GlycemicGPT

Privacy Policy

GlycemicGPT is a privacy-first, open-source project. This page explains what happens to your data on this website and in the self-hosted platform.

Last updated: May 27, 2026

This website

The GlycemicGPT website (glycemicgpt.org) is a static, open-source site. It sets no advertising or tracking cookies, runs no third-party analytics, and does not build a profile of visitors. We do not sell, rent, or share visitor information, because we do not collect it. See our Accessibility Statement for related commitments.

The site is served as static files. The hosting provider may keep standard, short-lived server access logs (such as IP address and requested URL) for security and abuse prevention, as is typical for any website. We do not use those logs to track or identify individual visitors.

In production: nothing is centralized

GlycemicGPT is self-hosted software. Your data — glucose readings, insulin and pump data, AI chat, settings, and credentials — lives entirely in the database on infrastructure you control. The platform does not phone home, collect telemetry, or transmit your data to the project or any third party.

The only outbound calls a running platform makes are the ones you configure: your AI provider, your Dexcom or Tandem cloud account, your Telegram bot, and your reverse proxy. Whether your health data leaves your own infrastructure is determined by those choices, not by the platform itself. See the Medical Disclaimer for how this applies to third-party AI providers.

Error monitoring: the project’s own development only

The project uses Sentry (donated through Sentry for Good) for error monitoring in its own development, CI, and staging environments — to catch crashes before they reach a release.

No build the project distributes phones home. The Sentry connection string is supplied only via an environment variable in maintainer-controlled environments; it is never baked into any published Docker image, web bundle, or Android APK — production or pre-release. A build you pull and run reports nothing to the project’s Sentry. The project never enables Session Replay, log ingestion, or event attachments on any project-operated instance.

An error report from the project’s own environments contains:

An error report never contains:

Controlling error monitoring in your deployment

Distributed builds carry no Sentry connection string, so a build you pull and run reports nothing to anyone — there is no project telemetry to disable. If you want error monitoring for your own self-hosted deployment, you can set your own connection string; reports then go to your account, never the project’s.

Your rights

Because the project does not hold your personal or health data, requests to access, correct, export, or delete that data are satisfied directly within your own self-hosted deployment, which includes built-in data export and purge controls. For data held by the third-party services you connect (your AI provider, CGM or pump cloud, etc.), exercise your rights with those providers under their own policies.

Privacy questions

Privacy is load-bearing for this project and reports are taken seriously. For sensitive concerns, use GitHub Security Advisories. For general privacy questions, open a GitHub issue or reach us via the channels on our Contact page.