GlycoSphere

Privacy Policy

Last updated: May 2026

GlycoSphere LLC ("GlycoSphere," "we," "our," or "us") is committed to protecting the privacy and security of personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our patient mobile application, our provider web platform, or interact with our services.

Information We Collect

We collect the following categories of information:

  • Health data — glucose readings, blood pressure measurements, weight, medication adherence, and other clinical readings collected via FDA-cleared monitoring devices.
  • Personal information — name, date of birth, address, phone number, email, Medicare ID, insurance information, and emergency contacts.
  • Device data — device identifiers, serial numbers, firmware versions, and connectivity logs from monitoring equipment.
  • Usage analytics — pages viewed, features used, session timestamps, and aggregated platform performance data.

How We Use Your Information

We use information to:

  • Provide Remote Patient Monitoring (RPM) and Chronic Care Management (CCM) services.
  • Enable clinical coordinators and supervising providers to review readings and document care.
  • Submit claims to Medicare and other payers under our organizational NPI.
  • Communicate with you about your care, device shipments, and program updates.
  • Improve our platform, troubleshoot issues, and maintain security.
  • Comply with legal obligations and respond to lawful requests.

Data Security & HIPAA

GlycoSphere maintains HIPAA compliance as a Covered Entity and/or Business Associate, depending on the context of services delivered. We implement administrative, physical, and technical safeguards required by the HIPAA Security Rule, including:

  • Encryption of Protected Health Information (PHI) at rest and in transit.
  • Role-based access controls and audit logging across all clinical systems.
  • Business Associate Agreements (BAAs) with every vendor that handles PHI on our behalf.
  • Workforce training, breach notification procedures, and regular risk assessments.

Sharing & Third Parties

We share information only as necessary to provide our services and as permitted by law. Key third-party processors include:

  • Supabase — database hosting and authentication infrastructure.
  • Tenovi — FDA-cleared cellular monitoring device platform.
  • Resend — transactional email delivery.

Each processor handling PHI is bound by a Business Associate Agreement. We do not sell personal or health information.

Data Retention

We retain information for as long as necessary to provide services, comply with HIPAA's minimum-necessary standard, and meet applicable state and federal record-retention requirements. When information is no longer required, we securely delete or de-identify it.

Your Rights & Choices

Subject to applicable law, you have the right to:

  • Access your personal and health information.
  • Request correction of inaccurate information.
  • Request deletion of information, subject to legal and regulatory retention requirements.
  • Receive an accounting of disclosures of your PHI.
  • File a complaint with us or with the U.S. Department of Health and Human Services.

To exercise any of these rights, contact us at the address below.

Children's Privacy

Our services are intended for adults enrolled in Medicare or under the direction of a licensed healthcare provider. We do not knowingly collect information from children under 13. If we learn that we have collected information from a child without appropriate consent, we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through our platform or by email. The "Last updated" date at the top reflects the most recent revision.

Contact Us

Questions about this policy or our privacy practices can be directed to:

GlycoSphere LLC
Atlanta, Georgia
Email: Fmuoka2001@gmail.com