Data Handling
What data PancreaTrack collects, where it is stored, and how it is protected.
What We Collect
| Data Type | Collected By | Purpose |
|---|---|---|
| Account information (name, email) | Registration | Authentication and account management |
| Health profile (diagnosis, medications) | Onboarding | Personalizing dashboard and defaults |
| Pain logs | Patient logging | Trend tracking and physician summaries |
| Meal logs and fat intake | Patient logging | Nutrition trend analysis |
| Bowel logs | Patient logging | Malabsorption monitoring |
| Lab values | Patient entry | Lab trend tracking |
| CGM glucose readings | Dexcom OAuth sync | Glucose trend display |
| Enzyme dose logs | Patient logging | PERT Optimizer recommendations |
| Physician notes | Provider entry | Clinical record (visible only to physician) |
What We Do Not Collect
- Social Security Numbers or government ID
- Insurance or billing information (Stripe handles payments; we receive only a subscriber status)
- Location data beyond what you voluntarily enter
- Device contacts, camera, or microphone access
- Third-party advertising data
Where Data Is Stored
All PancreaTrack data is stored in a MySQL database hosted on servers located in the United States. Glucose data synced from Dexcom is stored in the same database after being retrieved from the Dexcom API — we do not retain Dexcom OAuth tokens beyond the session.
Encryption
- In transit: All communication between your browser and PancreaTrack is encrypted via TLS (HTTPS).
- At rest: Database encryption is on the security roadmap. See the HIPAA Roadmap for planned milestones.
- Passwords: Passwords are hashed using bcrypt and are never stored in plaintext. PancreaTrack staff cannot read your password.
Data Sharing
PancreaTrack does not sell, rent, or share your health data with third parties for commercial purposes. The only external data flows are:
- Anthropic (Claude AI) — when you generate AI summaries, your logged data is sent to Anthropic's API. Anthropic's data processing terms apply. Data is not used to train AI models (per Anthropic's API terms).
- Dexcom — OAuth authentication and glucose data retrieval. Your Dexcom credentials are never shared with PancreaTrack.
- Stripe — payment processing. Stripe receives payment information; PancreaTrack receives only your subscription status.
- Your linked physicians — providers you explicitly link can read your logged health data as described in Provider Access Controls.
Data Retention
Your data is retained as long as your account is active. If you delete your account, all personally identifiable data is permanently removed within 30 days. See Account Deletion for details.