Legal

Privacy Policy

Last updated: June 2026

🔒 GlucoTV is built with privacy first. We collect only what is necessary to deliver your glucose data and manage your account — nothing more.

What We Collect

GlucoTV collects only what is necessary to operate the service:

  • Your email address and authentication provider (when you create an account)
  • Your Dexcom credentials (encrypted with AES-256) and Share session token, or your Nightscout URL
  • Your most recent glucose readings and trend data
  • A unique session identifier for your paired device
  • Your subscription status and billing information (processed by Stripe — we never store card details)
  • Your display preferences such as units (mg/dL or mmol/L) and threshold settings — stored locally on your Roku device only

What We Do Not Collect

  • Your Dexcom password in plaintext — it is encrypted with AES-256 before being written to our database
  • Payment card details — these are handled entirely by Stripe and never touch our servers
  • Location data
  • Usage analytics or behavioral tracking data
  • Any data beyond what is listed above

Accounts

Creating an account is required to use GlucoTV. When you create an account we collect your email address and the authentication method you used (email/password or Google sign-in). This information is used solely to authenticate you and manage your subscription.

Account authentication is handled by Firebase Authentication (Google). Your password, if you use email/password sign-in, is never stored by GlucoTV — it is managed entirely by Firebase and is never visible to us.

Read-only view links you share with caregivers or teachers do not require an account and collect no personal information about the viewer.

Subscriptions & Billing

Subscription payments are processed by Stripe. When you subscribe, Stripe collects and stores your payment information. GlucoTV receives only a customer identifier and subscription status from Stripe — we never store or have access to your card number, expiry date, or CVV.

Your subscription status (active or inactive) is stored in our database associated with your account. You can cancel your subscription at any time through the account page.

Email Communications

We send transactional emails only — account verification, password reset, and subscription receipts. We do not send marketing emails unless you explicitly opt in. You can opt in or out of email updates at any time from your account settings.

How Your Data Is Used

Your CGM credentials are used solely to retrieve glucose readings and deliver them to your paired device. Your email is used only for authentication and transactional communications. We do not sell, share, or distribute your data to any third parties under any circumstances, except as required to operate the service (Firebase, Stripe) as described in this policy.

Dexcom Share

GlucoTV connects to Dexcom using Dexcom's Share feature — the same feature that allows caregivers to follow a person's glucose in real time. When you pair, you enter your Dexcom username and password directly in your browser over HTTPS.

Your credentials are encrypted using AES-256 (Fernet symmetric encryption) before being written to our database. The encryption key is stored separately in Google Secret Manager and is never co-located with your data. This means that even if our database were compromised, your credentials would be unreadable without the encryption key.

Decryption happens in-memory only when your Dexcom Share session token needs refreshing — typically every few hours. The plaintext credentials are used to obtain a new token from Dexcom and are immediately discarded. They are never logged or written anywhere in plaintext.

Nightscout

When connecting Nightscout, you provide your Nightscout site URL directly. GlucoTV uses this URL to poll your Nightscout instance for glucose readings and threshold settings. Your Nightscout URL is stored securely and used only to fetch your data. If you use a Nightscout API secret, it is stored encrypted and never exposed.

GlucoTV Screensaver Channel

The GlucoTV Screensaver is a separate Roku channel that reads your session identifier from your Roku device's local registry — the same session established when you paired the main GlucoTV channel. No additional data is collected by the screensaver channel beyond what is already collected by the main channel.

Data Storage

Session and account data is stored in Google Cloud Firestore hosted in the United States. Google Cloud infrastructure is SOC 2 compliant and encrypted at rest.

Your glucose reading history is retained per session for up to 24 hours to support extended chart views (3, 6, 12, and 24-hour history). Older readings are not stored long-term.

Display preferences such as units, threshold values, and alert settings are stored on the session in our database so that all viewers of a shared link see consistent settings. Roku device preferences (such as pairing codes) are stored locally on the device only.

Data Retention

Session data is automatically deleted after 90 days of inactivity. Account data is retained while your account is active. You can request deletion of your account and all associated data at any time by contacting support@glucotv.com or using the account deletion option in your account settings.

Third-Party Services

GlucoTV uses the following third-party services to operate:

  • Firebase Authentication (Google) — account authentication
  • Google Cloud Firestore — data storage
  • Google Cloud Run — backend infrastructure
  • Stripe — subscription billing
  • Gmail — transactional email delivery

Each of these services operates under its own privacy policy. GlucoTV shares only the minimum data necessary with each service to operate the application.

Security

All data is transmitted over HTTPS. Access tokens are stored encrypted. Session tokens are unique per device pairing and cannot be guessed or brute-forced due to their UUID format. API access is rate limited to prevent abuse.

Children's Privacy

GlucoTV is designed for use by parents, caregivers, and adults managing diabetes. Account creation requires you to be 18 years of age or older, or a parent or legal guardian creating an account on behalf of a minor. We do not knowingly collect personal information directly from minors.

Medical Disclaimer

GlucoTV is for informational purposes only and is not intended for use in medical treatment decisions. Always confirm glucose readings with an approved medical device and consult your healthcare provider before making any treatment decisions.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date. Continued use of GlucoTV after changes are posted constitutes acceptance of the updated policy.

Contact

For any privacy concerns, data deletion requests, or questions about this policy please contact us at support@glucotv.com