Zuki Health Privacy Policy

Effective Date: January 16, 2026
Last Updated: January 16, 2026

1. Introduction

Zuki Health ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application for Glycogen Storage Disease (GSD) management.

2. Information We Collect

2.1 Personal Information

• Name and email address
• Date of birth and gender identity
• Account credentials (securely hashed)

2.2 Health Information (Protected Health Information - PHI)

• Continuous glucose monitoring (CGM) data from Dexcom devices
• Blood glucose target ranges
• Glycogen Storage Disease (GSD) management events
• Glucose alert history

2.3 Usage Information

• Device information (iOS version, device model)
• App usage analytics (non-identifiable)
• Error logs and crash reports

3. How We Use Your Information

We use your information to:

• Display real-time glucose data and trends
• Generate alerts for out-of-range glucose levels
• Enable care coordination between patients and caregivers
• Improve app functionality and user experience
• Ensure platform security and prevent fraud

4. Information Sharing

4.1 With Your Consent

• Linked Caregivers: When you generate a share code and link a caregiver account, that caregiver can view your glucose data and schedule (read-only access)

4.2 Service Providers

• Firebase (Google Cloud): Hosts our database and authentication services
• Dexcom: Provides CGM data through their API
• All service providers are HIPAA-compliant and operate under Business Associate Agreements

4.3 We Never Sell Your Data

We will never sell, rent, or trade your personal or health information.

5. Data Security

We implement industry-standard security measures:

• Encryption in Transit: All data transmitted uses TLS 1.3
• Encryption at Rest: All stored data is encrypted using AES-256
• Authentication: Firebase Authentication with secure password hashing
• Access Controls: Role-based permissions (patient vs. caregiver)
• Firestore Security Rules: Strict database access controls
• Regular Security Audits: Ongoing monitoring and updates

6. Your Rights (HIPAA)

You have the right to:

• Access: View all your health information we store
• Amendment: Request corrections to your health information
• Accounting: Receive a log of disclosures of your information
• Restriction: Request limits on how we use/share your information
• Revocation: Withdraw consent for caregiver access at any time
• Deletion: Request deletion of your account and all associated data

To exercise these rights, contact: privacy@zukihealth.com

7. Data Retention

• Active Accounts: We retain your data while your account is active
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion
• Glucose Data: Retained per Dexcom's retention policy (typically 90 days)

8. Children's Privacy

Zuki Health is designed for minors with Glycogen Storage Disease (GSD) under parental supervision. Parents/guardians must create caregiver accounts to monitor their children's data.

9. Changes to This Policy

We will notify you of material changes via email and in-app notification. Continued use after changes constitutes acceptance.

10. Contact Us

Zuki Health
Email: zukihealth@gmail.com

Address: 753 McKee Trl Hinckley, OH 44233

For HIPAA-related inquiries:
Privacy Officer: Chase Fensore

Email: zukihealth@gmail.com