Skip to Content
Privacy

Privacy Policy

Last updated: 31 May 2026

This Privacy Policy explains how Tirlio processes personal data when you use the Tirlio app or this website. It applies in addition to the Swiss Data Protection Act (DSG), the EU General Data Protection Regulation (GDPR) for users in the EEA, and applicable US laws (including the CCPA/CPRA) for users in the United States.

Tirlio processes health data (e.g. glucose readings, insulin doses, meals). This is a special category of personal data. We process it only with your explicit consent and with heightened safeguards.

1. Controller

Tirlio, a sole proprietorship owned by Michael Habegger, Rietstrasse 25, 8634 Hombrechtikon, Switzerland. Email: privacy@tirlio.app. An EU representative (Art. 27 GDPR) and UK representative will be designated where legally required and listed here.

2. Data we process

Account and profile data: email address, name (if provided), sign-in identifiers when using Sign in with Apple or Google login, account settings.

Health and CGM data: continuous glucose readings (CGM, e.g. via Medtronic CareLink), insulin doses/boluses, carbohydrates and meals, meal photos, and, if you enable it, Apple Health data (workouts, sleep, heart rate, HRV, steps, menstrual cycle).

Usage and device data: push notification device token, technical logs, crash and error reports, app version, aggregate usage statistics.

Communication data: the content of any support requests you send us.

3. Purposes and legal bases

Providing the app (account, sync, displaying your trends): performance of the contract, Art. 6(1)(b) GDPR.

Processing health data and AI analysis (pattern detection, photo carb estimation, daily observations, Ask Tirlio): your explicit consent, Art. 9(2)(a) together with Art. 6(1)(a) GDPR. You may withdraw this consent at any time with effect for the future.

Security, troubleshooting, abuse prevention: legitimate interest, Art. 6(1)(f) GDPR.

Communication and legal obligations: Art. 6(1)(b), (c) and (f) GDPR. In Switzerland, processing of sensitive data relies on your consent under the DSG.

4. AI-assisted analysis

To analyse your data (e.g. meal photo recognition, written observations and answers to your questions), we transmit the necessary content to our AI provider Anthropic, PBC (USA), which provides the Claude models. The transmission is encrypted and carried out under a data processing agreement. Anthropic does not use content submitted via its API to train its models. The AI produces descriptive observations only. It does not provide diagnoses, treatment or dosing recommendations.

5. Recipients and processors

We do not sell your data. We use carefully selected providers that process on our behalf and on our instructions:

  • Hetzner Online GmbH (Germany): hosting and data storage; servers in the EU.
  • Anthropic, PBC (USA): AI-assisted analysis (see section 4).
  • Functional Software, Inc. (Sentry) (USA): error and crash diagnostics.
  • Resend (Plus Five Five, Inc.) (USA): transactional email delivery.
  • Apple Inc.: push notifications (APNs) and Sign in with Apple.
  • Google LLC: only when you use Google login.
  • Medtronic / CareLink: source of CGM data, where you authorise the connection.

6. International transfers

Your data is primarily stored in the EU (Germany). Some providers (notably Anthropic, Sentry, Resend, Apple, Google) process data in the USA. We base such transfers on appropriate safeguards, in particular the EU Commission Standard Contractual Clauses and, where applicable, the EU-US and Swiss-US Data Privacy Framework. A copy of the safeguards is available on request.

7. Retention

We retain your data for as long as your account exists. You can delete your data and your account at any time in the app; afterwards your personal data is deleted or anonymised unless statutory retention obligations apply. Technical logs are kept only briefly.

8. Security

Data is transmitted using encryption (TLS) and sensitive data is also encrypted at rest. Access is limited to the necessary minimum. As with any online processing, absolute security cannot be guaranteed.

9. Your rights

You have the right to access, rectification, erasure, restriction of processing, data portability and objection. You may withdraw any consent at any time with effect for the future. Contact us at privacy@tirlio.app. You may also lodge a complaint with a supervisory authority: in Switzerland the Federal Data Protection and Information Commissioner (FDPIC), in the EEA your local data protection authority.

10. Apple Health

Apple Health data is read only with your explicit authorisation and used solely to provide the app features. We do not use Health data for advertising and do not share it for advertising purposes.

11. Children

Tirlio is intended for adults and is not directed to persons under 18. We do not knowingly collect data from minors.

12. Cookies / website

This website uses only strictly necessary cookies. See our Cookie Policy.

13. Notice for US residents (CCPA/CPRA)

We do not sell your personal information and do not share it for cross-context behavioural advertising. You have the right to know what we collect, to request deletion or correction, and to exercise these rights without discrimination. Submit requests to privacy@tirlio.app. In the event of a breach involving unsecured health information, we notify affected individuals in accordance with the FTC Health Breach Notification Rule.

14. Changes

We may update this Privacy Policy. The current version is always available here; we will notify you of material changes in an appropriate manner.

tirlio
Learning app for type 1 diabetes · Private beta.
Not a medical device. Not medical advice.
© 2026 Tirlio · Switzerland