HomePoliciesSoftwareDiabetes Diet & Health TrackerPrivacy Notice
Diabetes Diet & Health Tracker

Privacy Notice

Last updated: 19 March 2026

This Privacy Notice explains how 2 Bears Software Limited (“we”, “us”, or “our”) handles information when you use the Diabetes Diet & Health Tracker mobile application (the “App”).

We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including (where applicable) the UK GDPR, EU GDPR, Data Protection Act 2018, CCPA/CPRA, PIPEDA, Australia’s Privacy Act, Brazil’s LGPD, India’s DPDPA 2023, and other equivalent privacy standards.

The App is designed so that all personal health data stays on your device and is never transmitted to us.

1. Who We Are

2 Bears Software Limited
Email: 2BearsSoftware@gmail.com
Website: https://www.2bearssoftware.co.uk
App package: com.twoswbears.diabeteshealthtracker

For the purposes of UK GDPR and EU GDPR, 2 Bears Software Limited is the data controller.

2. What This App Does

Diabetes Diet & Health Tracker is a personal health management application that allows users to log, monitor, and review:

  • Blood glucose (blood sugar) readings
  • Blood pressure readings (systolic, diastolic, pulse)
  • Body weight
  • Food diary entries and nutritional estimates
  • Medication name, dosage, and schedule
  • Physical activity, step counts, and exercise sessions
  • Sleep duration
  • Symptoms and general health notes
  • Timeline and export of all logged data

All primary data is stored locally on your device. We do not operate servers that store your personal health data.

3. Special Category Health Data

Blood glucose readings, blood pressure, weight, medication, activity, and sleep data constitute special category personal data under Article 9 of UK GDPR and EU GDPR (data concerning health).

Legal basis for processing: We process this data solely on the basis of your explicit consent (Article 9(2)(a) UK/EU GDPR), given when you first open the App and choose to enter your data. You may withdraw consent at any time by deleting your data or uninstalling the App.

We do not use your health data for advertising, profiling, or any purpose other than displaying it back to you within the App.

4. Data Stored Locally on Your Device

The following data is stored in a local Room (SQLite) database on your device only:

  • Blood glucose — Date, time, value, unit (mmol/L or mg/dL), context (fasting etc.), notes
  • Blood pressure — Date, time, systolic, diastolic, pulse, context, notes
  • Weight — Date, value, unit
  • Food diary — Date, time, meal type, food items, nutritional estimates
  • Medication — Date, time, medication name, dosage, unit, notes
  • Activity — Date, time, type, steps, duration, distance, calories, notes
  • Symptoms — Date, time, symptom list, severity, notes
  • Settings — Preferred units, blood sugar target range, step goal, sleep goal, patient name (optional), display preferences

This data never leaves your device unless you explicitly use the Export feature to create a file you choose to share.

5. Camera and On‑Device Image Processing

The App requests camera permission to scan food labels and barcodes. This feature:

  • Captures images only when you actively press the capture button or double‑tap the viewfinder
  • Processes images entirely on‑device using Google ML Kit (text recognition)
  • Does not upload images to any server
  • Does not retain images after processing; no photos are saved to your gallery or our servers

6. Food and Barcode Data — Open Food Facts

When you scan a barcode, the App queries the Open Food Facts API (openfoodfacts.org) to retrieve product nutritional information. This involves:

  • Sending the barcode number only to openfoodfacts.org servers
  • No personal or health data is sent to Open Food Facts
  • The query is made from your device’s IP address directly to Open Food Facts

Open Food Facts data is made available under the Open Database Licence (ODbL). We are grateful to the Open Food Facts community for their open data.

Our API requests identify the App using the User‑Agent: DiabetesHealthTracker/1.0 (Android; https://www.2bearssoftware.co.uk; 2BearsSoftware@gmail.com) as required by Open Food Facts’ usage policy.

Retrieved product data may be cached locally on your device to reduce repeated lookups.

7. Health Connect Integration

On Android 9 and above, the App can optionally read data from Android Health Connect (Google’s on‑device health data platform). If you grant permission, the App may read:

  • Step count — to show your daily steps without requiring manual entry
  • Sleep sessions — to display last night’s sleep duration
  • Active calories burned — to complement manually logged activity

Health Connect permissions are entirely optional. The App functions fully without them. You may revoke Health Connect permissions at any time via Android Settings > Apps > Health Connect.

We do not write any data to Health Connect. We do not share Health Connect data with third parties. Health Connect data is used only to display summary information within the App on your device.

This App’s use of Health Connect complies with Google Play’s Health Connect permissions policy.

8. Step Counter (Device Sensor)

The App requests the ACTIVITY_RECOGNITION permission to read your device’s built‑in step counter hardware sensor. This is used to:

  • Provide a live step count during tracked exercise sessions
  • Sync your daily step total in the background (approximately every 30 minutes via Android WorkManager)

Step data is processed on‑device and stored locally. No step data is transmitted to us or third parties.

9. Biometric Authentication

If you enable the biometric lock feature, the App uses your device’s biometric hardware (fingerprint, face recognition) via Android’s BiometricPrompt API. We never access, store, or transmit your biometric data. Authentication is handled entirely by the Android operating system.

10. Background Processing

The App uses Android WorkManager to schedule periodic background tasks (approximately every 30 minutes) to update your step count from the device sensor. This runs only on your device and does not involve any network communication.

11. Data We Do NOT Collect

We explicitly confirm that we do not:

  • Collect or transmit your health data to our servers
  • Use analytics SDKs (e.g. Firebase Analytics, Mixpanel)
  • Use advertising SDKs or serve advertisements
  • Share your data with third parties for marketing or profiling
  • Store any data in the cloud on your behalf
  • Track your location

12. Data Retention and Deletion

All data is stored locally on your device for as long as the App is installed. You can:

  • Delete individual entries from within the App at any time
  • Delete all data by uninstalling the App, which removes the local database
  • Export your data using the Export feature before deletion if you wish to keep a copy

We hold no copies of your data on our systems, so there is nothing for us to delete on our end.

13. Data Export

The App includes an Export feature that creates a file (e.g. CSV or similar) containing your logged data. This file is created on your device. You choose if and how to share or store it. We have no visibility of exported files.

14. Children’s Privacy

This App is not directed at children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal data from children. If you believe a child has entered data into this App, please contact us and uninstall the App from their device.

15. Medical Disclaimer

This App is not a medical device and does not provide medical advice. It is a personal logging tool only. Always consult a qualified healthcare professional regarding your health, medication, and treatment decisions. Do not make medical decisions based solely on data or trends displayed in this App.

16. Your Rights Under UK GDPR and EU GDPR

As a data subject you have the following rights. Because all data is stored locally on your device, most of these rights are exercised directly within the App:

  • Access — View all your data within the App at any time
  • Rectification — Edit any entry within the App
  • Erasure — Delete individual entries or uninstall the App to erase all data
  • Restriction — Stop entering data; the App does not process data you do not provide
  • Portability — Use the Export feature to obtain a copy of your data
  • Object — Uninstall the App
  • Withdraw consent — Uninstall the App or delete your data

To exercise any right that requires our assistance, or to raise a concern, contact us at 2BearsSoftware@gmail.com.

If you are in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

If you are in the EU, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

17. California Residents — CCPA / CPRA

We do not sell or share your personal information. We do not use your personal information for cross‑context behavioural advertising. You have the right to know, delete, and opt out of sale/sharing of personal information. To exercise these rights, contact us at 2BearsSoftware@gmail.com.

18. Canadian Residents — PIPEDA

We collect only the personal data you choose to enter into the App, for the sole purpose of displaying it back to you. We do not share it with third parties. You may request access to or deletion of your data by contacting us.

19. Australian Residents — Privacy Act 1988

We handle personal information in accordance with the Australian Privacy Principles. You have the right to access and correct personal information we hold. Contact us at 2BearsSoftware@gmail.com.

20. Brazilian Residents — LGPD

We process your personal data on the basis of your consent (Art. 7, I, LGPD) and, where applicable, for the protection of health (Art. 7, VII, LGPD). You have the rights of confirmation, access, correction, anonymisation, deletion, portability, and information about sharing. Contact us to exercise these rights.

21. Indian Residents — DPDPA 2023

We process personal data only for the purposes described in this notice and only with your consent. You have the right to access information, correct inaccuracies, and withdraw consent. Contact us at 2BearsSoftware@gmail.com.

22. International Data Transfers

Your health data is stored locally on your device and is not transferred internationally by us. The only external service contact is:

  • Open Food Facts (barcode lookups) — servers operated by the Open Food Facts non‑profit, subject to their own privacy policy at https://world.openfoodfacts.org/privacy
  • Health Connect — data remains on‑device; governed by Google’s Android platform policies

23. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. The current version will always be available at the URL shown at the top of this document. Significant changes will be noted in the App’s release notes. Continued use of the App after a change constitutes acceptance of the revised notice.

24. Contact Us

If you have any questions about this Privacy Notice or our data practices, please contact:

2 Bears Software Limited
Email: 2BearsSoftware@gmail.com
Website: https://www.2bearssoftware.co.uk

For privacy‑related enquiries, please include “Privacy — Diabetes Diet & Health Tracker” in the subject line.