1. Introduction
Welcome to Sugar.no by Intendum LTD.
This Privacy Policy explains how we collect, use, and protect your personal and health data when you use our Service.
By accessing or using the Service, you agree to the collection and use of your data as described in this policy.
2. Scope of this Privacy Policy
This Privacy Policy applies to:
The mobile application ("App")
Our websites (including sugar.no, our blog, and social media)
All related services, features, and content (collectively, the “Services”)
It explains how we collect, use, and protect your personal data, as well as the rights you have concerning the information we hold about you.
3. Information We Collect
Personal Information: Name, email, and payment details
Health Data: CGM (Dexcom) integrations, Apple Health (e.g., glucose levels)
Usage Data: IP addresses, browsing activity, platform interactions
Camera/Photo Access: With permission, if you upload photos or videos
4. User Consent for Health Data
By using our Service, you explicitly consent to the collection and processing of your health data (e.g., glucose data from CGM devices).
You can withdraw your consent at any time via app settings.
5. Use of Your Information
We use your data to:
Provide, personalize, and improve the Service
Communicate updates and promotions
Analyze user activity and troubleshoot issues
6. Aggregated Data
We may anonymize or de-identify data for research and analysis.
This information may be shared with trusted third parties but will not identify individual users.
7. Cookies and Tracking Technologies
We use cookies to enhance your experience and analyze usage.
You can manage cookie settings through your browser.
8. Children’s Privacy
The Service is not intended for individuals under 16.
We do not knowingly collect personal data from children under 16.
If discovered, such data will be deleted immediately.
9. Data Retention
We retain data only as long as necessary for the purposes outlined in this policy or as required by law.
10. Data Sharing
We do not sell your data.
We may share it with trusted third-party providers (e.g., cloud storage, customer support, analytics, payment processors, AI service providers).
Data shared for AI/analytics (e.g., Google Cloud) is only used to power features, not to train external models.
Data may be shared to comply with legal obligations or during business transfers (merger, acquisition).
11. Data Deletion Request
You may request deletion of your personal and health data by contacting info@sugar.no.
We will take appropriate action, subject to legal retention requirements.
12. Security of Your Information
We use industry-standard security measures.
However, no system is completely secure, and data transmission is at your own risk.
13. Third-Party Services
Sugar.no integrates third-party services (payment, analytics, etc.).
Their privacy policies apply.
Anonymous data may be shared with analytics providers (e.g., Google Analytics).
You may opt out via browser settings or provider tools.
14. International Data Transfers
Your data may be stored outside your jurisdiction (including outside the EU or California).
We comply with applicable laws using safeguards such as standard contractual clauses.
15. Your Data Protection Rights
Depending on location, you may have the right to:
Access, correct, or delete data
Restrict or object to processing
Withdraw consent
GDPR (EEA Users): Access, correct, delete, portability, withdraw consent.
CCPA (California Users): Right to know, delete, opt-out. Sugar.no does not sell your data.
16. HIPAA Compliance (Health Data)
Sugar.no is not a HIPAA-covered entity.
We are not a healthcare provider, insurer, or clearinghouse.
We safeguard health data under applicable privacy laws.
17. Legal Basis for Data Processing
We process data based on:
Your consent
Contractual necessity (e.g., payments/refunds)
Legitimate interests (e.g., improving the Service)
Legal obligations
18. Updates to Privacy Policy
We may revise this Privacy Policy.
Updates will be posted with a new effective date.
Continued use of the Service = acceptance of changes.
19. Notification of Data Breaches
If a data breach occurs, we will notify you in accordance with applicable law (within 72 hours under GDPR if required).
20. Security and Compliance
All user data is protected in line with current information security standards.
21. Security Measures
We implement:
Encryption (in transit & at rest)
Role-based access controls
Regular security audits
Secure cloud infrastructure
22. Marketing Communications
We may send promotional updates.
You can unsubscribe anytime.
23. Data Accuracy
You are responsible for keeping your information accurate and updated.
24. Your Choices Regarding Data
You can:
Opt out of marketing
Update or request deletion of data
25. Data Subject Requests
To exercise rights, contact info@sugar.no.
26. Business Transfers
In the event of a merger, acquisition, or sale, your data may be transferred.
27. User Responsibility
You are responsible for account confidentiality and must notify us of unauthorized access.
28. Governing Law
This Privacy Policy is governed by the laws of Cyprus.
Disputes will be resolved under these laws.
29. Complaints
If you believe your privacy rights have been violated, you may:
File a complaint with your local data protection authority
Contact us directly
30. Contact Us
INTENDUM LTD
Vasili Michailidi 9
3026 Limassol, Cyprus
Tel: +357 25262283
Email: info@sugar.no