Privacy Policy

Last reviewed and updated: 30 March 2026

1. Who We Are

The Glucose Never Lies® is operated by The Glucose Never Lies Ltd, a company registered in England and Wales (Company No. 15039619), whose registered office is in Birmingham. We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are registered with the UK Information Commissioner’s Office (ICO) as a data controller.

Contact: john@theglucoseneverlies.com

2. What Data We Collect and Why

2a. Registered User Accounts

When you register to access the GNL Explorer Suite, we collect and store:

  • First name and last name
  • Email address
  • Date of birth (to verify you are aged 18 or over)
  • User type (person with type 1 diabetes; parent/guardian; healthcare professional; or other)
  • Mode preference (how you prefer to receive information)
  • Care team declaration (whether you are under diabetes specialist care)
  • Attestation confirmation (your confirmation that you understand the explorers are educational tools, not medical advice)
  • A session token used to authenticate your access during an active session

Lawful basis: Contract — this data is necessary to provide access to the GNL Explorer Suite and to fulfil the terms you agree to on registration.

We do not store any glucose readings, CGM data, insulin doses, or clinical outcomes. Explorer inputs are processed transiently to generate educational outputs and are not stored or retained.

2b. Newsletter and Email Updates

If you subscribe to GNL email updates, we collect your email address and first name via our email marketing platform (Mailchimp). We also add registered Explorer users to our mailing list as part of the registration process, with your consent.

Lawful basis: Consent — you can unsubscribe at any time using the link in any email.

2c. Website Analytics

We use Google Analytics 4 (GA4) to understand how our website is used. IP addresses are anonymised. We do not use advertising features or build individual profiles from analytics data.

Lawful basis: Legitimate interests — understanding site usage allows us to improve our educational content.

2d. Contact Correspondence

If you contact us by email or through our contact form, we retain the content of that correspondence to respond to your enquiry.

Lawful basis: Legitimate interests / contract.

2e. Podcast Listener Data

We receive anonymised download statistics from our podcast hosting platform (Buzzsprout). No identifiable data about individual listeners is collected or retained.

Lawful basis: Legitimate interests.

3. What We Do NOT Collect

  • No glucose readings, CGM data, or continuous monitoring outputs
  • No insulin dose records at individual level
  • No clinical or medical records of any kind
  • No special-category data under UK GDPR Article 9 (genetic, biometric, health data)
  • No advertising identifiers or cross-site tracking cookies
  • No data from users under 18 (age is verified at registration; under-18s cannot register)

Explorer tools accept inputs (such as activity type or therapy regimen) transiently for the purpose of generating educational outputs. These inputs are passed to our calculation API, a response is returned, and the data is not stored or retained by GNL or our API provider.

4. How Long We Keep Your Data

Data categoryRetention period
Registered user accountsUntil you request deletion of your account
Newsletter subscriptionsUntil you unsubscribe
GA4 website analytics26 months (GA4 default)
Contact correspondence24 months after enquiry resolved
Explorer session inputsNot retained — transient processing only

5. Who We Share Your Data With

We do not sell your personal data. We share data only with the processors listed below, each of whom is bound by a Data Processing Agreement (DPA) and complies with UK GDPR:

ProcessorPurposeData shared
Amazon Web Services (Lightsail)Website hostingAll website and account data (server-side)
Laravel ForgeAPI calculation engine hostingExplorer inputs/outputs (transient only)
Mailchimp (Intuit Inc.)Email marketing and transactional email to registered usersEmail address, first name, subscription tags
Brevo (Sendinblue)Transactional email delivery (email verification, password reset)Email address, verification/reset link
Google Analytics 4Anonymised website analyticsAnonymised session data; IP anonymised at point of collection
BuzzsproutPodcast hostingAnonymised download statistics only

6. Security

  • All GNL web traffic is served over HTTPS (TLS encryption)
  • API keys are never exposed in browser-facing files — they are injected server-side
  • Server access is restricted to SSH key authentication — no password login
  • WordPress and all plugins are kept up to date
  • Email verification is required before any account becomes active
  • Session tokens are stored in browser localStorage and expire on logout

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — ask us to delete your account and associated data
  • Right to restriction — ask us to pause processing your data
  • Right to data portability — request your data in a portable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — unsubscribe from emails at any time; withdraw consent for analytics via your browser settings

To exercise any of these rights, contact: john@theglucoseneverlies.com. We will respond within 30 days.

8. Complaints

If you believe we have handled your personal data incorrectly, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

We would appreciate the opportunity to address any concerns directly before you contact the ICO.

9. Changes to This Policy

We review and update this policy when our data practices change. The date at the top of this page shows when it was last updated. Significant changes will be communicated to registered users by email.

The Glucose Never Lies Ltd — Company No. 15039619
Registered in England and Wales
ICO registered data controller
Contact: john@theglucoseneverlies.com
Verified by MonsterInsights