Privacy Policy for the Reardon Protocol.

This Privacy Policy describes the categories of information that may be collected through the Reardon Protocol app and related services, how that information may be used, and the choices available to users.

Information we may collect

We may collect account and profile information, including your first name, last name, email address, password, and any clinic invite code you choose to provide.
We may collect health profile information, including diabetes type, diagnosis year, timezone, allergies, comorbidities, alert thresholds, consent status, and any research participation preference you select.
We may collect health, nutrition, and activity information that you choose to enter into the app, including meals, meal notes, meal photos, carbohydrate, protein and fat estimates, medications, medication logs, insulin entries, activity, steps, calories, sleep, stress, and safety event details.
If you connect a CGM device, we may collect CGM-related information such as glucose readings, timestamps, trend information, device sync status, and encrypted connection tokens required to maintain the integration.
We may also collect operational and security-related information, including IP address, user agent, login history, audit records, and locally stored session tokens used to keep you signed in on your device.

How we use information

We may use information to create and manage your account, authenticate you, and maintain an active session.
We may use information to provide app functionality, including meal logging, medication tracking, insulin logging, CGM syncing, daily summaries, alert thresholds, and progress-related metrics.
We may use information to send service-related and health-related notifications supported by the product, including glucose alert emails based on your configured thresholds.
We may use information to support safety, troubleshooting, abuse prevention, auditing, security review, and internal administration of the service.
Where you expressly opt in, de-identified or anonymized information may be used for research-related purposes.

Sharing and disclosure

If your account is linked to a clinic or care team, authorized clinicians or administrators associated with that clinic may be able to access relevant patient information needed to support care, monitoring, and related service operations within the product.
We may share information with service providers that support core operations, including cloud storage, email delivery, and connected CGM services.
We may disclose information where necessary to comply with applicable law, respond to lawful requests, enforce terms, prevent misuse, or protect users, the service, or other parties.
This Privacy Policy summary reflects the app and backend functionality currently implemented and should be updated if material changes are made to data collection, integrations, or data use practices.

Data retention

We retain information for as long as reasonably necessary to operate the service, maintain account history, provide health-tracking functionality, and satisfy legal, security, compliance, and operational obligations.
Certain records, including audit logs, account security records, and other integrity-related records, may be retained for longer periods where needed for fraud prevention, security review, dispute resolution, or legal requirements.
Session-related data stored locally on your device may remain until you sign out, clear app data, or uninstall the app.

Your choices

You may update certain profile information and alert-threshold settings from within the app.
You may choose whether to link your account to a clinic by using an invite code.
You may choose whether to opt into research participation where that option is made available.
You may request deletion of your account and associated data by using the dedicated deletion page linked below.

Account and data deletion

Users who wish to request deletion of their account and associated data may use the dedicated request page below.

At this time, the deletion request page collects the email address associated with the account so it can be passed into the separate deletion-request workflow. That workflow sends a follow-up email, and if no contrary reply is received, deletion is scheduled 30 days after the request is made.

Go to Deletion Request Page