Summary: Your health data belongs to you. It is stored locally on your device first. Cloud backup is optional and encrypted. We never sell your data to third parties. We do share data with select service providers (like OpenAI for AI food parsing) as described in this policy.
Table of Contents
1. Who We Are
MettaTrackAI™ is a mobile health tracking application developed and operated by MettaTrack LLC ("Company," "we," "us," or "our"). Our application is available on iOS and Android at www.mettatrackai.com.
This Privacy Policy describes how we collect, use, store, and protect information when you use our mobile application and website. By using MettaTrackAI, you agree to the practices described in this policy.
2. What Data We Collect
2.1 Health & Tracking Data
To provide our core tracking functionality, we collect data that you enter or that is imported from connected devices:
- Glucose readings (manual entry or CGM import)
- Ketone readings (manual or Keto-Mojo Bluetooth)
- GKI (Glucose Ketone Index) calculations
- Food logs and nutritional information
- Exercise logs
- Weight and body metrics (if logged)
- Notes and annotations you add to readings
2.2 Account Information
If you create an account for cloud backup, we collect:
- Email address
- Password (stored as a one-way hash — we cannot see your password)
- Display name (optional)
- Account creation date
2.3 Device & Technical Data
- Device type and operating system version
- App version
- Crash reports and error logs (anonymized)
- General usage analytics (see Section 11)
2.4 Data We Do NOT Collect
- We do not collect your precise GPS location
- We do not access your camera, microphone, or contacts (unless you initiate a photo log)
- We do not collect your full name, address, or government ID
- We do not collect financial information (payments are processed by Apple App Store or Google Play)
3. How We Use Your Data
We use your data solely to provide and improve MettaTrackAI. Specifically:
- App functionality: Displaying your logs, charts, trends, and generating PDF reports
- AI food parsing: Your meal descriptions are sent to OpenAI's API to generate nutritional estimates (see Section 5)
- Cloud backup: If opted in, syncing your data securely across devices
- App improvement: Anonymized crash data and usage patterns help us fix bugs and improve features
- Customer support: Responding to support requests you initiate
- Communications: Sending you app updates, feature announcements, and beta information (you may unsubscribe at any time)
We never sell your personal or health data. We do not share your data with advertisers, data brokers, or analytics companies in a way that would identify you.
4. Data Storage & Security
4.1 Local-First Storage
All health data is stored locally on your device first. The app functions fully offline. Cloud backup is entirely optional and must be explicitly enabled by you.
4.2 Cloud Backup (Optional)
If you enable cloud backup, your data is encrypted in transit (TLS 1.2+) and at rest (AES-256 encryption). Only you can access your data — our team does not have access to the decrypted contents of your health records.
4.3 Security Practices
- Passwords are hashed using industry-standard algorithms (bcrypt)
- API connections use HTTPS/TLS encryption
- We conduct regular security reviews of our infrastructure
- Access to production systems is limited to authorized personnel
4.4 Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware, as required by applicable law.
5. Third-Party Services
5.1 OpenAI (AI Food Parsing)
When you use the AI food logging feature, your meal description text is sent to OpenAI's API for processing. This allows our app to interpret natural language descriptions and return nutritional estimates.
- Only the text description of your meal is sent — not your name, email, or glucose data
- OpenAI processes this data under their API usage policy
- OpenAI does not use API data to train their models (per their current API terms)
- You can review OpenAI's privacy practices at openai.com/privacy
5.2 LibreView API (Abbott / Freestyle Libre)
With your explicit authorization, we connect to LibreView's API to import your continuous glucose monitoring data from Freestyle Libre devices. You must authenticate with your LibreView account to grant access. You may revoke this access at any time within the app settings.
5.3 Dexcom API
With your explicit authorization, we connect to Dexcom's API to import CGM data from Dexcom G6 and G7 devices. Authentication is handled directly by Dexcom's secure login. You may revoke access at any time.
5.4 Apple Health (HealthKit)
With your permission, we read from and write to Apple Health. You control exactly which data types are shared via Apple's HealthKit permission dialog. We do not share your Apple Health data with other third parties.
5.5 Payment Processing
In-app purchases and subscriptions are processed entirely by Apple (App Store) or Google (Play Store). We do not receive or store your payment card information.
5.6 Analytics (Optional)
We may use privacy-respecting analytics tools to understand how the app is used. See Section 11 for details.
6. CGM Data Handling
Continuous Glucose Monitor (CGM) data is particularly sensitive. Here is how we handle it:
- CGM data is imported from authorized device APIs (LibreView, Dexcom) only with your explicit permission
- CGM data is stored locally on your device and, if cloud backup is enabled, encrypted in our cloud
- CGM data is never shared with third parties except as required for app functionality
- CGM readings are estimates provided by device hardware — MettaTrackAI does not alter or modify these readings
- CGM data should not be used for clinical decisions without consulting your healthcare provider
7. Children's Privacy
MettaTrackAI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at admin@mettatrackai.com and we will delete it promptly.
8. Your Rights (GDPR & CCPA)
8.1 For All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct inaccurate personal data
- Deletion: Request that we delete your account and associated data
- Export: Export all your health data in CSV or PDF format directly from the app at any time
- Opt-out: Unsubscribe from marketing communications at any time
8.2 For EU/EEA Residents (GDPR)
If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including:
- The right to restrict processing of your personal data
- The right to data portability
- The right to object to processing
- The right to lodge a complaint with your local data protection authority
Our legal basis for processing your health data is your explicit consent, provided when you create an account and enable features. You may withdraw consent at any time by deleting your account.
8.3 For California Residents (CCPA)
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
- Know what personal information we collect, use, share, or sell
- Delete personal information we have collected
- Opt out of the sale of personal information — we do not sell personal information
- Non-discrimination for exercising your CCPA rights
To exercise your rights, contact us at admin@mettatrackai.com. We will respond within 45 days.
9. Data Retention
We retain your data as long as your account is active. If you delete your account:
- Your cloud backup data will be deleted within 30 days
- Anonymized, aggregated analytics data may be retained
- Data we are required to retain by law (such as certain financial records) will be retained for the legally required period
Data stored locally on your device is controlled entirely by you and is deleted when you uninstall the app or use the in-app data deletion feature.
10. HIPAA Notice
Important: MettaTrack LLC is not a Covered Entity or Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). The federal HIPAA regulations do not apply to our application. We handle your health data responsibly and with strong privacy protections, but these protections are governed by this Privacy Policy and applicable state and federal privacy laws — not HIPAA.
We are committed to protecting your health data. If you share data with a healthcare provider who is a HIPAA Covered Entity, that provider's HIPAA obligations apply to their use of the data you share with them.
11. Analytics
We may collect anonymized analytics data to understand how users interact with our app. This may include:
- Which features are used most frequently
- App session duration
- Crash reports and error frequencies
- Onboarding completion rates
This data is aggregated and anonymized — it cannot be linked back to individual users. If we use a third-party analytics provider, it will be listed here. You may opt out of analytics collection in the app's Settings menu.
Our website uses Google Analytics 4 to understand web traffic. You may opt out via the Google Analytics opt-out browser add-on.
12. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email (if you have provided one) at least 30 days before changes take effect
- Display an in-app notice for significant changes
Continued use of MettaTrackAI after the effective date of changes constitutes your acceptance of the updated policy.
13. Contact Us
For privacy questions, data requests, or concerns, please contact us:
- Email: admin@mettatrackai.com
- Website: www.mettatrackai.com
- Company: MettaTrack LLC
We aim to respond to all