Privacy Policy – Eaglenos CGM App

Privacy Policy for the Continuous Glucose Monitoring System Mobile Application (Eaglenos CGM App)

Last Updated: October 13, 2025

 

This Privacy Policy applies to Eaglenos sciences , Inc. and its affiliates (hereinafter referred to as “we,” “our,” or “us”) with respect to the Eaglenos CGM App.

This Privacy Policy governs all users located in Latin American countries, including but not limited to the Republic of Paraguay, who download, register, or use the App.

It aims to help you understand how we collect, use, store, transfer, and protect your personal information, and to inform you of your rights.

This Policy is specifically applicable to our services provided in Paraguay and other Latin American jurisdictions, drafted in accordance with:

The laws of the Republic of Paraguay, including Ley N° 6534/20 on Personal Data Protection;

Regional data protection frameworks inspired by the GDPR (European Union) and LGPD (Brazil);

And it is equally valid in Chinese, English, and Spanish.

In the event of any inconsistency, the English version shall prevail.

Please read this Privacy Policy carefully. Key sections are highlighted in bold.

By accepting or agreeing to this Privacy Policy, you:

 

Confirm that you have reached the legal age required to accept this Policy;

Agree to be bound by this Privacy Policy on your own behalf or on behalf of the person you lawfully represent;

 

Acknowledge that your use of our products and/or services is subject to this Policy.

 

If you have any questions, comments, or suggestions, please contact us at:

  • Email: support@eaglenos.com
  • Telephone: +86-400-019-0069
  • Registered Address: B2-2,73 Tanmi Road, Nanjing, Jiangsu, 210044, China

 

Table of Contents

 

 

Introduction

 

  1. How We Collect Your Personal Information

 

  1. How We Use Your Personal Information

 

  1. How We Store and Protect Your Personal Information (Including Cross-Border Transfers)

 

  1. Your Rights

 

  1. How We Handle Minors’ Personal Information

 

  1. Updates to This Privacy Policy

 

  1. How to Contact Us

 

  1. Definitions of Key Terms

 

  1. Data Controllers and Data Processors

 

  1. Automated Decision-Making

 

 

Introduction

 

We place great importance on protecting your privacy and personal data.

When you use our products and/or services, we may collect and use your information.

This Eaglenos CGM App Privacy Policy (“this Policy”) explains:

The types of personal information we collect;

The purposes and legal bases for such collection;

How you may access, correct, delete, or transfer your data; and

The measures we take to protect it.

Unless otherwise stated, we will not use your personal data for purposes other than those described in this Policy without your consent.

This Policy applies to all products and/or services provided through the Eaglenos CGM App (“our products and/or services”).

By continuing to use our services after we update this Policy, you indicate your acceptance of the revised version and consent to the collection, use, and protection of your personal data as described.

Please note that this Policy only applies to our services.

If you use third-party products or services that collect your personal data independently, please review their respective privacy policies carefully.

 

I. How We Collect Your Personal Information

We may collect your personal data through the following means:

  1. Information You Provide Directly

 

We collect and store information you voluntarily provide when using the Eaglenos CGM App — for example, when you fill out online forms, apply for products or services, contact us for support, or participate in activities.

This includes your contact details, health-related data, and activity records generated while using the App.

 

  1. Information We Collect Automatically

When you use the App (including while it runs in the background), we automatically collect data from your hardware devices, such as your smartphone or glucose monitoring sensor.

This includes, but is not limited to, blood glucose readings, device identifiers, and diagnostic logs.

 

  1. Information Obtained from Other Sources

With your prior consent, we may obtain your information from our affiliates, partners, or lawful third-party institutions that hold relevant data.

 

  1. Information Collected via Cookies and Similar Technologies

To optimize your user experience, we may use Cookies, web beacons, or pixel tags.

You can manage these through your browser settings. Disabling Cookies may affect some features or functionality.

 

(A) Services

  1. Registration, Login, and Verification

To create and verify your account, we collect and store your mobile phone number, which is used to send security codes and enable login.

If you refuse to provide this information, you cannot log in to the App.

The legal basis for this processing is performance of a contract and our legitimate interest in maintaining account security.

 

You may optionally provide additional information such as date of birth, height, weight, gender, and diabetes history to personalize services.

Such information is not mandatory; refusal will not affect your access to the App’s core functionality.

 

  1. Device Connection

To connect your glucose monitoring device, the App requires permissions to access:

Bluetooth (to detect and pair devices),

Device location,

Photo and camera access (for QR code scanning).

Without these permissions, blood glucose monitoring features may not function.

  1. Data Sharing

To enable you to share glucose data with family, friends, or healthcare professionals, we collect and store your connections and follower lists.

If you choose not to provide such data, sharing features will be unavailable.

 

  1. Report Generation

For the report feature, we collect your mobile number, device information (model, MAC address), and glucose readings.

The App requires network and file storage permissions to generate and send reports.

Refusing authorization will disable report generation but not affect other functions.

 

(B) Operational Security

To ensure the stability and security of our services, we may collect information (including in the background) such as:

 

Device model, MAC address, Wi-Fi usage address, operating system version, device status, and network condition;

Log data, IP address, and location;

URLs or actions identified as potentially risky.

This helps us diagnose system problems, analyze performance, and prevent fraud.

Refusal to provide such data may limit our ability to protect your account but will not affect other App features.

This processing is based on our legitimate interest in maintaining service integrity and security.

 

(C) Optional Features

To provide enhanced services and improve your experience, we may collect personal data through optional features:

Camera access: For scanning barcodes to bind devices or recording daily activities.

Gallery access: To upload profile photos or provide documentation for consultations.

Enabling these permissions authorizes us to collect and use corresponding personal data.

You can disable permissions at any time via device settings.

Disabling will not affect previously collected data.

 

(D) Processing Without Consent (Legal Exceptions)

Under applicable laws, we may process your personal data without consent in the following cases:

Where necessary to perform a contract with you;

Where required by law or to fulfill statutory obligations;

To respond to public health emergencies or protect life and property;

 

For news reporting or public interest purposes within legal limits;

For information you have lawfully and voluntarily disclosed; or

Other situations permitted by law.

 

II. How We Use Your Personal Information

 

We may use your personal information collected through the Eaglenos CGM App for the following purposes and on the legal bases described below:

  1. To Provide Our Products and/or Services

We use your personal information to provide, maintain, and improve our services, including:

Registering and authenticating your user account;

Connecting and managing your glucose monitoring devices;

Displaying, analyzing, and storing your glucose data;

Generating reports and visualizations for self-monitoring and professional consultation;

Providing technical support and responding to your inquiries.

The legal basis for this processing is the performance of a contract between you and us.

 

  1. To Ensure Service Security

We process relevant technical data to detect, prevent, and address:

Fraud, misuse, or security vulnerabilities;

System errors or abnormal activities;

Violations of this Privacy Policy or applicable law.

The legal basis for this processing is our legitimate interest in ensuring network and information security.

 

  1. To Communicate with You

We may send you:

Notifications about service updates, policy changes, or security alerts;

Customer support responses or technical notices;

Marketing or promotional materials (only with your explicit consent).

You may opt out of receiving non-essential communications at any time.

 

  1. To Conduct Data Analysis and Product Improvement

 

We may use de-identified or aggregated data to analyze usage trends, improve algorithm accuracy, and optimize device compatibility.

Where possible, we will anonymize or pseudonymize your information before analysis.

 

  1. To Fulfill Legal and Regulatory Obligations

 

We may process your information when required to:

Comply with national laws, court orders, or government requests;

Cooperate with medical device regulatory authorities or health agencies;

Fulfill our obligations under consumer protection or data protection laws.

 

  1. To Safeguard Public Interest or Individual Rights

 

We may process your personal data to protect your vital interests, public health, or the legitimate interests of others, provided such processing is in accordance with applicable laws.

 

  1. Use of De-Identified or Anonymized Information

 

Information that cannot identify you (e.g., anonymized statistical data) does not constitute personal data and may be used for research, statistics, or service improvement without further notice.

 

III. How We Store and Protect Your Personal Information

  1. Data Storage Location

 

Your personal information collected within the Eaglenos CGM App is stored securely on cloud servers located in the People’s Republic of China.

If data transfer to servers outside your jurisdiction (including cross-border transfers to Paraguay or other Latin American regions) becomes necessary, we will:

Obtain your explicit consent in advance;

Conduct an appropriate security assessment; and

Ensure compliance with applicable data transfer laws and international standards (e.g., GDPR, LGPD, Ley 6534/20).

 

  1. Data Retention Period

We retain your personal information only for the period necessary to achieve the purposes described in this Policy, unless a longer retention period is required or permitted by law.

When your data is no longer needed, we will securely delete or anonymize it.

Typical retention examples:

Account information: retained for the duration of account activity and deleted within 90 days after deactivation;

 

Glucose records: retained for the period required by medical or regulatory obligations, then anonymized;

Log data: retained for no more than 12 months unless required for security or legal reasons.

 

  1. Data Security Measures

 

We adopt a combination of technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction, including:

Encryption (in transmission and storage);

Access controls and multi-factor authentication;

Firewalls and intrusion detection systems;

Regular security audits and risk assessments;

Employee confidentiality training and access restrictions.

Despite these efforts, no online system can be entirely secure.

You understand that transmission of data over the internet involves inherent risks, and we cannot guarantee absolute security.

 

  1. Data Breach Notification

 

In the unlikely event of a data breach that may compromise your rights or privacy, we will:

Notify you promptly through in-app alerts, email, or other appropriate means;

Report to the competent data protection authority within the time required by law; and

Take immediate corrective measures.

 

  1. Data Transfer and Cross-Border Transmission

If it is necessary to transfer your personal information across borders (e.g., for cloud storage, customer service, or regulatory reporting), we will:

Inform you of the purpose, type, and destination country of the transfer;

Obtain your explicit, informed consent; and

Implement safeguards equivalent to those required under local and international data protection frameworks.

For users in Paraguay and Latin America, cross-border data transfers will comply with Ley 6534/20 and other relevant international agreements.

 

IV. Your Rights

 

Under applicable data protection laws (including GDPR, LGPD, and Ley 6534/20), you have the following rights regarding your personal data:

  1. Right to Access

You may request access to the personal information we hold about you and obtain a copy of such data in a commonly used format.

 

  1. Right to Rectification

 

If you discover that any of your personal information is inaccurate or incomplete, you may request correction or supplementation.

 

  1. Right to Deletion (“Right to Be Forgotten”)

You may request the deletion of your personal data where:

The information is no longer necessary for its original purpose;

You withdraw your consent;

The processing violates applicable laws; or

Other legal conditions for deletion are met.

If deletion is technically infeasible, we will anonymize your data instead.

 

  1. Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time.

Withdrawal will not affect the legality of prior processing but may impact the provision of certain features or services.

 

  1. Right to Restrict Processing

You may request restriction of processing in cases where:

You dispute the accuracy of your data;

The processing is unlawful but you prefer restriction over deletion; or

We no longer need your data but you require it to establish or defend legal claims.

 

  1. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.

 

  1. Right to Object

You may object at any time to our processing of your data for direct marketing, automated decision-making, or profiling purposes.

 

  1. Right to Lodge a Complaint

If you believe that your personal data has been processed unlawfully, you may file a complaint with:

Our Data Protection Officer (see Section VII below); or

The Data Protection Authority of the Republic of Paraguay (Dirección General de Protección de Datos Personales), or the competent authority in your jurisdiction.

 

V. Processing of Minors’ Personal Information

Protection of Minors’ Data

We highly value the protection of minors’ personal information.

The Eaglenos CGM App and related services are intended for adult users only.

Minors (under 18 years of age) must not register or use our services independently, regardless of parental consent.

 

Data from Minors

If we become aware that we have inadvertently collected personal data from a minor without verified parental or guardian consent, we will promptly delete such information.

For any identified user under 18 years old, personal data will only be processed with explicit consent from a parent or legal guardian, or otherwise deleted as soon as possible.

 

VI. Updates to This Privacy Policy

We may revise or update this Privacy Policy from time to time to reflect:

Changes in laws or regulatory requirements;

Adjustments to our products, services, or data processing practices; or

Improvements to user experience and security standards.

We will notify you of material changes through:

In-app notifications, pop-up messages, or version updates;

Prominent notices on our official website; or

Any other legally required method.

We will not reduce your rights under this Policy without your explicit consent.

If major revisions occur, we may re-obtain your consent before continuing data processing.

The “Last Updated” date at the top of this document indicates when this Privacy Policy was last revised.

 

VII. How to Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data protection practices, you may contact us through the following channels:

Customer Service Hotline: +86-400-019-0069

Email: support@eaglenos.com

 

Registered Address: Building B2-2, Treehouse 16, No.73 Tanmi Road, Jiangbei New District, Nanjing, Jiangsu Province, China

 

If you are unsatisfied with our response, or believe that our processing of your personal information infringes upon your legitimate rights, you may lodge a complaint with the competent Data Protection Authority in your jurisdiction, including the Dirección General de Protección de Datos Personales of Paraguay.

In case of unresolved disputes, both parties agree to first seek an amicable settlement through negotiation.

If such negotiation fails, either party may submit the dispute to the competent court in Asunción, Paraguay, unless otherwise required by applicable law.

 

VIII. Key Definitions

“Affiliates”

Refers to any company directly or indirectly controlled by, controlling, or under common control with Eaglenos sciences , Inc. (“we”, “us”, or “our”).

“Control” means possessing, directly or indirectly, the power to influence management or policies through ownership, voting rights, contract, or other lawful means.

“Personal Information”

Any information, recorded electronically or otherwise, relating to an identified or identifiable natural person, excluding anonymized data.

This definition aligns with the Personal Information Protection Law of the People’s Republic of China and Law No. 1682/01 of Paraguay.

Examples include but are not limited to:

Basic identifiers (e.g., name, gender, birth date, phone number, email);

Contact lists or communication records;

Online activity logs (e.g., browsing, app usage, click records);

Device identifiers (e.g., MAC address, IMEI, IDFA, Android ID).

 

“Sensitive Personal Information”

Data that, if leaked or misused, could endanger personal dignity or safety, such as health-related data (including glucose readings).

Such data is subject to enhanced protection measures and requires your explicit consent before processing.

 

“Data Controller”

The entity that determines the purposes and means of processing personal data.

In this Policy, Eaglenos sciences , Inc. is the Data Controller.

 

“Data Processor”

Any entity or individual that processes personal data on behalf of the Data Controller in accordance with written instructions and confidentiality obligations.

 

IX. Data Controller and Processors

 

Eaglenos sciences , Inc. is the data controller responsible for the collection, use, and protection of your personal information within the Eaglenos CGM App.

We may engage trusted third-party data processors to assist us in operating and improving our services (e.g., cloud hosting, analytics, message delivery).

All processors are contractually required to:

Process data only for purposes specified by us;

Comply with security and confidentiality obligations;

 

Implement adequate technical and organizational measures; and

Cooperate with us to uphold users’ rights under this Policy.

 

X. Automated Decision-Making

We may use automated processing of your data—such as glucose trend analysis—to generate insights, alerts, or personalized health suggestions.

However:

Such automated decisions do not produce legal or similarly significant effects on you;

You retain the right to request human review, express your opinion, and contest automated outcomes.

Currently, Eaglenos CGM App does not engage in fully automated decision-making that has material legal or comparable consequences for users.


 Annex – Third-Party SDK Integration List
The Eaglenos CGM App integrates specific SDKs to enable essential functionalities, such as push notifications.

Third-Party SDK Name

Purpose of Data Collection

Data Types Collected

SDK Provider Privacy Policy

Legal Basis for Sharing

Data Transfer Location

Jiguang SDK

Push notification services

Device identifiers (including MAC address), hardware info, basic system and network information

https://www.jiguang.cn/license/privacy

Contractual necessity / User consent

China



*Note:* SDK providers may update their privacy practices. Please refer to their latest policies for more details.

---
Effective Date: October 13, 2025  
Issued by: Eaglenos sciences , Inc.