Last updated:
This policy explains what information the CGM Simulator Platform (“the Platform”, “we”) collects, why we collect it, and the choices you have. The Platform is an educational tool for simulating and exploring continuous glucose monitoring data; it is not intended for clinical decision-making or for storing real patient health records.
When you or an administrator create an account, we store your username, email address, first and last name, role (site administrator, hospital administrator, doctor, nurse, or patient), and the hospital you belong to. Passwords are never stored in readable form — they are kept only as a salted cryptographic hash.
Clinical users can create patient records (name, optional date of birth, gender, diabetes type, medical record number, and target glucose range) and glucose readings, which may be manually entered or generated by the simulator. You are responsible for ensuring you do not enter real, identifiable patient health information into this educational Platform.
To keep you signed in, we store a security token in your browser’s local storage. This is strictly necessary for the service to function. Our servers also produce standard operational logs (for example, error logs and access logs) used to keep the Platform secure and available.
We do not load any analytics unless you explicitly opt in through our cookie preferences. Analytics, if enabled, are limited to aggregated, non-identifying usage information used to improve the Platform.
We do not sell your information, and we do not use it for advertising.
Where the GDPR or UK GDPR applies, we process account and operational data on the basis of legitimate interests and performance of a contract (providing the service you requested). Optional analytics are processed only on the basis of your consent, which you may withdraw at any time.
The Platform uses browser local storage rather than tracking cookies. The only strictly necessary item is your authentication token (and a record of your cookie choices). Optional categories are off by default and require your opt-in. You can review or change your choices at any time using the Cookie Preferences control.
Account and record data are retained for as long as the account is active or as needed to operate the Platform. Administrators can deactivate accounts and delete patient records and readings. Operational logs are retained only as long as needed for security and maintenance.
We apply industry-standard safeguards, including hashed passwords, signed session tokens with server-side session invalidation, role- and hospital-scoped access controls, security HTTP headers, rate limiting on sensitive endpoints, and transport encryption (HTTPS). No system can be guaranteed perfectly secure, but we work to protect your information.
Depending on your location, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent for optional analytics. To exercise these rights, contact us using the details below or speak with your hospital administrator.
The Platform may be operated from, and data stored in, a country different from your own. Where required, we rely on appropriate safeguards for any cross-border transfer of personal data.
The Platform is intended for use by healthcare and educational professionals and is not directed to children. Patient records are created and managed by authorized clinical users, not by the patients’ own independent registration of sensitive data.
We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above, and — where appropriate — by re-requesting your cookie consent.
Questions about this policy or your data can be directed to your site administrator, or to the Platform operator at privacy@cgm-platform.local.
This Platform is provided for educational and demonstration purposes only and is not a medical device. Do not enter real, identifiable patient health information.