Diabetic Alert Dog Log · Privacy Policy
Effective date: May 24, 2026
1. Who we are
Handler Labs LLC ("Handler Labs," "we," or "us") is an independent iOS software studio that builds training-log apps for service dog handlers. We can be reached at [email protected]. This policy covers Diabetic Alert Dog Log.
We are the data controller (we decide what information the app records and why). Your records are stored on your device and synced to your own private iCloud, which we cannot access. Apple provides that iCloud and CloudKit storage as part of your own Apple account; to the extent Apple processes data on our behalf through CloudKit, it does so as our processor under Apple's data-processing terms.
2. Our privacy principle
Your data lives in your iCloud account. We cannot see it, access it, or sell it.
Every record you log stays in your private Apple CloudKit database, which is the same infrastructure Apple uses for your own iCloud data. Handler Labs has no server, no database, and no account system. We have no technical means of accessing your records even if we wanted to.
3. What data the app stores
Depending on the app, this may include:
- Dog profiles (name, breed, date of birth, photo)
- Training session records (date, task type, duration, outcome, notes)
- Alert events (timestamp, result, the single glucose value at the moment of the alert, notes)
- A single HealthKit-sourced reading per alert event (a snapshot value, not a continuous trace)
- Scent sample inventory records
- Handler notes and custom fields
All of this is stored with iOS Data Protection (encrypted at rest when your device is locked) and synced via your private CloudKit database. Only devices signed in with your Apple ID can access it.
4. HealthKit data
Diabetic Alert Dog Log requests read-only access to the following HealthKit data type:
- Blood Glucose
The app never writes to HealthKit. It reads HealthKit only when you log an alert event (to capture the value at that moment) or when you open a report view that shows context around an alert.
How HealthKit data is handled:
- Single values at the moment of an alert are stored alongside the alert record so the record stands on its own. These single values sync via your private CloudKit database.
- The continuous CGM trace (the curve over time) is never copied or persisted. It is re-fetched on demand from HealthKit when you view or export a report and remains on your device. It is never synced to CloudKit and never leaves your device.
- HealthKit data is never transmitted to Handler Labs or any third party. It is not used for advertising, marketing, data mining, or any purpose other than displaying information within the app to you. This complies with Apple's HealthKit guidelines.
You can revoke HealthKit access at any time: Settings → Health → Data Access & Devices → Diabetic Alert Dog Log.
5. What we do not collect
- No user accounts or registration; there is no Handler Labs account system
- No names, email addresses, or contact information sent to us
- No location data
- No advertising identifiers (IDFA/IDFV)
- No device fingerprinting
- We do not sell or share personal data for cross-context behavioral advertising. We do not sell, license, or broker any data to third parties, ever.
6. Analytics
The app sends anonymous usage events to TelemetryDeck. These events are things like "a session was logged" or "the export feature was used." They contain no health data, no personal information, no dog names, and no record content of any kind.
TelemetryDeck uses a privacy-preserving architecture that hashes any device identifiers before transmission, making individual users unidentifiable. We use these aggregate signals only to understand which features are used and to prioritize development.
TelemetryDeck acts as our data processor for these anonymous analytics, handling the signals on our behalf under its data-processing terms. It does not retain IP addresses and does not build a profile of you across apps or websites.
7. In-app purchases
Pro upgrades are processed entirely by Apple through Apple StoreKit. We receive a confirmation that a purchase was made and its entitlement status. We never receive your payment details, Apple ID, or billing information. Purchase receipts are validated locally on-device or via Apple's servers; no purchase data passes through Handler Labs infrastructure.
8. Data sharing and export
When you export a PDF summary or a JSON backup, that file is created entirely on your device and shared only when you choose to, using the iOS share sheet. Nothing is automatically uploaded or sent anywhere. You control every export.
9. Your control and data deletion
- Export your records: Settings → Export All Data exports a JSON backup of every record in your account.
- Delete records: Delete individual records or all data from within the app. Settings → Delete All Data wipes every record and propagates the deletion to your iCloud private database.
- Delete the app: Deleting the app removes local data. To also remove iCloud data, use Delete All Data first, or go to Settings → [your name] → iCloud → Manage Account Storage and remove app data there.
- Revoke HealthKit access: Settings → Health → Data Access & Devices → Diabetic Alert Dog Log. This does not delete previously associated readings from your training log, but the app will no longer read new data from HealthKit.
10. Your privacy rights
If you are in the European Economic Area, the United Kingdom, or any jurisdiction with comparable data protection rights, you have the following rights regarding your personal data under the EU General Data Protection Regulation (GDPR) and equivalent laws:
- Right of access: use Settings → Export All Data to obtain a complete copy of your records in JSON format.
- Right to rectification: edit any record directly in the app to correct inaccurate information.
- Right to erasure ("right to be forgotten"): use Settings → Delete All Data to remove all your records from the app and from your iCloud private database.
- Right to data portability: the JSON export from Settings → Export All Data is in a structured, machine-readable format you can take to another service.
- Right to restrict or object to processing and right to withdraw consent: you can revoke HealthKit access in iOS Settings at any time, stop using the app, and request deletion. To submit a written data subject request (for example, a record of processing or formal confirmation of erasure), email [email protected]. We will respond within 30 days.
HealthKit and Article 9 special-category data. Where applicable, health data read from HealthKit is processed only with your explicit consent, granted when you authorize HealthKit access on first launch. You may withdraw consent at any time through iOS Settings as described above; withdrawal does not affect processing performed before withdrawal.
Age requirement. The app is intended for users aged 17 and older. If you are under 17, do not use the app or provide any information through it. See also Children's Privacy below.
11. State-specific notices for US residents
California residents (CCPA/CPRA). Handler Labs does not currently meet the revenue or volume thresholds that trigger CCPA/CPRA applicability. Even so, we voluntarily honor the core California rights:
- Right to know what personal information we hold: see Section 3. (We hold what is in your private iCloud, which we cannot read.)
- Right to delete: Settings → Delete All Data.
- Right to opt out of sale or sharing for cross-context behavioral advertising: not applicable. We do not sell or share personal data for cross-context behavioral advertising, ever.
- Right to non-discrimination for exercising any of the above.
California CMIA. For California users, Handler Labs treats your training records as confidential medical information and does not disclose them without your express authorization, consistent with the California Confidentiality of Medical Information Act (Civil Code §56 et seq.), including the §56.06 standard that applies the Act's confidentiality requirements to a consumer health application.
Washington residents (My Health My Data Act). Washington's MHMDA (RCW 19.373) requires a separate Consumer Health Data Privacy Policy. See our Consumer Health Data Privacy Policy for the disclosures and rights specific to Washington residents.
12. Security and breach notification
We protect your data using Apple's built-in security: iOS Data Protection encryption, CloudKit private-database isolation, and the App Sandbox. Because we hold no server-side copy of your records, the surface area for a breach on our side is effectively zero.
If we become aware of a security breach affecting your data, we will notify affected users without unreasonable delay and no later than 60 days after discovery, consistent with the FTC Health Breach Notification Rule (16 CFR Part 318, expanded in 2024 to cover health and wellness apps). Because we do not collect your email or other contact information, that notice will be delivered through an in-app message and a prominent notice on handlerlabs.app, and we will make any notifications to the FTC or media that the rule requires.
13. App Privacy Label
Apple requires every app to declare what data it collects. For Diabetic Alert Dog Log, our declaration is Data Not Linked to You: Usage Data. The anonymous usage events described in the Analytics section are not connected to your identity and cannot be used to track you across apps or websites.
14. Children's privacy
The app is intended for users aged 17 and older. In some cases a parent or caregiver may use the app to log work performed by a service dog assigned to a minor. In that case, the parent or caregiver is the user of the app, and the minor's information stays in the parent's iCloud account, under the parent's control. Handler Labs does not knowingly collect personal information directly from anyone under 17.
If you believe we have inadvertently received personal information about a child, contact us at [email protected] and we will address it promptly.
15. Changes to this policy
If we make material changes to this policy, we will update the effective date above and, where feasible, provide notice within the app. Continued use of the app after the updated policy is posted constitutes acceptance of the changes. For changes that materially expand data collection, we will require fresh consent before the new collection begins.
16. Contact
Questions about this policy or your data? Email us at [email protected]. We aim to respond within 3 business days, and within 30 days for any formal data subject request.