Privacy Policy for Sugar Sidekicks

Last Updated: November 19, 2025

Introduction

Sugar Sidekicks ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). The Sugar Sidekicks app helps children and families track nutritional information from meal photos.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.

Information We Collect

Personal Information You Provide

When you use Sugar Sidekicks, we collect the following personal information:

• Account Information: When you sign in with Google OAuth, we collect:
  • Your name
  • Your email address
  • Your profile picture (if provided by Google)
  • Google user ID (for authentication purposes)
• Meal Photos: Images of meals you capture using the app's camera feature
• Meal Descriptions: Optional text descriptions you provide about your meals

Automatically Collected Information

When you use the App, we automatically collect:

• Device Information: Device type, operating system version
• Usage Data: App features used, session duration, crash reports
• Authentication Tokens: Secure JWT tokens for maintaining your login session (stored locally on your device)

Information from Third Parties

• Google Account Information: We receive basic profile information from Google when you sign in using Google OAuth

How We Use Your Information

We use the information we collect to:

1. Provide Core Services:
   • Authenticate your identity and maintain your account
   • Analyze meal photos using AI to estimate nutritional content
   • Store your meal history for your personal reference
   • Display nutritional information and insights
2. Improve the App:
   • Understand how users interact with the app
   • Debug issues and improve performance
   • Develop new features and improvements
3. Communicate with You:
   • Send important updates about the app
   • Respond to your support requests
4. Ensure Security:
   • Protect against unauthorized access
   • Verify your identity
   • Prevent fraud and abuse

How We Share Your Information

We do NOT sell, rent, or trade your personal information. We may share your information only in these limited circumstances:

• Service Providers: We use third-party services to operate the app:
  • Google Cloud Platform: For authentication via Google OAuth
  • Amazon Web Services (AWS): For secure data storage (DynamoDB)
  • Anthropic Claude API: For AI-powered meal analysis
  • These providers are contractually obligated to protect your data
• Legal Requirements: We may disclose your information if required by law or to:
  • Comply with legal processes
  • Enforce our terms of service
  • Protect rights, property, or safety
• Business Transfers: If Sugar Sidekicks is acquired or merged, your information may be transferred to the new owner

Data Storage and Security

Security Measures

We implement industry-standard security measures to protect your information:

• Encryption in Transit: All data transmitted between the app and our servers uses HTTPS/TLS encryption
• Encryption at Rest: Your data is encrypted in our AWS DynamoDB database
• Secure Authentication: JWT tokens are stored securely on your device using expo-secure-store
• Limited Access: Only authorized personnel can access user data

Data Retention

• Account Data: Retained as long as your account is active
• Meal Photos & Analysis: Retained until you delete them or close your account
• Authentication Tokens: JWT tokens expire after 7 days and are automatically refreshed

Your Privacy Rights

Access and Portability

• You can access your meal history and account information within the app

Correction

• You can update your profile information through the Settings screen

Deletion

• You can request deletion of your account and all associated data by contacting us at privacy@sugarsidekicks.com
• We will delete your data within 30 days of your request

Opt-Out

• You can stop all data collection by uninstalling the app and requesting account deletion

Children's Privacy

Sugar Sidekicks is designed for use by children with Type 1 diabetes under parental supervision. We comply with the Children's Online Privacy Protection Act (COPPA):

• Parental Consent: We recommend that parents or guardians oversee children's use of the app
• Minimal Data Collection: We collect only the minimum information necessary to provide our services
• No Advertising: We do not display advertisements or collect data for advertising purposes
• No Third-Party Sharing: We do not share children's data with third parties except as described in this policy

Parents/Guardians: If you believe your child has provided us with personal information without your consent, please contact us at privacy@sugarsidekicks.com and we will delete the information promptly.

Third-Party Services

Google OAuth

We use Google Sign-In for authentication. Google's privacy policy applies to information collected during the sign-in process: https://policies.google.com/privacy

Anthropic Claude API

Meal photos are processed using Anthropic's Claude AI. Anthropic's privacy policy applies: https://www.anthropic.com/privacy

Amazon Web Services (AWS)

User data is stored in AWS DynamoDB. AWS's privacy policy applies: https://aws.amazon.com/privacy/

We do not control these third-party services and are not responsible for their privacy practices.

International Data Transfers

Your information may be transferred to and stored on servers located in the United States. By using the app, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Updating the "Last Updated" date at the top of this policy
• Displaying a notification in the app
• Sending an email to your registered email address

Your continued use of the app after changes become effective constitutes acceptance of the updated policy.

Do Not Track

Some browsers have "Do Not Track" features. Our app does not respond to Do Not Track signals as there is no standard for how to handle them.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@sugarsidekicks.com
• Website: https://www.sugarsidekicks.com

Legal Compliance

COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) for users under 13.

GDPR Compliance (if applicable)

For users in the European Union, you have additional rights under GDPR:

• Right to be forgotten
• Right to data portability
• Right to restrict processing
• Right to object to processing

To exercise these rights, contact us at privacy@sugarsidekicks.com.

California Privacy Rights

California residents have additional rights under CCPA. Contact us at privacy@sugarsidekicks.com for more information.