Skip to content

Privacy Policy

Last updated: April 2026

1. Data Controller

SugarSmart AI is the data controller for your personal information. If you have any questions about how we handle your data, contact us at privacy@sugarsmart.com.

2. What We Collect

We collect the following information:

  • Health data you provide: HbA1c level, weight, height, age, medications, dietary preferences, food restrictions
  • Account information: name, email address
  • Usage data: pages visited, features used, timestamps
  • Chat messages sent to our AI dietitian

3. Legal Basis for Processing

We process your data based on your explicit consent, which you give when you check the disclaimer checkbox during the assessment. You can withdraw consent at any time by deleting your account.

4. How We Use Your Data

  • Generate personalized meal plans tailored to your health profile
  • Provide AI dietitian chat responses
  • Improve our AI models using anonymized, aggregated data
  • Send transactional emails (plan ready, account updates)

5. Who We Share Data With

We share data only with the following service providers, strictly for the purposes described:

  • AI provider — Your health profile is sent to generate meal plans. Data is processed in real-time and not stored by the provider after generation.
  • Stripe — Payment processor for billing. They receive only payment information, not health data.
  • Resend — Email provider for transactional emails (e.g., welcome email, plan notifications).
  • Vercel — Hosting provider. Data is encrypted at rest.
  • Neon — PostgreSQL database provider. Data is encrypted at rest.

We do not sell your data to third parties. Ever.

6. Data Retention

  • Active accounts: Data is retained for as long as your account is active.
  • Deleted accounts: All personal data is erased within 30 days of account deletion.
  • Backups: Purged within 90 days of account deletion.

7. Your Rights (GDPR Articles 15-22)

You have the following rights regarding your personal data:

  • Right to access — Download all your data from your dashboard.
  • Right to rectification — Edit your profile information at any time.
  • Right to erasure — Delete your account and all associated data.
  • Right to data portability — Export your data as JSON from your dashboard.
  • Right to restrict processing — Contact us to restrict how we use your data.
  • Right to object — Object to processing of your data for specific purposes.
  • Right to withdraw consent — Withdraw your consent at any time by deleting your account.

8. How to Exercise Your Rights

You can exercise most rights directly from your dashboard (Profile tab). For data export and account deletion, use the "Manage My Data" section. For other requests, email privacy@sugarsmart.com and we will respond within 30 days.

9. Data Security

We take data security seriously. Your health data is encrypted with AES-256 at rest. Passwords are hashed with bcrypt. Authentication uses secure JWT tokens with HttpOnly cookies. We implement rate limiting to prevent abuse.

10. International Data Transfers

Your data may be processed in the United States by our hosting (Vercel) and database (Neon) providers. We ensure adequate safeguards are in place through standard contractual clauses (SCCs) with these providers.

11. Cookies

We use essential cookies for authentication and optional analytics cookies with your consent. For full details, see our Cookie Policy.

12. Children

SugarSmart AI is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Medical Disclaimer

SugarSmart AI provides dietary guidance for informational purposes only. It is not a substitute for professional medical advice. Always consult your doctor before making changes to your diet or medications.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email. Continued use of SugarSmart AI after changes constitutes acceptance of the updated policy.

15. Contact

For any privacy-related questions or concerns, contact us at privacy@sugarsmart.com.