Privacy Policy

Last updated: April 22, 2026 — clarified boundary: Stillra describes data, never interprets clinically.

Stillra is built by someone who lives with diabetes. This document describes exactly what information we collect, why, how we protect it, and how you access or delete it. No fluff.

Who we are

Stillra is operated by Carl Karjalainen Joels as the data controller. Contact: stillra@proton.me.

What we collect and why

• Email — for sign-in via one-time code (Supabase Auth). Not used for marketing.
• Dexcom Share or LibreLinkUp credentials (email/phone + password) — so we can fetch your glucose data from your sensor. Stored encrypted (AES-256-GCM). Used only to authenticate against Dexcom or Abbott.
• Glucose readings — fetched from your sensor and stored in our database to generate briefs and patterns over time.
• Saved notes — quotes you choose to save ahead of doctor's visits, with timestamp.
• Doctor's visit dates — so we can remind you ahead of appointments.
• Push token (Expo) — to send notifications when a brief is ready.

We do not collect: location, contacts, calendar, phone numbers beyond sign-in, payment information (none exists yet), or activity in other apps.

Legal basis

Processing is based on contract (GDPR Art. 6.1.b) — to deliver the service you signed up for. For health data (glucose) we request your explicit consent (Art. 9.2.a) when you connect your sensor. You can withdraw consent at any time by deleting your account.

Who we share data with

• Supabase (EU region, Frankfurt) — database and auth. ISO 27001 and SOC 2 Type II certified. DPA in place.
• Railway — backend hosting. SOC 2 Type II certified. DPA in place.
• Anthropic — we send an anonymized statistical summary of your glucose data (clustered numbers: medians, min/max, time intervals, percentage in target range) without timestamp-specific values, to their Claude model to generate Frida's briefs. The summary is designed so it cannot be linked back to you as an individual (not pseudo-anonymous — statistically aggregated). Data is not used to train the model.
• Expo — push notifications. They see the push token but no content beyond notification title and truncated brief text.
• Dexcom / Abbott — we authenticate against their API using your credentials. They therefore see that our server is communicating with their service.

We never sell your data. We never share with advertising networks. We do not use your data to train models, improve Stillra, or for any purpose beyond delivering the service to you. If this ever changes, we require explicit consent via updated Terms of Service before any such use occurs.

Where data is stored

All database data is stored in Supabase EU region (Frankfurt, Germany). Backend servers run via Railway (EU). Data only leaves EU/EEA when we send summaries to Anthropic (USA) for AI generation.

How long we keep it

• Glucose readings — kept as long as your account is active. When you delete your account, readings are deleted too.
• Brief cache — up to 30 days.
• Email + auth — as long as the account is active.
• Inactive accounts — if you haven't logged in for 12 months we send a notice; without reply within 30 days the account is automatically deleted.

Your rights

You have the right to:

• Get a copy of all your data — available in the app under "Export my data" (GDPR Art. 20).
• Delete your account and all data — available in the app under "Delete account" (GDPR Art. 17). Deletion is immediate and irreversible.
• Correct inaccurate information — contact us at the email above.
• Object to processing — email us.
• Complain to the Swedish Authority for Privacy Protection (IMY) if you believe we are handling your data incorrectly.

Security

• Dexcom/Libre passwords are encrypted in the database (AES-256-GCM).
• All traffic is over HTTPS.
• Row-Level Security in the database — a user cannot technologically access another user's data.
• Push notifications contain only your own brief text.

Cookies and tracking

This site (stillra.app and subdomains) uses no cookies for tracking or analytics. We have no social media pixels, no ad networks, no Google Analytics.

Stillra is not a medical product

Stillra is a wellness app that translates your CGM data into a human voice. Stillra is not a medical device under EU MDR 2017/745 and is not a substitute for your doctor or prescriptions.

In practice: Frida describes what your data shows — patterns, trends, deviations from your usual — but never makes clinical judgments about whether values are good or bad. Frida never provides treatment advice, dosage suggestions, or medication recommendations. Stillra's role is to make your data understandable in everyday life and build the bridge to your doctor — not to replace the one who interprets.

Always make your medical decisions in dialogue with your care provider.

Changes to this policy

If we change anything material in how we handle data, we notify you by email before the change takes effect. Minor language adjustments may happen continuously; the latest update date is at the top.

GDPR requests

To exercise your rights under GDPR (export, deletion, correction, objection to processing), email stillra@proton.me with "GDPR" in the subject line and I will prioritize the request and respond within 30 days (usually much faster).

Contact

Other questions? Send to stillra@proton.me. I reply personally.