Go back
Legal

Privacy Policy

Version 17.0.0 • Last updated June 2, 2026

Terms of ServicePrivacy PolicyDisclaimer

365CGM.com Privacy Policy

Last updated: June 2, 2026

1. Overview

This Privacy Policy explains how 365CGM.com collects, uses, stores, and shares information when you use the service.

365CGM.com handles health-related information, including glucose readings and related event data. We treat that information as sensitive.

2. What we collect

Depending on how you use the service, we may collect and store:

  • your email address and account status;
  • session and authentication information;
  • encrypted Eversense and Nightscout connection settings that you provide;
  • glucose readings, timestamps, trend values, and related device connection state;
  • calibration, meal, insulin, exercise, and health event data imported through connected services;
  • monitor-link tokens you create for read-only sharing;
  • service logs, sync state, error details, import progress, and other operational telemetry necessary to run the service securely and reliably; and
  • support-related or administrative metadata needed to manage access and troubleshoot issues.

3. How we use information

We use information to:

  • authenticate you and manage your account;
  • retrieve, process, display, and sync glucose and related event data;
  • provide optional Nightscout delivery and read-only monitor sharing;
  • operate, secure, monitor, debug, and improve the service;
  • enforce product rules, including login protections and access controls; and
  • comply with legal obligations and respond to lawful requests.

4. Connected services and processors

365CGM.com may receive data from or send data to third parties you choose to connect with, including Eversense systems and Nightscout services. 365CGM.com requires users to authenticate with their own Senseonics User ID and password, as well as the CGM users', and with Nightscout to access their servers. An API is used to access and transfer CGM data. This information is stored temporarily for that purpose and may be modified or deleted at will using the Settings tab on the dashboard. The ID, passwords, and CGM data are never shared with any external service or used for any other purpose. The 365CGM.com website operates independently of the data transfer process once a Nightscout server is configured and online. Therefore, its webpage does not need to be displayed for the data transfer to be executed. This is an automatic process if the Senseonics and Nightscout servers are accessible and functioning. HTTPS (Hypertext Transfer Protocol Secure) encrypts communication between the user's browser and 365CGM.com, protecting data integrity and privacy.

The 365CGM.com website does not collect or require personal information from its users beyond the data necessary to provide access to the Senseonics and Nightscout servers; the companion app collects the device data described in Section 5. Access to the servers is made when there is likely to be new data to transfer or display, or when the website is launched or refreshed.

Those systems may change, fail, be unavailable, rate-limit requests, return incomplete information, or behave in ways that affect the data. 365CGM.com does not control those systems and cannot guarantee their performance.

Those providers operate under their own terms and privacy practices. We are not responsible for their independent privacy or security practices. Senseonics Privacy Notice can be found at https://www.eversensecgm.com/senseonics-privacy-notice, and their Conditions of Use at https://www.eversensecgm.com/conditions-of-use

We may also use infrastructure or service providers to host, process, secure, and deliver the application.

5. Mobile applications (365CGM Bridge)

365CGM.com offers a companion Android application, "365CGM Bridge," and an optional Wear OS watch component. This section describes how those apps handle information. The app requires a 365cgm.com account and a device token to function.

What the app reads from your devices. With your action and approval, the app connects to diabetes devices you operate and reads records from them:

  • insulin dose records from NovoPen pens (via NFC) and Medtronic InPen pens (via Bluetooth);
  • blood glucose readings from Ascensia CONTOUR NEXT ONE and Keto-Mojo GK+ meters (via Bluetooth); and
  • glucose values, trends, and related event data from Eversense CGM through the connection you have approved on your account.

These records may include device identifiers or serial numbers, timestamps, measurement values, insulin amounts, and battery status.

What the app does with that data. The app uploads these records to your 365cgm.com account and, if you choose to configure it, to a Nightscout server that you specify. Data is transmitted over encrypted connections (HTTPS). You may use an automatic mode, in which new records upload in the background, or a review mode, in which you approve each record before it is uploaded.

Data stored on your device. To authenticate to your account, the app stores a device token on the device using the operating system's encrypted storage. This token is the only credential the app holds at rest. It is created by you from your 365cgm.com account and can be revoked by you at any time.

Background operation. To capture readings while the app is not in the foreground, the app may run a foreground service that maintains a Bluetooth or NFC connection to your devices. Android displays a notification while this service is active.

Wear OS component. If you use a watch that supports Wear OS, the app can relay your current glucose value and trend to the watch over the local wireless connection to your phone so it can be displayed on the watch face or in a watch app. The watch component does not connect to the internet on its own and does not independently collect data.

6. Read-only monitor links

If you select and copy the "Read-Only Monitor Link" found on your dashboard, you are responsible for deciding whether to share it and with whom. Anyone with the link can view the information it exposes until it is disabled, because the page is not password-protected. The function of this link will stop working upon the next page refresh, wherever desired, by clicking the "Disable Link" on the Monitor tab under Settings. Upon selecting and copying another link, a new, unique link is generated.

The 365CGM.com webpage includes health-related glucose and event information of the user's CGM. Before sharing a monitor link, consider whether the recipient should have access to that information.

7. Security

We use reasonable technical and organizational measures to protect the service and the information it stores, including access controls, encrypted configuration handling, and operational monitoring.

However, no system can guarantee perfect security. You use the service with that understanding.

8. Sharing

The data the app handles is uploaded only to your own 365cgm.com account and, at your option, to a Nightscout server you control. It is not sold and is not shared with advertising networks, analytics providers, or other third parties. The app contains no advertising and does not use an advertising identifier.

9. Retention

You can request deletion of the data associated with your account through the account controls described elsewhere in this Policy. Removing the app from a device also removes the device token stored on that device.

We retain information for as long as needed to provide the service, maintain security, troubleshoot issues, support synchronization, enforce our terms, and comply with legal obligations.

If you delete your account, we will attempt to remove or de-identify retained information consistent with our systems, backups, logs, security needs, and legal obligations.

10. Your choices

You may be able to:

  • disconnect third-party integrations;
  • disable read-only monitor links;
  • stop using the service; and
  • request account deletion through the product.

You remain responsible for the settings and data you choose to connect and share.

11. Children

365CGM.com is not intended for children unless its use is managed by an authorized adult or guardian in compliance with applicable law and your care context.

12. HIPAA and regulated healthcare status

365CGM.com may handle sensitive health-related information, but the service is not represented in this document as a HIPAA-covered entity, business associate, or provider of Business Associate Agreements unless that is separately and explicitly established in writing.

Do not assume HIPAA rights, regulated healthcare obligations, or clinical service guarantees apply unless we expressly say so in a separate written agreement.

13. International use

If you use the service from outside the jurisdiction where it is operated, you understand that your information may be processed in other jurisdictions where privacy protections may differ.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we publish a new legal release, you may be required to review and accept the updated Privacy Policy before continuing to use the service.

15. Contact

If you have privacy questions, concerns, or requests, contact support@365CGM.com.