This policy supplements our general Privacy Policy and describes how GlucoWorks LLC handles consumer health data under state laws including the Washington My Health My Data Act (MHMDA).
GlucoWorks LLC (“GlucoWorks,” “we,” “us,” or “our”) is a Wyoming limited liability company that develops diabetes management software. This Consumer Health Data Privacy Policy (“Policy”) supplements our Privacy Policy and describes how we collect, use, share, and protect Consumer Health Data as defined under the Washington My Health My Data Act (MHMDA), the Nevada Consumer Health Data Privacy Law, and similar state consumer health data privacy laws (collectively, “Consumer Health Data Laws”).
This Policy applies when Consumer Health Data Laws are applicable to the data we process. To the extent that health data we process is subject to the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations, that data is exempt from Consumer Health Data Laws and is governed by our HIPAA Notice of Privacy Practices and applicable Business Associate Agreements.
“Consumer Health Data” means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. This includes, but is not limited to:
| Category | Examples | Source |
|---|---|---|
| Health-Related Browsing Data | Pages visited on gluco-works.com relating to diabetes management products, search queries on our site | Website analytics, cookies |
| Inquiry Data | Health-related information voluntarily included in contact form submissions or emails | Direct from consumer |
| Category | Examples | Source |
|---|---|---|
| Blood Glucose Data | Fingerstick BG readings, fasting glucose values, pre-meal and post-meal glucose readings, glucose targets and ranges | DoseAdvisor patient app (manual entry), CGM integration (Dexcom, FreeStyle Libre) |
| Insulin Dosing Data | Calculated insulin doses, insulin-to-carb ratios, insulin sensitivity factors, correction factors, basal insulin doses, dose history | DoseAdvisor patient app, clinician-prescribed parameters |
| Meal and Nutrition Data | Carbohydrate counts, meal timing, meal type classifications | DoseAdvisor patient app (manual entry) |
| Continuous Glucose Monitor (CGM) Data | Real-time and historical glucose readings, glucose trends, time-in-range statistics, CGM sensor session data | Dexcom V3 API, LibreLinkUp integration |
| Insulin-on-Board (IOB) Data | Active insulin calculations, insulin activity curves, stacking risk assessments | DoseAdvisor dose calculation engine |
We use Consumer Health Data for the following purposes:
We share Consumer Health Data only with service providers who are contractually obligated to protect it and use it only for the purposes we specify:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform | Website hosting | Server logs that may contain browsing data |
| Google Analytics | Website analytics | Browsing patterns (with anonymized IP) |
For DoseAdvisor, our service providers additionally include:
| Provider | Purpose | Data Involved |
|---|---|---|
| Google Cloud Platform (Cloud Run, Cloud SQL, Cloud Storage) | Application hosting, database, document storage | All DoseAdvisor application data, under GCP BAA |
| Expo (Expo Application Services) | Push notification delivery for dose reminders and safety alerts | Device tokens, notification content (no glucose data in notification payloads) |
| Dexcom, Inc. | CGM data integration via Dexcom V3 API | Glucose readings, CGM session data (user-authorized OAuth connection) |
| Abbott / LibreLinkUp | CGM data integration for FreeStyle Libre users | Glucose readings (user-authorized connection) |
We may disclose Consumer Health Data when required by law, in response to valid legal process, or to protect our rights, privacy, safety, or property.
We may share Consumer Health Data with other parties when you provide affirmative consent.
Under applicable Consumer Health Data Laws, you have the following rights:
You have the right to confirm whether we are collecting or sharing your Consumer Health Data and to request access to such data.
You have the right to request that we delete your Consumer Health Data. Upon verified request, we will delete your Consumer Health Data and direct our processors to do the same, subject to applicable legal exceptions.
Where we process Consumer Health Data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.
We will not discriminate against you for exercising any of your rights under Consumer Health Data Laws.
In addition to the rights described above, DoseAdvisor users have the following data rights:
To exercise any of the rights described above, you may:
We will respond to verified requests within the timeframes required by applicable law (typically 45 days for Washington MHMDA and 60 days for Nevada). We may request additional information to verify your identity before processing your request.
We implement appropriate technical and organizational measures to protect Consumer Health Data, including:
We retain Consumer Health Data only for as long as necessary to provide our services and fulfill the purposes described in this Policy, or as required by law. Website browsing data that constitutes Consumer Health Data is retained for no longer than twenty-four (24) months. DoseAdvisor application data is retained in accordance with the DoseAdvisor Privacy Policy and applicable data retention schedules.
We may update this Policy from time to time. We will post the revised Policy on this page with an updated effective date. Material changes will be communicated through a notice on our Website. Your continued use of our services after changes are posted constitutes your acceptance of the revised Policy.
If you have questions about this Consumer Health Data Privacy Policy or wish to exercise your rights, please contact us:
GlucoWorks LLC — Privacy Office
For consumer health data requests, MHMDA inquiries, and data subject rights.
For legal inquiries: legal@gluco-works.com
Mail: GlucoWorks LLC, Attn: Privacy, Wyoming, USA
DoseAdvisor is a trademark of GlucoWorks LLC. This Consumer Health Data Privacy Policy applies to consumer health data processed by GlucoWorks LLC through the DoseAdvisor platform and the gluco-works.com website. It supplements the DoseAdvisor Privacy Policy.
This document does not constitute legal advice.