Privacy Notice
Version v2026-05-20.1 · Controller: Satish Singh (Antwerp, Belgium) · DPO contact: satixbv@outlook.com
Beta posture. Glyca is a closed beta. The operator
(data controller) personally carries liability for the experimental
features in this version. Discussion points in the weekly endo
report carry a referral clause and are gated on your acceptance of
the current Health Information consent (v2026-05-20.1).
Data we process
- Continuous glucose readings from your CGM provider (Dexcom / FreeStyle Libre).
- Insulin events (pump telemetry via Tidepool, or pen-derived from your /meal logs).
- Activity context (WHOOP, paused in v2).
- Meal logs you submit via the Telegram bot.
- Account metadata (display name, email, timezone, language).
Why we process it
To produce the morning / evening briefs, the weekly endocrinologist
report, and the proactive Tier-1 features (signal-loss DM, trend
comparisons, excursion explanations, meal-time grounding).
Your rights
- Right of access (GDPR Art. 15) — DM the operator or email the DPO.
- Right to erasure (GDPR Art. 17) — every per-user table allows you to DELETE your own rows.
- Right to portability (GDPR Art. 20) — your data is in Supabase Postgres; an export is available on request.
This notice is the legal text; technical detail (RLS,
Vault credential encryption, audit log via llm_calls) is documented
in the operator-facing system-overview.md.