OneBella™ Privacy Policy

1. Introduction

Welcome to OneBella™ ("we," "our," or "us"). We are committed to protecting your privacy and the privacy of your children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

OneBella™ is a diabetes management application designed for individuals with Type 1 Diabetes (T1D) and their caregivers. We take special care to comply with the Children's Online Privacy Protection Act (COPPA) and implement safeguards consistent with the Health Insurance Portability and Accountability Act (HIPAA).

By using OneBella™, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account or use our App, we may collect:

• Account Information: Email address, username, password, name, date of birth, profile picture
• Health Information: Glucose readings, food logs, medication information, activity data, health goals
• Profile Data: Diabetes type, diagnosis date, insulin regimen, dietary preferences
• Location Information: City, state, GPS coordinates (for T1 Nearby™ map feature, with your permission)
• Device Integration Data: Dexcom CGM readings, Garmin activity/heart rate data (with your authorization)
• Communication Data: Messages sent through our chat/messaging features
• Parent-Child Linking: Information about parent-child relationships for COPPA-compliant guardian accounts

2.2 Information Collected Automatically

We automatically collect certain information when you use the App:

• Device Information: Device type, operating system, unique device identifiers, mobile network information
• Usage Data: App features used, time spent in app, interaction patterns, crash reports
• Log Data: IP address, access times, app errors, performance metrics

2.3 Information from Third-Party Services

We integrate with the following third-party services:

• Firebase Authentication: Google LLC (account management)
• OpenAI: OpenAI, Inc. (AI-powered food analysis and Bella AI assistant)
• Dexcom Share API: Dexcom, Inc. (continuous glucose monitoring data)
• Garmin Connect: Garmin Ltd. (activity and health data)
• Google Cloud Storage: Google LLC (profile picture storage)
• OpenStreetMap: OpenStreetMap Foundation (map and points of interest data)

Each service has its own privacy policy, which we encourage you to review.

3. How We Use Your Information

3.1 Provide Core Services

• Display glucose trends, patterns, and insights
• Analyze food photos using AI to estimate nutritional content
• Track gamification rewards (stickers, streaks, points) for children
• Connect you with the T1D community through T1 Nearby™
• Enable direct messaging between users
• Sync health data across your devices
• Provide personalized Bella AI assistance

3.2 Improve Our Services

• Analyze usage patterns to enhance app features
• Debug technical issues and improve performance
• Conduct research on diabetes management (only with your explicit consent)

3.3 Communicate with You

• Send important service announcements
• Respond to support requests
• Notify you of new features (if you opt-in)

3.4 Ensure Safety and Compliance

• Verify parental consent for users under 13 (COPPA)
• Monitor for inappropriate content or behavior
• Enforce our Terms of Service
• Comply with legal obligations

4. Children's Privacy (COPPA Compliance)

OneBella™ is designed for users of all ages, including children under 13. We comply with the Children's Online Privacy Protection Act (COPPA).

4.1 Parental Consent

• Users under 13 require verifiable parental consent before creating an account
• Parents must approve their child's account via a 6-digit verification code
• Parents can review, modify, or delete their child's information at any time through the Parent Dashboard

4.2 Age-Adaptive Features

• Children under 13: Limited features, no public community access, gamification enabled
• Teens 13-17: Limited messaging, parental oversight available
• Adults 18+: Full access to all features

4.3 Data We Collect from Children

For users under 13, we collect only the information necessary for the App's functionality:

• Account information (username, age, diabetes profile)
• Health data (glucose readings, food logs)
• Gamification data (stickers, points, streaks)
• Parent-child account linkage

4.4 Parental Rights

Parents have the right to:

• Review all information collected from their child
• Request deletion of their child's information
• Refuse further collection of their child's information
• Revoke consent and delete the child's account

To exercise these rights, contact us at: privacy@onebella.org

5. How We Share Your Information

We do not sell your personal information.

We share information only in the following circumstances:

5.1 With Your Consent

• When you choose to share information with other users (e.g., friend requests, messaging)
• When you authorize third-party device integrations (Dexcom, Garmin)

5.2 Service Providers

We share information with trusted service providers who help us operate the App:

• Firebase (Google LLC): Authentication, analytics
• OpenAI, Inc.: AI food analysis and chat assistance
• Google Cloud Platform: Data storage and hosting
• Neon Database: Secure health data storage

All service providers are contractually required to protect your information and use it only for specified purposes.

5.3 Legal Obligations

We may disclose information if required by law or in response to:

• Court orders or legal processes
• Requests from government authorities
• Protection of our rights, property, or safety
• Prevention of fraud or abuse

5.4 Business Transfers

If OneBella™ is acquired or merged with another company, your information may be transferred to the new owner.

6. Health Data and HIPAA

6.1 HIPAA Disclaimer

OneBella™ is not a covered entity under HIPAA. However, we implement safeguards consistent with HIPAA principles to protect your health information.

6.2 Encryption

• All health data is encrypted in transit (TLS/HTTPS)
• All health data is encrypted at rest (AES-256)
• Passwords are hashed using industry-standard algorithms

6.3 Medical Disclaimer

OneBella™ is not a medical device and is not intended to diagnose, treat, cure, or prevent any disease. Always consult with your healthcare provider before making medical decisions.

7. Data Retention

7.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide services.

7.2 Deleted Accounts

• Immediate: Account marked as deleted, access revoked
• 30 days: Data anonymized and removed from active systems
• 90 days: Complete deletion from backups

7.3 Legal Requirements

We may retain certain information longer if required by law or to resolve disputes.

8. Your Rights and Choices

8.1 Access and Correction

You can access and update your information through the App's Settings.

8.2 Data Deletion

You can request deletion of your account and all associated data:

• In-App: Settings → Account → Delete Account
• Email: privacy@onebella.org

8.3 Data Portability

You can export your health data in CSV/JSON format through the App.

8.4 Opt-Out of Communications

You can opt-out of non-essential communications in Settings.

8.5 Location Services

You can disable location services in your device settings. This will limit the functionality of T1 Nearby™.

9. Data Security

We implement industry-standard security measures:

• End-to-end encryption for sensitive health data
• Secure authentication via Firebase
• Regular security audits and updates
• Access controls and monitoring
• Automatic session timeouts

However, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

10. International Users

OneBella™ is based in the United States. If you use the App from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data protection laws.

By using OneBella™, you consent to the transfer of your information to the U.S.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
• Right to Non-Discrimination: We will not discriminate for exercising your rights

To exercise these rights, contact us at: privacy@onebella.org

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy in the App
• Sending an email notification (if you provided an email)
• Displaying an in-app notification

Your continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: privacy@onebella.org
Mail: OneBella™ Privacy Team, 1018 Moosehead Trail, Dixmont, Maine 04932
Phone: (207) 974-6027
Parent Inquiries (COPPA): parents@onebella.org

14. Third-Party Service Privacy Policies

We encourage you to review the privacy policies of our third-party service providers:

• Firebase: https://firebase.google.com/support/privacy
• OpenAI: https://openai.com/privacy
• Dexcom: https://www.dexcom.com/privacy-policy
• Garmin: https://www.garmin.com/en-US/privacy/
• Google Cloud: https://cloud.google.com/privacy
• OpenStreetMap: https://wiki.osmfoundation.org/wiki/Privacy_Policy

15. Consent

By using OneBella™, you acknowledge that you have read, understood, and agree to this Privacy Policy.

For users under 18: Your parent or legal guardian must review and consent to this Privacy Policy on your behalf.