professional medical guidance. Always consult your doctor or diabetes educator before making insulin dosing decisions.

We are not responsible for any health outcomes resulting from use of this app.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

  • Email: support@carbsathi.com
  • Address: [Your Business Address]
  • Phone: [Your Phone Number]

14. Governing Law

This Privacy Policy is governed by the laws of India and the Digital Personal Data Protection Act (DPDPA) 2023.

By using CarbSathi, you acknowledge that you have read and understood this Privacy Policy.