1. Overview
π Privacy-First Approach
Your health data stays on YOUR device. We don't store your meal photos, activity data, or personal health information on our servers. You have complete control over your data.
App Information
- App Name: AiDia - AI Diabetes Assistant
- Developer: Neuroxes
- Platform: Android, iOS, Web
- Category: Health & Fitness / Medical
- Contact: support@neuroxes.com
What AiDia Does
AiDia helps diabetes patients manage their carbohydrate intake and insulin needs using AI-powered food analysis. Users take photos of meals to get instant nutritional information, track physical activity, receive personalized AI coaching, and monitor their HbA1c goals.
π Key Privacy Points
- β Your meal photos and health data stored locally on your device
- β We never sell your personal information
- β You can delete all data anytime
- β HTTPS encryption for all network communications
- β Full compliance with GDPR, CCPA, and other privacy laws
2. Data Collection Overview
We believe in transparency. Here's exactly what data we collect and where it's stored:
| Data Type | Storage Location | Purpose |
|---|---|---|
| Meal Photos & Nutrition | Your Device Only | Track your meals and carb intake |
| Physical Activity | Your Device Only | Calculate carb offset from exercise |
| User Preferences | Your Device Only | Customize app experience |
| Email & Display Name | Firebase Cloud | Account authentication |
| Subscription Status | Firebase Cloud | Manage app access and credits |
| Food Analysis Requests | OpenAI (30 days) | AI-powered nutritional analysis |
3. Data Stored Locally (Your Device Only)
π Private & Secure
This data NEVER leaves your device. It's stored in your phone's private app directory using SQLite database and local storage.
A. Meal Information
- Photos of meals (stored in device storage)
- Meal names and timestamps
- Nutritional data: calories, carbs, protein, fats, fiber, sugar
- Food items detected by AI with confidence scores
- Serving sizes and portion multipliers
- User notes and custom tags
- Location information (country/region for meal suggestions - NOT GPS)
B. Physical Activity Data
- Step counts from device pedometer
- Walking distance and duration
- Activity type (walking, running, cycling, etc.)
- Calories burned estimates
- Activity notes
C. Walking Session & Story Data
- Walking session start/end times
- Steps during story sessions
- Story progress (chapter numbers, completion status)
D. User Preferences
- OpenAI API key (if you provide your own)
- Theme preferences (light/dark mode)
- Notification settings
- Language preferences
π Security Note
All locally stored data is protected by Android's app sandboxing. Only AiDia can access this data. When you uninstall the app, all local data is automatically deleted.
4. Data Stored in Firebase Cloud
We use Firebase (Google) to provide account features and app functionality. Here's what we store in the cloud:
A. Authentication Data (only if you create an account)
- Email address
- Display name
- Unique User ID (generated by Firebase)
- Account creation date
B. Subscription & Credit Tracking
- Current subscription tier (free/standard/pro)
- Daily credit usage count (for AI analyses)
- Last credit reset date
- In-app purchase receipts (for subscription verification)
C. Device-Based Tracking (for users without accounts)
- Device fingerprint ID (sanitized - no personal info)
- Daily credit usage count
- Last credit reset date
D. Push Notification Tokens
- Firebase Cloud Messaging (FCM) token
- Notification topic subscriptions (e.g., "all_users")
π Important Note
Your health data (meals, activity, diabetes profile) is NOT stored in Firebase. It stays on your device only.
5. Third-Party Services
A. OpenAI (AI Analysis)
What We Send to OpenAI:
- Food photos (only when you analyze a meal)
- Your diabetes profile (age, gender, insulin type, carb ratio, glucose targets)
- HbA1c levels (current, target, progress)
- Today's meal data and carb consumption
- Today's physical activity (steps, distance, carb offset)
- Country/region (for culturally appropriate suggestions)
- Cuisine preferences and dietary restrictions
- Chat conversation history (for AI coach feature)
- Voice recordings (if using voice input)
Why We Send It:
- To analyze food photos and provide nutritional information
- To give personalized diabetes management advice
- To transcribe voice input
β OpenAI Privacy Commitment
- OpenAI keeps API data for 30 days, then automatically deletes it
- OpenAI does NOT use API data to train their models
- Read OpenAI Privacy Policy β
B. Google AdMob (Advertisements)
What Is Collected:
- Device information (device type, OS version)
- Advertising ID (resettable in device settings)
- Approximate location (country/region - NOT precise GPS)
- Ad interaction data (views, clicks)
- App usage patterns (which screens show ads)
Purpose:
To display relevant ads and earn revenue to support free app usage.
π« Opt-Out Option
You can reset your Advertising ID in Android Settings β Google β Ads β Reset Advertising ID
C. Firebase Services (Google)
What Is Collected:
- Authentication data (email, UID)
- App usage analytics (screen views, feature usage - anonymous)
- Crash reports and error logs (for bug fixes)
- Performance metrics (app speed, network latency)
Purpose:
To provide user accounts, sync credits, send notifications, and improve app stability.
6. Android Permissions Explained
Here's why we request each permission and whether you can deny it:
| Permission | Why We Need It | Can Deny? |
|---|---|---|
| INTERNET | Connect to OpenAI API for food analysis | β Required |
| CAMERA | Take photos of meals for analysis | β Yes (use gallery) |
| READ_MEDIA_IMAGES | Select photos from gallery | β Yes (use camera) |
| RECORD_AUDIO | Voice input for hands-free logging | β Yes (type instead) |
| POST_NOTIFICATIONS | Send meal reminders | β Yes (no notifications) |
| ACTIVITY_RECOGNITION | Track steps from pedometer | β Yes (no step tracking) |
β Your Choice
All optional permissions can be denied. The app will still work, but some features will be unavailable. You can change permissions anytime in your device settings.
What We DON'T Collect
β We NEVER Collect:
- Precise GPS location
- Contacts list
- Calendar events
- SMS or phone call data
- Full photo library
- Background location tracking
- Biometric data (fingerprints, face ID)
- Payment card numbers
- Browsing history
- Medical records or prescriptions
7. How We Use Your Data
1. Food Analysis
- Photos sent to OpenAI to identify foods and calculate nutrition
- Your diabetes profile used to personalize recommendations
2. AI Coaching
- Meal history and progress used to provide personalized diabetes advice
- Chat history used for context in conversations
3. Credit Tracking
- Track daily AI analysis usage (free tier: 5 per day)
- Reset credits at midnight each day
4. Physical Activity
- Calculate carb offset (extra carbs you can eat due to exercise)
- Adjust meal recommendations based on activity level
5. Ads & Monetization
- Show ads to free-tier users
- Track ad views to earn revenue
6. App Improvement
- Anonymous analytics to understand feature usage
- Crash reports to fix bugs
β We DO NOT:
- Sell your data to third parties
- Share your meal photos with anyone except OpenAI (for analysis only)
- Use your health data for advertising targeting
- Share your data with insurance companies or healthcare providers
- Track your location in the background
8. Data Security
How We Protect Your Data
1. Local Storage Security
- Meal photos and health data stored in app's private directory
- Only AiDia can access this data (Android app sandboxing)
- Data automatically deleted when you uninstall the app
2. Network Security
- All internet communication uses HTTPS/TLS encryption
- OpenAI API calls use secure Bearer token authentication
- Firebase uses encrypted connections
3. API Key Security
- Your OpenAI API key (if you provide one) stored only on your device
- Never sent to our servers
4. Account Security
- Passwords hashed by Firebase (we never see your password)
- Email verification available
- Password reset via secure email link
π No Cloud Sync for Health Data
Your meal photos, activity data, and health information stay on your device. If you change phones, you must manually export/import data. We don't have access to your health data stored locally.
Data Breach Protocol
In the unlikely event of a security breach affecting Firebase data (email, subscription info), we will:
- Notify affected users within 72 hours
- Report to relevant authorities as required by law
- Provide guidance on protective measures
- Post updates on our website: www.neuroxes.com
9. Your Privacy Rights
Data Access & Control
You have full control over your data. Here's what you can do:
1. Access Your Data
- View all stored meals, activity logs, and preferences within the app
- Export data in JSON format (Settings β Export Data)
- Request a copy of your Firebase account data by emailing support@neuroxes.com
2. Modify Your Data
- Edit meal entries and nutritional information
- Update your diabetes profile and preferences anytime
- Change your email and display name in account settings
3. Delete Your Data
- Local Data: Settings β Clear All Data (deletes meals, activity, preferences)
- Account Data: Settings β Delete Account (removes email, subscription, Firebase data)
- Complete Removal: Uninstalling the app deletes all local data automatically
4. Data Portability
- Export your data as JSON file
- Import data from previous exports
- Transfer data to another device manually
β οΈ Important Note
Once you delete your account or local data, it cannot be recovered. Make sure to export your data first if you want to keep a backup.
Legal Rights (GDPR, CCPA, and More)
If You're in the European Union (GDPR):
- Right to Access: Request a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Delete your account and data
- Right to Data Portability: Export your data
- Right to Object: Opt-out of advertising (reset Ad ID)
- Right to Withdraw Consent: Revoke permissions anytime
If You're in California (CCPA):
- Right to Know: What data we collect and how we use it
- Right to Delete: Request deletion of your data
- Right to Opt-Out: We don't sell data, so no opt-out needed
- Right to Non-Discrimination: Same service whether you exercise rights or not
If You're in Other Regions:
We respect privacy laws worldwide, including Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act, and others. Contact us to exercise your rights.
Exercise Your Rights
Email us at support@neuroxes.com with subject "Privacy Rights Request"
We'll respond within 30 days (or as required by local law)
10. Children's Privacy
β οΈ Age Restriction
AiDia is not intended for children under 13 years old.
Our Policy
- We do not knowingly collect data from children under 13
- If you're a parent and believe your child has provided us with data, contact us immediately
- We will delete any child data within 72 hours of notification
Parental Guidance
If you're a parent of a teen (13-17) using AiDia:
- Review this privacy policy with them
- Supervise their use of the app
- Understand that diabetes management requires medical supervision
- Consult their doctor before using any diabetes app
COPPA Compliance (USA)
We comply with the Children's Online Privacy Protection Act (COPPA). We do not:
- Collect personal information from children under 13
- Allow children to publicly post personal information
- Send notifications or marketing to children
11. International Data Transfers & Laws
Where Your Data Is Stored
- Local Data: Your device (your country)
- Firebase: Google Cloud servers (multiple regions, including EU and US)
- OpenAI: OpenAI servers in the United States
Data Transfer Safeguards
When your data crosses international borders (e.g., EU to US), we ensure protection through:
- Standard Contractual Clauses (SCCs): Legal agreements approved by the EU Commission
- HTTPS Encryption: Data encrypted during transfer
- Firebase Privacy Shield: Google's compliance with EU-US data protection framework
Compliance with Regional Laws
πͺπΊ European Union (GDPR)
- Legal basis for processing: Consent, Contract, Legitimate Interest
- Data Protection Officer available at: support@neuroxes.com
- Right to lodge complaint with your local supervisory authority
πΊπΈ United States (CCPA, HIPAA)
- CCPA: We don't sell your data. You can delete your data anytime.
- HIPAA: AiDia is NOT a HIPAA-covered entity. We don't have access to your medical records or prescriptions.
π¬π§ United Kingdom (UK GDPR)
- Same protections as EU GDPR
- Right to complain to the Information Commissioner's Office (ICO)
π¨π¦ Canada (PIPEDA)
- We follow PIPEDA's 10 Fair Information Principles
- You can withdraw consent for data processing anytime
π¦πΊ Australia (Privacy Act)
- Compliance with Australian Privacy Principles (APPs)
- Right to complain to the Office of the Australian Information Commissioner (OAIC)
π§π· Brazil (LGPD)
- Legal basis for processing: Consent and Legitimate Interest
- Right to complain to ANPD (Brazilian Data Protection Authority)
π Global Privacy Standard
We apply the highest privacy standards globally, regardless of where you're located. Your privacy matters everywhere.
12. Changes to This Privacy Policy
How We Update This Policy
- We may update this policy to reflect new features, laws, or practices
- Material changes will be notified via in-app notification and email (if you have an account)
- The "Last Updated" date at the top will always show the latest version
- Continued use of the app after changes means you accept the updated policy
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | November 28, 2025 | Initial privacy policy release |
You can view the full version history at: www.neuroxes.com/privacy-history
13. Contact Us
Questions About Privacy?
We're here to help! Contact us anytime about privacy concerns, data requests, or general questions.
π± In-App Support
Settings β Help & Support
Submit a support ticket directly
Data Protection Officer
For GDPR-related inquiries, you can reach our Data Protection Officer at:
- Email: support@neuroxes.com
- Subject Line: "ATTN: Data Protection Officer"
Legal Requests
For legal matters, law enforcement requests, or subpoenas:
- Email: support@neuroxes.com
- Subject Line: "Legal Request"
π¬ We Value Your Privacy
Your trust is important to us. If you have any concerns about how we handle your data, please don't hesitate to reach out.
β οΈ Important Medical Disclaimer
AiDia is NOT a medical device and should NOT replace professional medical advice.
- This app provides estimates only and may contain inaccuracies
- Always consult your doctor or diabetes care team before making medical decisions
- Do not adjust insulin doses based solely on app recommendations
- In case of medical emergency, call emergency services immediately
- AiDia is not FDA-approved or clinically validated
- Use at your own risk and discretion
By using AiDia, you acknowledge that you understand these limitations and will use the app as a supplementary tool only.